zquestz · zquestz · Nov 24, 2021 · Nov 10, 2021 · Nov 23, 2021
diff --git a/lib/omniauth/strategies/google_oauth2.rb b/lib/omniauth/strategies/google_oauth2.rb
@@ -121,8 +121,9 @@ def get_access_token(request)
             request.body.rewind # rewind request body for downstream middlewares
             verifier = body && body['code']
             access_token = body && body['access_token']
+            redirect_uri ||= body && body['redirect_uri']
             if verifier
-              client_get_token(verifier, 'postmessage')
+              client_get_token(verifier, redirect_uri || 'postmessage')
             elsif verify_token(access_token)
               ::OAuth2::AccessToken.from_hash(client, body.dup)
             end

diff --git a/spec/omniauth/strategies/google_oauth2_spec.rb b/spec/omniauth/strategies/google_oauth2_spec.rb
@@ -641,6 +641,22 @@
       subject.build_access_token
     end
 
+    it 'reads the redirect uri from a json request body' do
+      body = StringIO.new(%({"code":"json_access_token", "redirect_uri":"sample"}))
+      client = double(:client)
+      auth_code = double(:auth_code)
+
+      allow(request).to receive(:xhr?).and_return(false)
+      allow(request).to receive(:content_type).and_return('application/json')
+      allow(request).to receive(:body).and_return(body)
+      allow(client).to receive(:auth_code).and_return(auth_code)
+      expect(subject).to receive(:client).and_return(client)
+
+      expect(auth_code).to receive(:get_token).with('json_access_token', { redirect_uri: 'sample' }, {})
+
+      subject.build_access_token
+    end
+
     it 'reads the access token from a json request body' do
       body = StringIO.new(%({"access_token":"valid_access_token"}))