From 9f28014eab0a4820ef46e3f7590bfbd26a9a7fd7 Mon Sep 17 00:00:00 2001 From: Daniel Batalla Date: Wed, 18 Sep 2024 21:18:44 -0300 Subject: [PATCH] Change request method strategy when checking the access token There is a known issue with the LinkedIn API (and other oAuth2 APIs too) when sending an access token provided in the body of a POST request that returns random REVOKED_ACCESS_TOKEN responses. The workaround is to provide the same access token via query params of a POST request instead. Thankfully, the `oauth2` gem already as a setting for that matter, and it's implemented in this commit. --- lib/omniauth/strategies/linkedin.rb | 3 ++- spec/omniauth/strategies/linkedin_spec.rb | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/omniauth/strategies/linkedin.rb b/lib/omniauth/strategies/linkedin.rb index 982307b..1e4a211 100644 --- a/lib/omniauth/strategies/linkedin.rb +++ b/lib/omniauth/strategies/linkedin.rb @@ -8,7 +8,8 @@ class LinkedIn < OmniAuth::Strategies::OAuth2 option :client_options, { :site => 'https://api.linkedin.com', :authorize_url => 'https://www.linkedin.com/oauth/v2/authorization?response_type=code', - :token_url => 'https://www.linkedin.com/oauth/v2/accessToken' + :token_url => 'https://www.linkedin.com/oauth/v2/accessToken', + :token_method => :post_with_query_string } option :scope, 'openid profile email' diff --git a/spec/omniauth/strategies/linkedin_spec.rb b/spec/omniauth/strategies/linkedin_spec.rb index 715977f..9b533d0 100644 --- a/spec/omniauth/strategies/linkedin_spec.rb +++ b/spec/omniauth/strategies/linkedin_spec.rb @@ -20,6 +20,10 @@ it 'has correct `token_url`' do expect(subject.client.options[:token_url]).to eq('https://www.linkedin.com/oauth/v2/accessToken') end + + it 'has a correct `token_method`' do + expect(subject.client.options[:token_method]).to eq(:post_with_query_string) + end end describe '#callback_path' do