-
-
Notifications
You must be signed in to change notification settings - Fork 970
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to pass different policy-name or params for authorize-url #1026
Comments
I'm not 100% sure what your use case is, but typically password reset would be handled by the oauth provider, so your login link would take them to the provider's login page which itself should have a password reset workflow |
We have a user flow defined for sign-in and password reset in the azure B2C portal. The login link will take to the provider's login page and when user clicks on "reset password", the password reset user flow should be called and this is done via post call to "/auth/< provider >/' where authorize-url should have '/< tenant-name >/< abc-PSWD-RESET>/oauth2/v2.0/authorize'/ end point instead of '/< tenant-name >/< abc-sign-in>/oauth2/v2.0/authorize/'. How can I achieve this? Any help would be greatly appreciated. Thanks |
Unfortunately I do not know enough about the azure graph workflow in general to give you a direct solution 😕 |
Is there a way to customise the authorize-url value which will be defined in the OAuth2 Strategy for different scenarios? `
|
@BobbyMcWho def request_phase Now I am facing issue for to do the same thing for token_url . I am using omniauth-oauth2 gem and I don't see anywhere to stub this token_url based on policy name just like authorize_url. When I did a deeper look , its been used in OAuth2 gem and I am not sure how to overriden token_url end point? I tried to override in the request_phase method but option :client_options defined in Strategy file gets initialized on callback phase. Any idea on how it has to be tackled? |
Please complete all sections.
Configuration
omniauth-*
2.6.3
Rails 6
Windows
Expected Behavior
I would like to customize the authorize-url to include different policy-name defined for sign-in and password reset.
authorize-url looks like :
authorize_url: '/< tenant-name >/< policy-name >/oauth2/v2.0/authorize'
Tell us what should happen.
Actual Behavior
User will be redirected to login page via '/auth/microsoft_graph_auth'
i.e
<%= link_to "Click here to sign in", "/auth/microsoft_graph_auth", method: :post, class: "btn btn-primary btn-large" %>
This will invoke the authorize-url defined in the Strategy file . How do we define different policy name for sign-in and password reset link to work?
In this case,
Sign-in:
authorize_url: '/< tenant-name >/< abc-sign-in >/oauth2/v2.0/authorize'
Password reset:
authorize_url: '/< tenant-name >/< abc-PSWD-RESET>/oauth2/v2.0/authorize
The text was updated successfully, but these errors were encountered: