FIX: Do not cause server error if OAuth2 callback phase fails

2018-11-15 17:31:03 +00:00 · 2018-11-15 17:31:03 +00:00 · c4335cc513
parent 1c56447c91
commit c4335cc513
1 changed files with 2 additions and 0 deletions
--- a/lib/omniauth_open_id_connect.rb
+++ b/lib/omniauth_open_id_connect.rb
@ -83,6 +83,8 @@ module ::OmniAuth
      def callback_phase
        discover! if options[:discovery]
        oauth2_callback_phase = super
+        return oauth2_callback_phase if env['omniauth.error']
+
        if id_token_info["nonce"].empty? || id_token_info["nonce"] != session.delete("omniauth.nonce")
          return fail!(:csrf_detected, CallbackError.new(:csrf_detected, "CSRF detected"))
        end