omniauth-facebook 1.3.0 → 1.4.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of omniauth-facebook might be problematic. Click here for more details.
data/README.md
CHANGED
@@ -34,6 +34,8 @@ You can configure several options, which you pass in to the `provider` method vi
|
|
34
34
|
|
35
35
|
* `scope`: A comma-separated list of permissions you want to request from the user. See the Facebook docs for a full list of available permissions: http://developers.facebook.com/docs/reference/api/permissions. Default: `email`
|
36
36
|
* `display`: The display context to show the authentication page. Options are: `page`, `popup` and `touch`. Read the Facebook docs for more details: https://developers.facebook.com/docs/reference/dialogs/oauth/. Default: `page`
|
37
|
+
* `auth_type`: Optionally specifies the requested authentication features as a comma-separated list, as per https://developers.facebook.com/docs/authentication/reauthentication/.
|
38
|
+
Valid values are `https` (checks for the presence of the secure cookie and asks for re-authentication if it is not present), and `reauthenticate` (asks the user to re-authenticate unconditionally). Default is `nil`.
|
37
39
|
* `secure_image_url`: Set to `true` to use https for the avatar image url returned in the auth hash. Default is `false`.
|
38
40
|
* `image_size`: Set the size for the returned image url in the auth hash. Valid options are `square` (50x50), `small` (50 pixels wide, variable height), `normal` (100 pixels wide, variable height), or `large` (about 200 pixels wide, variable height). Default is `square` (50x50).
|
39
41
|
|
@@ -54,7 +56,7 @@ You can also pass through a `state` param which will be passed along to the call
|
|
54
56
|
|
55
57
|
### Custom Callback URL/Path
|
56
58
|
|
57
|
-
You can set a custom `callback_url` or `callback_path` option to override the default value. See [OmniAuth::Strategy#callback_url](https://github.com/intridea/omniauth/blob/master/lib/omniauth/strategy.rb#
|
59
|
+
You can set a custom `callback_url` or `callback_path` option to override the default value. See [OmniAuth::Strategy#callback_url](https://github.com/intridea/omniauth/blob/master/lib/omniauth/strategy.rb#L411) for more details on the default.
|
58
60
|
|
59
61
|
## Auth Hash
|
60
62
|
|
@@ -120,7 +122,7 @@ When you call `/auth/facebook/callback` in the success callback of `FB.login` th
|
|
120
122
|
2. extract the authorization code contained in it
|
121
123
|
3. and hit Facebook and obtain an access token which will get placed in the `request.env['omniauth.auth']['credentials']` hash.
|
122
124
|
|
123
|
-
Note that this access token will be the same token obtained and available in the client through the hash [as
|
125
|
+
Note that this access token will be the same token obtained and available in the client through the hash [as detailed in the Facebook docs](https://developers.facebook.com/docs/authentication/client-side/).
|
124
126
|
|
125
127
|
## Canvas Apps
|
126
128
|
|
data/example/Gemfile.lock
CHANGED
@@ -24,7 +24,7 @@ module OmniAuth
|
|
24
24
|
:param_name => 'access_token'
|
25
25
|
}
|
26
26
|
|
27
|
-
option :authorize_options, [:scope, :display]
|
27
|
+
option :authorize_options, [:scope, :display, :auth_type]
|
28
28
|
|
29
29
|
uid { raw_info['id'] }
|
30
30
|
|
@@ -46,17 +46,10 @@ module OmniAuth
|
|
46
46
|
})
|
47
47
|
end
|
48
48
|
|
49
|
-
credentials do
|
50
|
-
prune!({
|
51
|
-
'expires' => access_token.expires?,
|
52
|
-
'expires_at' => access_token.expires_at
|
53
|
-
})
|
54
|
-
end
|
55
|
-
|
56
49
|
extra do
|
57
|
-
|
58
|
-
|
59
|
-
|
50
|
+
hash = {}
|
51
|
+
hash['raw_info'] = raw_info unless skip_info?
|
52
|
+
prune! hash
|
60
53
|
end
|
61
54
|
|
62
55
|
def raw_info
|
@@ -64,7 +57,12 @@ module OmniAuth
|
|
64
57
|
end
|
65
58
|
|
66
59
|
def build_access_token
|
67
|
-
if
|
60
|
+
if access_token = request.params["access_token"]
|
61
|
+
::OAuth2::AccessToken.from_hash(
|
62
|
+
client,
|
63
|
+
{"access_token" => access_token}.update(access_token_options)
|
64
|
+
)
|
65
|
+
elsif signed_request_contains_access_token?
|
68
66
|
hash = signed_request.clone
|
69
67
|
::OAuth2::AccessToken.new(
|
70
68
|
client,
|
@@ -245,16 +245,17 @@ describe OmniAuth::Strategies::Facebook do
|
|
245
245
|
describe '#raw_info' do
|
246
246
|
before :each do
|
247
247
|
@access_token = double('OAuth2::AccessToken')
|
248
|
-
subject.stub(:access_token) { @access_token }
|
249
248
|
end
|
250
249
|
|
251
250
|
it 'performs a GET to https://graph.facebook.com/me' do
|
251
|
+
subject.stub(:access_token) { @access_token }
|
252
252
|
@access_token.stub(:get) { double('OAuth2::Response').as_null_object }
|
253
253
|
@access_token.should_receive(:get).with('/me')
|
254
254
|
subject.raw_info
|
255
255
|
end
|
256
256
|
|
257
257
|
it 'returns a Hash' do
|
258
|
+
subject.stub(:access_token) { @access_token }
|
258
259
|
@access_token.stub(:get).with('/me') do
|
259
260
|
raw_response = double('Faraday::Response')
|
260
261
|
raw_response.stub(:body) { '{ "ohai": "thar" }' }
|
@@ -267,6 +268,7 @@ describe OmniAuth::Strategies::Facebook do
|
|
267
268
|
end
|
268
269
|
|
269
270
|
it 'returns an empty hash when the response is false' do
|
271
|
+
subject.stub(:access_token) { @access_token }
|
270
272
|
@access_token.stub(:get).with('/me') do
|
271
273
|
response = double('OAuth2::Response')
|
272
274
|
response.stub(:parsed => false)
|
@@ -274,6 +276,12 @@ describe OmniAuth::Strategies::Facebook do
|
|
274
276
|
end
|
275
277
|
subject.raw_info.should be_a(Hash)
|
276
278
|
end
|
279
|
+
|
280
|
+
it 'should not include raw_info in extras hash when skip_info is specified' do
|
281
|
+
@options = { :skip_info => true }
|
282
|
+
subject.stub(:raw_info) { { :foo => 'bar' } }
|
283
|
+
subject.extra.should_not have_key('raw_info')
|
284
|
+
end
|
277
285
|
end
|
278
286
|
|
279
287
|
describe '#credentials' do
|
@@ -463,6 +471,22 @@ describe OmniAuth::Strategies::Facebook do
|
|
463
471
|
result.expires_at.should eq(@payload['expires'])
|
464
472
|
end
|
465
473
|
end
|
474
|
+
|
475
|
+
describe 'params contain an access token string' do
|
476
|
+
before do
|
477
|
+
@request.stub(:params) do
|
478
|
+
{ 'access_token' => 'm4c0d3z' }
|
479
|
+
end
|
480
|
+
|
481
|
+
subject.stub(:callback_url) { '/' }
|
482
|
+
end
|
483
|
+
|
484
|
+
it 'returns a new access token' do
|
485
|
+
result = subject.build_access_token
|
486
|
+
result.should be_an_instance_of(::OAuth2::AccessToken)
|
487
|
+
result.token.should eq('m4c0d3z')
|
488
|
+
end
|
489
|
+
end
|
466
490
|
end
|
467
491
|
|
468
492
|
private
|
@@ -19,6 +19,11 @@ shared_examples 'an oauth2 strategy' do
|
|
19
19
|
subject.authorize_params['scope'].should eq('bar')
|
20
20
|
subject.authorize_params['foo'].should eq('baz')
|
21
21
|
end
|
22
|
+
|
23
|
+
it 'should exclude top-level options that are not passed' do
|
24
|
+
@options = { :authorize_options => [:bar] }
|
25
|
+
subject.authorize_params.should_not have_keys(:bar, 'bar')
|
26
|
+
end
|
22
27
|
end
|
23
28
|
|
24
29
|
describe '#token_params' do
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: omniauth-facebook
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.4.0
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2012-
|
12
|
+
date: 2012-06-24 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: omniauth-oauth2
|