Support networks that POST to the authorization callback

Created on 4 November 2023, 8 months ago

Problem/Motivation

Some providers, such as "Sign in with Apple", perform a POST request to the authorization callback / redirect URI and provide the state parameter in the POST body.

However, Social Auth's OAuth2ControllerBase::processCallback() currently assumes the state parameter is provided as a query argument, resulting in authorization failing and Social Auth outputting the message Login failed. Invalid OAuth2 state..

Proposed resolution

Instead of checking for state in Symfony\Component\HttpFoundation\Request::query (which provides only the query parameters), use Symfony\Component\HttpFoundation\Request::get (which checks both query parameters and POST body parameters).

Remaining tasks

Review attached patch.

User interface changes

n/a

API changes

n/a

Data model changes

n/a

✨ Feature request

Status

Needs review

Version

4.1

Component

Code

Created by

🇺🇸United States smokris Athens, Ohio, USA

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @smokris
Issue was unassigned.
Status changed to Needs review 8 months ago2:30pm 4 November 2023
Comment 8 months ago →
🇺🇸United States smokris Athens, Ohio, USA
Patch attached.

contrib.social Blog FAQ Discussions

Production build 0.69.0 2024