From bf4f736971aa0ef4165738032826b9c37a760f60 Mon Sep 17 00:00:00 2001 From: richardonrails Date: Sun, 9 Aug 2020 10:41:40 -0400 Subject: [PATCH 1/3] Fix README typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 947961f..c3a4816 100644 --- a/README.md +++ b/README.md @@ -383,7 +383,7 @@ To extract data from the API response, call `parsed` on the response object. Each Successful OmniAuth authorization places an [AuthHash](https://github.com/omniauth/omniauth/wiki/Auth-Hash-Schema) object in the environment `env['omniauth.auth']`. -The AuthHash is just an enhanced hash object containing data from the[OAuth2](https://github.com/oauth-xx/oauth2) +The AuthHash is just an enhanced hash object containing data from the [OAuth2](https://github.com/oauth-xx/oauth2) response received from the get-token API call made during the OmniAuth callback phase. See OmniAuth's documentation for the AuthHash schema definition. From d359c038ef4fe78c7dd75c0737e524b664e94816 Mon Sep 17 00:00:00 2001 From: richardonrails Date: Fri, 21 Aug 2020 16:16:29 -0400 Subject: [PATCH 2/3] Fix typo `team_domian` -> `team_domain` --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c3a4816..d61d28b 100644 --- a/README.md +++ b/README.md @@ -264,7 +264,7 @@ Options for `scope`, `team`, `team_domain`, and `redirect_uri` can also be given The `team_domain` query parameter will be inserted into the authorization GET request as a subdomain `https://team-domain.slack.com/oauth/authorize`. -**NOTE:** Allowing `redirect_uri`, `scope`, or `team_domian` to be passed to Slack from your application's public interface (`https://myapp.com/auth/slack?scope=...`) is a potential security risk. As of omniauth-slack version 2.5.0, the default is to NOT allow `scope`, `redirect_uri`, or `team_domain` pass-through options at runtime, *unless* they are listed in the `:pass_through_params` option. The `team` param is allowed to pass through as a default. +**NOTE:** Allowing `redirect_uri`, `scope`, or `team_domain` to be passed to Slack from your application's public interface (`https://myapp.com/auth/slack?scope=...`) is a potential security risk. As of omniauth-slack version 2.5.0, the default is to NOT allow `scope`, `redirect_uri`, or `team_domain` pass-through options at runtime, *unless* they are listed in the `:pass_through_params` option. The `team` param is allowed to pass through as a default. To block all pass-through options. From fc06a18ea4ed24583309bb9b20f48a4e106394ce Mon Sep 17 00:00:00 2001 From: richardonrails Date: Sat, 22 Aug 2020 15:18:45 -0400 Subject: [PATCH 3/3] Fix typo in client.rb --- lib/omniauth-slack/oauth2/client.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/omniauth-slack/oauth2/client.rb b/lib/omniauth-slack/oauth2/client.rb index 43b3ec1..e97c98c 100644 --- a/lib/omniauth-slack/oauth2/client.rb +++ b/lib/omniauth-slack/oauth2/client.rb @@ -28,7 +28,7 @@ class Client < ::OAuth2::Client # @access_token.client.history = @auth_hash.extra.raw_info # # TODO: The above seems a little messy. Maybe use a proc - # to rediredct Client request history to wherever. + # to redirect Client request history to wherever. # Or maybe don't offer any history storage at all. # HISTORY_DEFAULT=nil @@ -92,4 +92,4 @@ def site(*args) end end end -end \ No newline at end of file +end