这是我第一次在 Rails 中做 github oauth,所以我遵循了一个过时的 YouTube 教程(2015 年)。很明显,我的应用程序可以运行,但是当我成功注册时,我收到了以下电子邮件:
嗨@NAME,
2020 年 7 月 30 日 19:31 (UTC),您的应用程序使用访问令牌(使用 User-Agent Faraday v0.17.0)作为查询参数的一部分,通过 GitHub API 访问端点:
请改用 Authorization HTTP 标头,因为
access_token不推荐使用查询参数。根据您的 API 使用情况,我们将每月向您发送此电子邮件提醒。
访问 https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param 了解有关建议的变通办法和删除日期的更多信息。
谢谢,GitHub 团队
事实上,我的秘密信息在我的网址中可见:https://github.com/login?client_id=123456789&return_to=%2Flogin%2Foauth%2Fauthorize%3Fclient_id%123456789%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%253A4000%252Fauth%252Fgithub%252Fcallback%26response_type%3Dcode%26state%123456789
我需要将这些东西移到标题中,但我不知道该怎么做。我的代码是:
应用程序配置
module AppName
class Application < Rails::Application
# Initialize configuration defaults for originally generated Rails version.
config.load_defaults 6.0
# Settings in config/environments/* take precedence over those specified here.
# Application configuration can go into files in config/initializers
# -- all .rb files in that directory are automatically loaded after loading
# the framework and any gems in your application.
config.middleware.use OmniAuth::Builder do
provider :developer if Rails.env.development?
provider :github, ENV['CLIENTID'], ENV['CLIENTSECRET']
end
end
end
会话控制器
class SessionController < ApplicationController
skip_before_action :verify_authenticity_token, only: [:create]
def create
user = User.find_or_create_by(
provider: auth_hash[:provider],
uid: auth_hash[:uid]
) do |user|
user.name = auth_hash[:info][:name]
end
session[:user_id] = user.id
redirect_to :about
end
def destroy
reset_session
redirect_to :root
end
private
def auth_hash
request.env['omniauth.auth']
end
end
路线:
get 'auth/github', as: 'github_auth'
宝石文件:
# Login
gem 'omniauth'
gem 'omniauth-github', github: 'omniauth/omniauth-github', branch: 'master'
来自 github 的更多信息:https ://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param/