-
Notifications
You must be signed in to change notification settings - Fork 402
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove access token for profile picture URL #388
base: master
Are you sure you want to change the base?
Remove access token for profile picture URL #388
Conversation
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
I made a tiny update of the readme corresponding to the changes |
What about to provide 2 methods to cover both variants (app scoped id and user id)? Or any other way to keep both variants working? Maybe additional argument or so? |
Thanks for your response @simi!
I'm not sure what exactly you are mean, in this PR there are no changes related to app scoped id or user id How I can see (UID) is passed as an argument to an omniauth-facebook/lib/omniauth/strategies/facebook.rb Lines 163 to 178 in ebfca0e
If you mean that we should support behaviour that received UID will be user-id and for that case, we will need omniauth-facebook/lib/omniauth/strategies/facebook.rb Lines 15 to 19 in ebfca0e
User uid for picture url we take from omniauth-facebook/lib/omniauth/strategies/facebook.rb Lines 58 to 68 in ebfca0e
And the Facebook documentation tells us that returned ID is App-Scoped User ID
So for me, it looks like there is no way that we could use another type of ID If I missing some use cases when gem could use user id instead of app scoped id or misunderstood the way of gem behaviour please let me know |
Hi @simi I just don't want this PR to become forgotten without some final decision about it, so just pinging you |
Yup, I need to disable this auto-closing somehow. |
I believe behaviour with auto-closing PR could be edited here: https://github.com/simi/omniauth-facebook/blob/master/.github/workflows/stale.yml It looks like it closes PR with no activity in 5 days based on this line:
|
Thanks @Rubyist007, updated ca9b64f. I'll try to find some time to revisit this, since I think I'm mixing 2 issues together here probably and I don't fully follow for now. |
Welcome Yep sure, no problem |
@simi Hi |
Access token for profile picture URL is not necessary and could lead to problems with expired access tokens when URL stored in DB
This pull request removes the access token param in the image URL, which resolves the issue I posted: #387