This repository was archived by the owner on Oct 5, 2023. It is now read-only.
This repository was archived by the owner on Oct 5, 2023. It is now read-only.
[Security] Support for the :state parameter required with omniauth-oauth2 v1.1 #43
Description
Hi,
A few days ago, a security update has been made to omniauth-oauth2, this one uses the :state parameter to mitigate CSRF. omniauth/omniauth-oauth2#18
However, it seem that devise_oauth2_providable doesn't handle this parameter as expected as it doesn't send it back in the callback.
A similar issue seems to be faced at omniauth/omniauth-oauth2#20