DEV: Give callback listeners access to the request object. (PR #13965)

GitHub

What is the intended usage for this change? If a plugin needs those field, I’ll prefer if we add either a plugin API to enable the storing of the fields.

We already pass the session object here, so maybe we could just pass the whole request object as well? That way, plugins are free to look at whatever information they need, with minimal code in core:

    auth[:session] = session
    auth[:request] = request

What is the intended usage for this change? If a plugin needs those field, I think it’ll be better if we add either a plugin API to enable the storing of the fields. Otherwise, we executing extra code in core if there are no consumers for the fields.

The plugin I’m working on listens for the before_auth and after_auth events, which uses to get access to the auth flow data and set some cookies for the user.

To set one of these cookies, I need access to the user agent and IP address. I can’t fetch this data from the user record because the user might not exist at this point, so I want to make it temporarily available to the plugin through this event.

We already pass the session object here, so maybe we could just pass the whole request object as well?

Sounds good to me. This way, we’re not executing any extra code.

The title of this pull request changed from “DEV: Store the remote IP and user agent on the auth hash before completing the omniauth auth flow” to "DEV: Give callback listeners access to the request object.

We can’t serialize request using #to_json when we have to associate to an existing account. Looks like I’ll have to add a plugin API to store data from the request in the auth hash.

Do you need the request to be added to the auth hash? Could we add it as an extra parameter to :before_auth instead? (just like cookies works at the moment)

Do you need the request to be added to the auth hash? Could we add it as an extra parameter to :before_auth instead? (just like cookies works at the moment)

Yes, you’re right. Passing the request to the events is a better solution.

The new change is much better :+1: