fix: use client.site instead of the callback_url

By using client.site instead of callback_url we can preserve any query string parameters that could be included within the site key and also configured in the callback url within the user pool client app
Sage · Mar 27, 2024 · 507b859 · 507b859
1 parent 9881dbc
commit 507b859
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/lib/omniauth/strategies/cognito_idp.rb b/lib/omniauth/strategies/cognito_idp.rb
@@ -67,7 +67,7 @@ class CognitoIdP < OmniAuth::Strategies::OAuth2
       def build_access_token
         client.auth_code.get_token(
           request.params['code'],
-          { redirect_uri: callback_url.split('?').first }.merge(token_params.to_hash(symbolize_keys: true)),
+          { redirect_uri: client.site }.merge(token_params.to_hash(symbolize_keys: true)),
           deep_symbolize(options.auth_token_params)
         )
       end

diff --git a/spec/omniauth/strategies/cognito_idp_spec.rb b/spec/omniauth/strategies/cognito_idp_spec.rb
@@ -11,6 +11,7 @@
   let(:options) { {} }
   let(:client_id) { 'ABCDE' }
   let(:client_secret) { '987654321' }
+  let(:site) { "http://localhost/auth/cognito-idp/callback" }
 
   around do |example|
     OmniAuth.config.test_mode = true
@@ -31,10 +32,10 @@
       end
     end
 
-    let(:oauth_client) { double('OAuth2::Client', auth_code: auth_code) }
+    let(:oauth_client) { double('OAuth2::Client', auth_code: auth_code, site: site) }
     let(:auth_code) { double('OAuth2::AuthCode', get_token: access_token_object) }
     let(:access_token_object) { double('OAuth2::AccessToken') }
-    let(:callback_url) { 'http://localhost/auth/cognito-idp/callback?code=1234' }
+    let(:callback_url) { "#{site}?code=1234" }
 
     let(:request) { double('Rack::Request', params: params) }
     let(:params) { { 'code' => '12345' } }
@@ -57,7 +58,7 @@
     let(:env) { {} }
     let(:request) { double('Rack::Request', params: {'state' => strategy.session['omniauth.state']}) }
     let(:session) { { 'omniauth.state' => 'some_state' } }
-    let(:oauth_client) { double('OAuth2::Client', auth_code: auth_code) }
+    let(:oauth_client) { double('OAuth2::Client', auth_code: auth_code, site: site) }
     let(:auth_code) { double('OAuth2::AuthCode') }
     let(:access_token_object) { OAuth2::AccessToken.from_hash(oauth_client, token_hash) }