state param

[jnevelson]

Having an issue implementing this gem for OAuth2 authentication. I've been getting errors when redirecting to LinkedIn's auth site. Upon investigating further, it seems that the state param is required[1] to be present in the URL.

I've gone through the source of this gem and see no reference to state. Using this PR #6 fixes the problem (when I pass in the state), but I'm confused about the implementation of it. The wording of it makes it seem like state is optional, but it says that it is required in LinkedIn's documentation. Am I missing something? How is this gem working for anybody in its current implementation?

Thanks!

[1]http://developer.linkedin.com/documents/authentication

[heythisisnate]

Sorry for the delayed response, I didn't see this until now.
I believe the state param is added automatically by OmniAuth::Strategies::OAuth2 which this gem's strategy inherits from. You shouldn't need to ever manually add it. See: https://github.com/intridea/omniauth-oauth2/blob/master/lib/omniauth/strategies/oauth2.rb#L53

Please be sure that you're using the latest version of the omniauth-oauth2 dependency along with this gem in your application. Let me know if this is still a problem.

[gaurav-shetty]

I am facing the same issue. I have a ROR app and I have included oauth2, ominauth and ominiauth-oauth2 gems in my gemfile so I am sure that the latest versions are being used. I was only able to fix this problem my manually setting the options.authorize_params[:state] in a lambda in the setup phase.

[jnevelson]

@gaurav-shetty that is exactly what I ended up doing.

[Arepo]

I just encountered this problem too, but in my case I need to use the state param for its secondary 'round trip' purpose: https://auth0.com/docs/protocols/oauth2/oauth-state, so setting it at an application level doesn't make any sense