how to add state param for Uberauth in Elixir

613 Views Asked by kritik At 20 October 2024 at 22:48

During oAuth process it's good to set state param to authorize url for security. When I checked Überauth Shopify https://github.com/kodehort/ueberauth_shopify/blob/master/lib/ueberauth/strategy/shopify.ex#L88 it is sent to shopify.

But I don't understand how I need to set this state param in my Phoenix application that Shopify would get it. Any suggestions?

Original Q&A

There are 2 best solutions below

Jonas Dellinger On 09 March 2019 at 17:22 BEST ANSWER

You supply state in the URL you're passing to Ueberauth (In the same way, scopes are passed as well)

Depending on your router setup, with the default being:

pipeline :auth do
  Ueberauth.plug "/auth"
end

scope "/auth" do
  pipe_through [:browser, :auth]

  get "/:provider/callback", AuthController, :callback
end

you supply scopes and state by redirecting your user to the specified auth URL:

/auth/shopify?scopes=read_orders%20read_products&state=yourSuperSecretState

or without any scopes:

/auth/shopify?state=yourSuperSecretState

Kevin Johnson On 11 July 2021 at 19:22

Since recent, Ueberauth auto-sets and checks it for you by default, to protect you from CSRF.

how to add state param for Uberauth in Elixir

There are 2 best solutions below

Related Questions in ELIXIR

Related Questions in PHOENIX-FRAMEWORK

Related Questions in OMNIAUTH

Related Questions in UEBERAUTH

Trending Questions

Popular # Hahtags

Popular Questions