fix: use client.site instead of the callback_url

By using client.site instead of callback_url we can preserve any query string parameters that could be included within the site key and also configured in the callback url within the user pool client app

lib/omniauth/strategies/cognito_idp.rb

@@ -67,7 +67,7 @@ class CognitoIdP < OmniAuth::Strategies::OAuth2
       def build_access_token
         client.auth_code.get_token(
           request.params['code'],
-          { redirect_uri: callback_url.split('?').first }.merge(token_params.to_hash(symbolize_keys: true)),
+          { redirect_uri: client.site }.merge(token_params.to_hash(symbolize_keys: true)),
           deep_symbolize(options.auth_token_params)
         )
       end

spec/omniauth/strategies/cognito_idp_spec.rb

@@ -31,7 +31,7 @@
       end
     end
 
-    let(:oauth_client) { double('OAuth2::Client', auth_code: auth_code) }
+    let(:oauth_client) { double('OAuth2::Client', auth_code: auth_code, site: "http://localhost/auth/cognito-idp/callback") }
     let(:auth_code) { double('OAuth2::AuthCode', get_token: access_token_object) }
     let(:access_token_object) { double('OAuth2::AccessToken') }
     let(:callback_url) { 'http://localhost/auth/cognito-idp/callback?code=1234' }
@@ -57,7 +57,7 @@
     let(:env) { {} }
     let(:request) { double('Rack::Request', params: {'state' => strategy.session['omniauth.state']}) }
     let(:session) { { 'omniauth.state' => 'some_state' } }
-    let(:oauth_client) { double('OAuth2::Client', auth_code: auth_code) }
+    let(:oauth_client) { double('OAuth2::Client', auth_code: auth_code, site: "http://localhost/auth/cognito-idp/callback") }
     let(:auth_code) { double('OAuth2::AuthCode') }
     let(:access_token_object) { OAuth2::AccessToken.from_hash(oauth_client, token_hash) }