Passing parameters through OmniAuth

Question

I need to pass some parameters to callback action. Judging from the source code, OmniAuth should add query string to callback URL but strangely it does not. When I open

/auth/facebook?from=partner

...and get redirected to Facebook, return_url is just

/auth/facebook/callback

...without any parameters.

Answer 1

After struggling with all the above answers, I figured out what to do regarding Facebook, which by default does not display the params in request.env["omniauth.auth"].

So -- If you are using a query string for the callback, similar to something like this:

"/auth/facebook?website_id=#{@website.id}"

The only way to get that website_id param is by using request.env["omniauth.params"]. NOTE: MAKE SURE YOU USE omniauth.params and not omniauth.auth -- this one tripped me up for a while.

Then, to test this out, you can inspect it within your controller action (notice the RAISE line...):

def create
  raise request.env["omniauth.params"].to_yaml 
  # the rest of your create action code...
end

You should see your parameter there. Great. Now, go back to your controller and remove that RAISE line. Then, you can access the param as follows in your controller action:

params = request.env["omniauth.params"]
website_id = params["website_id"]

NOTE: in params["website_id"] you need to use quotes and NOT a symbol.

Answer 2

I guess the cookie thing works but why do all that when you can use the state variable as documented here: https://github.com/mkdynamic/omniauth-facebook

This is how I used it:

when creating the url you can just add state in the Query String and it will be available in the callback url as well.

user_omniauth_authorize_path(:facebook, :display => 'page', :state=>'123') %>

now the callback url will be

http://localhost:3000/users/auth/facebook/callback?state=123&code=ReallyLongCode#_=_

Now in the callback handler you can process the state

Answer 3

You can use the :params options, as in

omniauth_authorize_path(:user, :facebook, var: 'value', var2: 'value2' )

and later in the callback you can access request.env['omniauth.params'] to get the hash! :)

(copied from this answer)

Answer 4

What you want to do is dynamically set your callback to include the partner name in the url (not the url parameters), on a per authentication transaction basis, depending on which partner was involved. This means setting the callback url dynamically, for each authentication request. See this blog post to get started. The callback url automatically drops the url parameters, as you've noticed, so doing this with parameters won't work.

So, if instead of trying to pass the partner name/id in as a parameter (which is dropped), you structured your routes so that the partner_id and OmniAuth provider were part of the callback url, then you'd have something like:

/auth/:omniauth_provider/callback/:partner_id

...where a valid callback would be something like

/auth/facebook/callback/123456

...then you would know that a given callback came in from facebook, with partner id 123456