RubyGems - standard_id - Versions diffs - 0.18.0 → 0.19.0 - Mend

standard_id 0.18.0 → 0.19.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/app/controllers/standard_id/api/oauth/callback/providers_controller.rb +17 -0
data/lib/standard_id/version.rb +1 -1
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e940f3a408f896e103acb15090e6dbbe52500265942d2160ee5973b2b2ee6754
-  data.tar.gz: 5fba33203f9c224003a98df57939ba6aee1d82db5329b6d476a6dd0b22c2c6a2
+  metadata.gz: 3d3af31455bcc5b445cb7398d0d4bc2d4fac8ee7e246bcdc437796419af80284
+  data.tar.gz: 167ef5777acbc1de9bf7ecbb9d9e30f95597094566b6268f48c56d1d462c8d37
 SHA512:
-  metadata.gz: f6ff1ad388785ef7f39f0b762c9dc9698dbe2466f62ec7c6383c91351dfb364bd3f63cdd690047e977b5ffc82bcf2ca049cde0e22c6ac774dba6fab0d5ef22c5
-  data.tar.gz: d57fe7efc78a2daed02cd7912b346ab8f631d71c8446f1421909fab440d4b86a2c96e60d866cefa51fb6602de69ae7a952065f24261d1e317e7ca823ee316883
+  metadata.gz: 68bf2f44b3791c46a08500da1c2c91e0878c4b7b009a810fc761d450aeffdc5c007bf2ecef3e2b1a1193ad09313aac528489925215ec7cb23bdbbdef8df4d3c3
+  data.tar.gz: d5116af139011d0cc8d5955489f751bf3dc8592e5e5474b55ce62178add8d828041e952f272a79a52adf7e20238dac02cadd22a8faa28b49277d789320b5897f

data/app/controllers/standard_id/api/oauth/callback/providers_controller.rb CHANGED Viewed

@@ -8,6 +8,16 @@ module StandardId
         skip_before_action :validate_content_type!
+        # OAuth-flow params consumed by this controller and the SocialFlow.
+        # Everything else is forwarded to SOCIAL_AUTH_COMPLETED subscribers as
+        # `original_request_params` so host apps can attach attribution
+        # (UTM, campaign IDs, deep-link slugs) to the signing-in account.
+        RESERVED_CALLBACK_PARAMS = %w[
+          id_token code scope scopes audience redirect_uri flow
+          state nonce provider controller action format
+          authenticity_token utf8 _method
+        ].freeze
         def callback
           provider_response = get_user_info_from_provider(flow: resolve_flow_for(provider.provider_name))
           social_info = provider_response[:user_info]
@@ -28,6 +38,7 @@ module StandardId
             social_info:,
             provider_tokens:,
             account:,
+            original_request_params: forwarded_request_params
           )
           render json: token_response, status: :ok
         end
@@ -40,6 +51,12 @@ module StandardId
           flow_param = params[:flow].to_s.downcase
           flow_param == "web" ? :web : :mobile
         end
+        # The `except` list is the trust boundary — non-reserved values are
+        # host-supplied opaque attribution data, never interpreted by the gem.
+        def forwarded_request_params
+          params.to_unsafe_h.stringify_keys.except(*RESERVED_CALLBACK_PARAMS)
+        end
       end
     end
   end

data/lib/standard_id/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module StandardId
-  VERSION = "0.18.0"
+  VERSION = "0.19.0"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: standard_id
 version: !ruby/object:Gem::Version
-  version: 0.18.0
+  version: 0.19.0
 platform: ruby
 authors:
 - Jaryl Sim