Skip to content

1.0.2
Compare
Choose a tag to compare
@jenksguo jenksguo released this 16 Apr 01:53
v1.0.2
bfdcbea

Xero OAuth 2.0 OmniAuth Strategy version 1.0.1 release.

Dependencies updated to:
omniauth-xero-oauth2 (1.0.1)
omniauth (~> 2.0.0)

As per documentation on OmniAuth 2.0.0 release notes, the following redirect method should be used for rails app:

<%= form_tag('/auth/developer', method: 'post') do %>
<button type='submit'>Login with Developer</button>
<% end %>

To prevent csrf attack, you will also need the following defined in your initialiser:

# Derived from https://github.com/cookpad/omniauth-rails_csrf_protection/blob/master/lib/omniauth/rails_csrf_protection/token_verifier.rb
# This specific implementation has been pared down and should not be taken as the most correct way to do this.
class TokenVerifier
  include ActiveSupport::Configurable
  include ActionController::RequestForgeryProtection

  def call(env)
    @request = ActionDispatch::Request.new(env.dup)
    raise OmniAuth::AuthenticityError unless verified_request?
  end

  private
  attr_reader :request
  delegate :params, :session, to: :request
end
# in an initializer
OmniAuth.config.request_validation_phase = TokenVerifier.new

The sample vanilla app for Xero OmniAuth Oauth 2.0 is updated.

Assets 2
Loading