| 66 | 66 |
{ :params => params }
|
| 67 | 67 |
end
|
| 68 | 68 |
|
|
69 |
def callback_phase
|
|
70 |
super
|
|
71 |
rescue NoAuthorizationCodeError => e
|
|
72 |
fail!(:no_authorization_code, e)
|
|
73 |
rescue UnknownSignatureAlgorithmError => e
|
|
74 |
fail!(:unknown_signature_algoruthm, e)
|
|
75 |
end
|
|
76 |
|
|
77 |
def request_phase
|
|
78 |
if signed_request_contains_access_token?
|
|
79 |
# if we already have an access token, we can just hit the
|
|
80 |
# callback URL directly and pass the signed request along
|
|
81 |
params = { :signed_request => raw_signed_request }
|
|
82 |
query = Rack::Utils.build_query(params)
|
|
83 |
|
|
84 |
url = callback_url
|
|
85 |
url << "?" unless url.match(/\?/)
|
|
86 |
url << "&" unless url.match(/[\&\?]$/)
|
|
87 |
url << query
|
|
88 |
|
|
89 |
redirect url
|
|
90 |
else
|
|
91 |
super
|
|
92 |
end
|
|
93 |
end
|
|
94 |
|
|
95 |
# NOTE if we're using code from the signed request
|
|
96 |
# then FB sets the redirect_uri to '' during the authorize
|
|
97 |
# phase + it must match during the access_token phase:
|
|
98 |
# https://github.com/facebook/php-sdk/blob/master/src/base_facebook.php#L348
|
|
99 |
def callback_url
|
|
100 |
if @authorization_code_from_signed_request
|
|
101 |
''
|
|
102 |
else
|
|
103 |
options[:callback_url] || super
|
|
104 |
end
|
|
105 |
end
|
|
106 |
|
|
107 |
def access_token_options
|
|
108 |
options.access_token_options.inject({}) { |h,(k,v)| h[k.to_sym] = v; h }
|
|
109 |
end
|
|
110 |
|
|
111 |
##
|
|
112 |
# You can pass +display+, +scope+, or +auth_type+ params to the auth request, if
|
|
113 |
# you need to set them dynamically. You can also set these options
|
|
114 |
# in the OmniAuth config :authorize_params option.
|
|
115 |
#
|
|
116 |
# /auth/facebook?display=popup
|
|
117 |
#
|
|
118 |
def authorize_params
|
|
119 |
super.tap do |params|
|
|
120 |
%w[display scope auth_type].each do |v|
|
|
121 |
if request.params[v]
|
|
122 |
params[v.to_sym] = request.params[v]
|
|
123 |
end
|
|
124 |
end
|
|
125 |
|
|
126 |
params[:scope] ||= DEFAULT_SCOPE
|
|
127 |
end
|
|
128 |
end
|
|
129 |
|
|
130 |
##
|
|
131 |
# Parse signed request in order, from:
|
|
132 |
#
|
|
133 |
# 1. the request 'signed_request' param (server-side flow from canvas pages) or
|
|
134 |
# 2. a cookie (client-side flow via JS SDK)
|
|
135 |
#
|
|
136 |
def signed_request
|
|
137 |
@signed_request ||= raw_signed_request &&
|
|
138 |
parse_signed_request(raw_signed_request)
|
|
139 |
end
|
|
140 |
|
|
141 |
protected
|
|
142 |
|
| 69 | 143 |
def build_access_token
|
| 70 | 144 |
if signed_request_contains_access_token?
|
| 71 | 145 |
hash = signed_request.clone
|
|
| 79 | 153 |
token.options.merge!(access_token_options)
|
| 80 | 154 |
end
|
| 81 | 155 |
end
|
| 82 | |
end
|
| 83 | |
|
| 84 | |
def callback_phase
|
| 85 | |
super
|
| 86 | |
rescue NoAuthorizationCodeError => e
|
| 87 | |
fail!(:no_authorization_code, e)
|
| 88 | |
rescue UnknownSignatureAlgorithmError => e
|
| 89 | |
fail!(:unknown_signature_algoruthm, e)
|
| 90 | |
end
|
| 91 | |
|
| 92 | |
def request_phase
|
| 93 | |
if signed_request_contains_access_token?
|
| 94 | |
# if we already have an access token, we can just hit the
|
| 95 | |
# callback URL directly and pass the signed request along
|
| 96 | |
params = { :signed_request => raw_signed_request }
|
| 97 | |
query = Rack::Utils.build_query(params)
|
| 98 | |
|
| 99 | |
url = callback_url
|
| 100 | |
url << "?" unless url.match(/\?/)
|
| 101 | |
url << "&" unless url.match(/[\&\?]$/)
|
| 102 | |
url << query
|
| 103 | |
|
| 104 | |
redirect url
|
| 105 | |
else
|
| 106 | |
super
|
| 107 | |
end
|
| 108 | |
end
|
| 109 | |
|
| 110 | |
# NOTE if we're using code from the signed request
|
| 111 | |
# then FB sets the redirect_uri to '' during the authorize
|
| 112 | |
# phase + it must match during the access_token phase:
|
| 113 | |
# https://github.com/facebook/php-sdk/blob/master/src/base_facebook.php#L348
|
| 114 | |
def callback_url
|
| 115 | |
if @authorization_code_from_signed_request
|
| 116 | |
''
|
| 117 | |
else
|
| 118 | |
options[:callback_url] || super
|
| 119 | |
end
|
| 120 | |
end
|
| 121 | |
|
| 122 | |
def access_token_options
|
| 123 | |
options.access_token_options.inject({}) { |h,(k,v)| h[k.to_sym] = v; h }
|
| 124 | |
end
|
| 125 | |
|
| 126 | |
##
|
| 127 | |
# You can pass +display+, +scope+, or +auth_type+ params to the auth request, if
|
| 128 | |
# you need to set them dynamically. You can also set these options
|
| 129 | |
# in the OmniAuth config :authorize_params option.
|
| 130 | |
#
|
| 131 | |
# /auth/facebook?display=popup
|
| 132 | |
#
|
| 133 | |
def authorize_params
|
| 134 | |
super.tap do |params|
|
| 135 | |
%w[display scope auth_type].each do |v|
|
| 136 | |
if request.params[v]
|
| 137 | |
params[v.to_sym] = request.params[v]
|
| 138 | |
end
|
| 139 | |
end
|
| 140 | |
|
| 141 | |
params[:scope] ||= DEFAULT_SCOPE
|
| 142 | |
end
|
| 143 | |
end
|
| 144 | |
|
| 145 | |
##
|
| 146 | |
# Parse signed request in order, from:
|
| 147 | |
#
|
| 148 | |
# 1. the request 'signed_request' param (server-side flow from canvas pages) or
|
| 149 | |
# 2. a cookie (client-side flow via JS SDK)
|
| 150 | |
#
|
| 151 | |
def signed_request
|
| 152 | |
@signed_request ||= raw_signed_request &&
|
| 153 | |
parse_signed_request(raw_signed_request)
|
| 154 | 156 |
end
|
| 155 | 157 |
|
| 156 | 158 |
private
|