how to add state param for Uberauth in Elixir - Shopify - PhpOut

kritik
March 9, 2019
200 views
0 votes
2 Answers

During oAuth process it’s good to set state param to authorize url for security. When I checked Überauth Shopify https://github.com/kodehort/ueberauth_shopify/blob/master/lib/ueberauth/strategy/shopify.ex#L88 it is sent to shopify.

But I don’t understand how I need to set this state param in my Phoenix application that Shopify would get it. Any suggestions?

Tags: elixir omniauth phoenix-framework ueberauth

Answers

- JonasDellinger
- March 9, 2019 at 6:22 pm
- 0 votes
0
You supply state in the URL you’re passing to Ueberauth (In the same way, scopes are passed as well)

Depending on your router setup, with the default being:
```
pipeline :auth do
  Ueberauth.plug "/auth"
end

scope "/auth" do
  pipe_through [:browser, :auth]

  get "/:provider/callback", AuthController, :callback
end
```
you supply scopes and state by redirecting your user to the specified auth URL:

/auth/shopify?scopes=read_orders%20read_products&state=yourSuperSecretState

or without any scopes:

/auth/shopify?state=yourSuperSecretState
Login or Signup to reply.

- KevinJohnson
- July 11, 2021 at 9:22 pm
- 0 votes
0
Since recent, Ueberauth auto-sets and checks it for you by default, to protect you from CSRF.

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.