Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

callback_url doesn't seem to matter #116

Open
wheattcom opened this issue Apr 29, 2017 · 1 comment
Open

callback_url doesn't seem to matter #116

wheattcom opened this issue Apr 29, 2017 · 1 comment

Comments

@wheattcom
Copy link

I'm not sure if this is a bug but I'm brining it to attention. I've worked my way through about 5 omni auth providers so far, hooking up my app, some allow multiple callback urls, some only one (github!). Twitter seems to not even care because I can authenticate locally even if my callback url is configured to be the live url. Its convenient, but is it secure, and where was this decision made, up at twitter or in the gem?
@bodrovis
Copy link

I think there is a setting "Callback URL Locked" at apps.twitter.com that controls it, though it needs to be tested

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bodrovis @wheattcom