Class: StandardId::Api::Oauth::Callback::ProvidersController

Inherits:

BaseController

Object
ActionController::API
BaseController
BaseController
StandardId::Api::Oauth::Callback::ProvidersController

show all

Includes:: SocialAuthentication

Defined in:: app/controllers/standard_id/api/oauth/callback/providers_controller.rb

Constant Summary collapse

RESERVED_CALLBACK_PARAMS = OAuth-flow params consumed by this controller and the SocialFlow. Everything else is forwarded to SOCIAL_AUTH_COMPLETED subscribers as ‘original_request_params` so host apps can attach attribution (UTM, campaign IDs, deep-link slugs) to the signing-in account.

%w[
  id_token code scope scopes audience redirect_uri flow
  state nonce provider controller action format
  authenticity_token utf8 _method
].freeze

Constants included from SocialAuthentication

SocialAuthentication::VALID_LINK_STRATEGIES

Constants included from RateLimitHandling

RateLimitHandling::RATE_LIMIT_STORE

Instance Method Summary collapse

#callback ⇒ Object

Methods included from ControllerPolicy

all_controllers, authenticated_controllers, public_controllers, register, registry_snapshot, reset_registry!

Instance Method Details

#callback ⇒ `Object`

# File 'app/controllers/standard_id/api/oauth/callback/providers_controller.rb', line 21

def callback
  provider_response = get_user_info_from_provider(flow: resolve_flow_for(provider.provider_name))
  social_info = provider_response[:user_info]
  provider_tokens = provider_response[:tokens]
  account = find_or_create_account_from_social(social_info)

  flow = StandardId::Oauth::SocialFlow.new(
    params,
    request,
    account:,
    connection: provider.provider_name,
    scopes: params[:scope]
  )

  token_response = flow.execute
  run_social_callback(
    provider: provider.provider_name,
    social_info:,
    provider_tokens:,
    account:,
    original_request_params: forwarded_request_params
  )
  render json: token_response, status: :ok
end