Comments (4)
I think you're talking about OmniAuth, aren't you?
Actually, Facebook does not deliver extra information when you request the access token, this information is retrieved by another request that is made after you have the token. This is the same for all OAuth2 providers.
For example in omniauth-facebook
strategy, the extra info you mention is retrieved by a request to https://graph.facebook.com/me
:
# https://github.com/mkdynamic/omniauth-facebook/blob/master/lib/omniauth/strategies/facebook.rb
module OmniAuth
module Strategies
class Facebook < OmniAuth::Strategies::OAuth2
# ...
info do
prune!({
'nickname' => raw_info['username'],
'email' => raw_info['email'],
'name' => raw_info['name'],
# ...
})
end
# raw_info hash is another request to /me
def raw_info
@raw_info ||= access_token.get('/me').parsed
end
Same for omniauth-twitter
: https://github.com/arunagw/omniauth-twitter/blob/master/lib/omniauth/strategies/twitter.rb
So the extra hash is part of your API, not of doorkeeper.
from doorkeeper.
I'll try to find it again, but I explicitly remember couple months ago, the first hash that get's transmitted with a positive authorization contained that data, without an extra API call.
from doorkeeper.
Ok, now I know why that is. I used a weird version of fb_graph and I had to dig in and fork it and I thought its extra hash was served by facebook directly instead of the extra API call. Thank you for your prompt response, you guys are doing a tremendous job with this. If there is any work to be, let me know, I'll try to help as much as possible
from doorkeeper.
Cool! I also wrote a page in the wiki related to this OmniAuth issue.
https://github.com/applicake/doorkeeper/wiki/Create-a-OmniAuth-strategy-for-your-provider
Any feedback is appreciated.
from doorkeeper.
Related Issues (20)
- MAJOR ISSUE - matching_token_for not considering custom attributes HOT 1
- Issue with defining application_class in Doorkeeper config causing NoMethodError
- Do not recommend setting access_token_expires_in to nil HOT 1
- It is not possible to revoke refresh token bound to the expired access token HOT 3
- Enhancement: expose `current_resource_owner` to views
- Better support for credential rotation
- Always requiring `redirect_uri` is not compliant to RFC 6749 HOT 2
- NotImplementedError error response must define #exception_class after upgrading to 5.6.7 from 5.6.6 HOT 4
- NoMethodError: undefined method `name_for_response' since v5.6.8 HOT 3
- Doorkeeper::Errors::InvalidRedirectUri Raised When No Redirect URI Set HOT 2
- OpenId Connect - No e-mail information in the SSO response
- How do I know if an application has been authorized by a resource owner? HOT 1
- Regression with Errors in 5.6.8 HOT 5
- Refreshing a token sending scopes separated by `+` does not work
- Cleanup job removes not expired tokens HOT 1
- Different access grants return the same access token with `reuse_access_token` enabled
- Removing active_record_options was a breaking change HOT 1
- `Doorkeeper::AccessToken.find_or_create_for` with empty scopes raises NoMethodError HOT 6
- Token revocation error when token contains null byte. HOT 2
- Doorkeeper is loading ActiveRecord too early HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from doorkeeper.