I'm using this gem to perform a 3LO flow with Todoist from my app and I've noticed, that Todoist API fails with an HTTP 500 error during the last step of the exchange. Upon investigation, I have found that the oauth2 gem, used by omniauth internally, is using the basic auth scheme for passing client id and client secret, while the Todoist Auth guide states that those parameters should be passed in the body.
I have found a workaround that makes the setup work, but I think it would make sense to update the gem to work by default:
# in config/initializer/omniauth.rb
OmniAuth::Strategies::Todoist.option :client_options, {
site: 'https://todoist.com',
authorize_url: '/oauth/authorize',
token_url: '/oauth/access_token',
auth_scheme: :request_body # This is the key change compared to the default behavior
}
I'm using this gem to perform a 3LO flow with Todoist from my app and I've noticed, that Todoist API fails with an HTTP 500 error during the last step of the exchange. Upon investigation, I have found that the
oauth2gem, used byomniauthinternally, is using the basic auth scheme for passing client id and client secret, while the Todoist Auth guide states that those parameters should be passed in the body.I have found a workaround that makes the setup work, but I think it would make sense to update the gem to work by default: