social-core icon indicating copy to clipboard operation
social-core copied to clipboard
verified publisher icon python-social-auth

do_auth is not merging request data

Open sultaniman opened this issue 2 years ago • 0 comments

Hey,

I wondering why backend.strategy.request_data(merge=False) for do_auth call?

https://github.com/python-social-auth/social-core/blob/9995648160c003f804adccd542e3d773829435ab/social_core/actions.py#L12-L14

For example real world applications might use forms POST requests and also in form action might supply query parameters and in this case merge=False for Django strategy will only take POST variables thus unintentionally breaking redirect part or other stages of authentication

<form action="login/facebook?next=/profile">
     {% csrf_token %}
    <button>Login</button>
</form>

Should there be a configuration option to merge POST and GET by default?

Thanks.

sultaniman avatar Oct 27 '23 07:10 sultaniman