OmniAuth Facebook
| Upstream URL | Security Risk | Abandonment Risk |
|---|---|---|
| https://simi.github.io/omniauth-facebook/ | High | High |
External contacts
The maintainers are reachable via the project's public GitHub issue tracker.
Security posture
This gem is responsible for the Sign In with Facebook authentication strategy and therefore is of high importance for the security of MoR. Sign in bypass could expose customer order history to a third party attacker.
Abandonment risk
The project's README notes that maintainers are desired. There are stale pull requests dating to 2018 (7 years), despite a recent release (May 2024).
We consider there to be a high risk that the project could be abandoned, or changes to Facebook's API or OmniAuth rendering it unusable or broken.
Versioning policy
Any updates will be pulled in via bundle during our monthly updates.
In the event of a major release of OmniAuth, this gem will need to be evaluated deeply. It may require a fork if the OmniAuth strategy API changes in a significant fashion.