ueberauth / ueberauth_vk Goto Github PK

View Code? Open in Web Editor NEW

19.0 6.0 12.0 120 KB

vk.com OAuth2 Strategy for Überauth.

Home Page: https://hex.pm/packages/ueberauth_vk

License: MIT License

Elixir 100.00%

vk vkontakte oauth2-strategy ueberauth elixir

ueberauth_vk's Introduction

Überauth VK

VK OAuth2 strategy for Überauth.

Requirements

We support elixir versions 1.4 and above.

Installation

Setup your application at VK Developers.

Add :ueberauth_vk to your list of dependencies in mix.exs:

def deps do
  # installation via hex:
  [{:ueberauth_vk, "~> 0.3"}]
  # if you want to use github:
  # [{:ueberauth_vk, github: "sobolevn/ueberauth_vk"}]
end

Add the strategy to your applications:

def application do
  [applications: [:ueberauth_vk]]
end

Add VK to your Überauth configuration:

config :ueberauth, Ueberauth,
  providers: [
    vk: {Ueberauth.Strategy.VK, []}
  ]

Update your provider configuration:

config :ueberauth, Ueberauth.Strategy.VK.OAuth,
  client_id: System.get_env("VK_CLIENT_ID"),
  client_secret: System.get_env("VK_CLIENT_SECRET")

Include the Überauth plug in your controller:

defmodule MyApp.AuthController do
  use MyApp.Web, :controller
  plug Ueberauth
  ...
end

Create the request and callback routes if you haven't already:

scope "/auth", MyApp do
  pipe_through :browser

  get "/:provider", AuthController, :request
  get "/:provider/callback", AuthController, :callback
end

You controller needs to implement callbacks to deal with Ueberauth.Auth and Ueberauth.Failure responses.

For an example implementation see the Überauth Example application.

Customizing

You can customize multiple fields, such as default_scope, default_display, default_state, profile_fields, and uid_field.

Scope

By default the requested scope is "public_profile". Scope can be configured either explicitly as a scope query value on the request path or in your configuration:

config :ueberauth, Ueberauth,
  providers: [
    vk: {Ueberauth.Strategy.VK, [default_scope: "friends,video,offline"]}
  ]

Profile Fields

You can also provide custom fields for user profile:

config :ueberauth, Ueberauth,
  providers: [
    vk: {Ueberauth.Strategy.VK, [profile_fields: "photo_200,location,online"]}
  ]

See VK API Method Reference > User for full list of fields.

State

You can also set the custom field called state. It is used to prevent "man in the middle" attacks.

config :ueberauth, Ueberauth,
  providers: [
    vk: {Ueberauth.Strategy.VK, [default_state: "secret-state-value"]}
  ]

This state will be passed to you in the callback as /auth/vk?state=<session_id> and will be available in the success struct.

UID Field

You can use alternate fields to identify users. For example, you can use email.

config :ueberauth, Ueberauth,
  providers: [
    vk: {Ueberauth.Strategy.VK, [
      default_scope: "email",
      uid_field: :email
    ]}
  ]

License

MIT. Please see LICENSE.md for licensing details.

ueberauth_vk's People

Contributors

Stargazers

Watchers

Forkers

showsmachine fobocaster kelostrada gsdu8g9 kosyanmedia geeksoftteam kelostrada-pjatk romul asiniy versilov martinserts tokitori

ueberauth_vk's Issues

Image fetching doesn't work correctly

The pattern matching breaks here because user seems to be just a map, not a tuple.

Unlock oauth2

There is a new 0.8.* version of oauth2 which is used by ueberauth_facebook and probably the others and probably should be used by us. I have a feeling there is no need to strong lock the package to the 0.6 version anymore.

Release a new version

Current vk.com API version is deprecated, all requests are failing

vk.com API returns an error during callback because current API version in request (v5.8) is deprecated since 1st June 2020

Reproduction

Try authenticating with /auth/vk, after redirect to callback it fails with the fallowing error:

(FunctionClauseError) no function clause matching in List.first/1

This happens because of current version deprecation, see the users.get API response:

%{      
  "error" => %{
    "error_code" => 8,
    "error_msg" => "Invalid request: versions below 5.21 are deprecated. Version param should be passed as \"v\". \"version\" param is invalid and not supported. For more information go to https://vk.com/dev/constant_version_updates",
    "request_params" => [
      %{
        "key" => "fields",
        "value" => "first_name,last_name,bdate,education,universities,domain,photo_400,photo_100"
      },
      %{"key" => "user_ids", "value" => "138555414"},
      %{"key" => "v", "value" => "5.8"},
      %{"key" => "method", "value" => "users.get"},
      %{"key" => "oauth", "value" => "1"}
    ]
  }
}

Fix

Updating to a newer version solves the problem, according to this doc the latest version is 5.124. According to changelog there are no critical changes to users.get, so I think the version can be safely updated. See #109

Upgrade dependencies and elixir version

Application module is not available with Distillery releases

This line should be changed: https://github.com/sobolevn/ueberauth_vk/blob/master/lib/ueberauth/strategy/vk/oauth.ex#L28

See docs and possible solution

%Ueberauth.Auth.Info{} is population wrong

%Ueberauth.Auth.Info{
  description: nil,
  email: nil,
  first_name: "Dmitry",
  image: nil,
  last_name: "Rubinshteyn",
  location: nil,
  name: "Dmitry Rubinshteyn",
  nickname: nil,
  phone: nil,
  urls: %{vk: "https://vk.com/id"}
}

This is what I'm getting from success auth.

It seems, that uid was changed to id, so urls are population wrong.

Update docs

Here's a good example: https://github.com/ueberauth/ueberauth_github/blob/master/lib/ueberauth/strategy/github.ex#L72

User's email is not fetched

The user's email is passed along side with the token, not in the response from users.get API request thus it doesn't get set in the info callback.

Add tests

Here's the nice example on how this can be achieved: https://github.com/he9qi/ueberauth_weibo/tree/master/test

release on hex

Please create a release on hex for 0.2.1

Elixir 1.4 support

There are two things to do:

Add 1.4 to Travis build matrix
Fix all the warnings

How To Reproduce

Try authenticating by calling /auth/vk
After being redirected back to /auth/vk/callback?code=xxx it will show the error (see Stack Trace).

Stack Trace

Request: GET /auth/vk/callback?code=a55b8166fcf0135cf6
** (exit) an exception was raised:
    ** (FunctionClauseError) no function clause matching in List.first/1
        (elixir) lib/list.ex:219: List.first(nil)
        (ueberauth_vk) lib/ueberauth/strategy/vk.ex:173: Ueberauth.Strategy.VK.fetch_user/3
        (ueberauth) lib/ueberauth/strategy.ex:301: Ueberauth.Strategy.run_callback/2
        (my_app) lib/my_app_web/controllers/auth_controller.ex:1
        ...

The users.get API returns a response:

STATUS_CODE: 200
%{"error" => %{"error_code" => 8,
    "error_msg" => "Invalid request: v (version) is required",
    "request_params" => [%{"key" => "oauth", "value" => "1"},
     %{"key" => "method", "value" => "users.get"},
     %{"key" => "fields", "value" => ""},
     %{"key" => "user_ids", "value" => "84294762"}]}}

Suggested Fix

Add a test case for this bug
Fix by adding |> Map.merge(%{"v" => "5.73"}) to the method user_query at vk.ex solves the error.