support OmniAuth 2.0 series #16
Description
OmniAuth 2.0 was released includes to resolved CSRF vulnerability CVE-2015-9284 and some behaviors changed.
See below the release note for details.
https://github.com/omniauth/omniauth/releases/tag/v2.0.0
If an OmniAuth Strategy has overridden callback_url, it is needed to follow changes because of
the callback_path changes.
I think this library is also the target.
https://github.com/ginjo/omniauth-slack/blob/master/lib/omniauth/strategies/slack.rb#L199
In case of using OmniAuth 2.0 and script_name, the redirect url now includes the script_name twice so it might occur redirect url mismatch error.
I suggest this library should release 2 versions for correspond to OmniAuth 1.x and 2.0 series.
- Release 2.5.1 bumped micro version as support for OmniAuth 1.x.
- Release 3.0.0 bumped major version as support for OmniAuth 2.0 series.
I’m going to make pull requests.