From 017013956acc9ed575cb0a7815de8c63b94a6d90 Mon Sep 17 00:00:00 2001
From: Matt McCarty <me@mattmccarty.net>
Date: Mon, 22 Feb 2016 20:16:56 -0500
Subject: [PATCH 1/4] option to disable automatically resolving callback url

---
 lib/strategy.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/strategy.js b/lib/strategy.js
index e95dbfc..6e5d3cf 100644
--- a/lib/strategy.js
+++ b/lib/strategy.js
@@ -137,8 +137,12 @@ OAuth2Strategy.prototype.authenticate = function(req, options) {
     }
   }
 
+  if (options.autoResolveCallback === undefined) {
+    options.autoResolveCallback = true;
+  }
+
   var callbackURL = options.callbackURL || this._callbackURL;
-  if (callbackURL) {
+  if (callbackURL && options.autoResolveCallback) {
     var parsed = url.parse(callbackURL);
     if (!parsed.protocol) {
       // The callback URL is relative, resolve a fully qualified URL from the

From 0460d1175b4fb0a510ad7712eff3c47851e37a2d Mon Sep 17 00:00:00 2001
From: Matt McCarty <me@mattmccarty.net>
Date: Mon, 22 Feb 2016 20:29:26 -0500
Subject: [PATCH 2/4] added new callback option to strategy settings

---
 lib/strategy.js | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/lib/strategy.js b/lib/strategy.js
index 6e5d3cf..27ff3cd 100644
--- a/lib/strategy.js
+++ b/lib/strategy.js
@@ -83,6 +83,7 @@ function OAuth2Strategy(options, verify) {
   if (!options.tokenURL) { throw new TypeError('OAuth2Strategy requires a tokenURL option'); }
   if (!options.clientID) { throw new TypeError('OAuth2Strategy requires a clientID option'); }
   if (!options.clientSecret) { throw new TypeError('OAuth2Strategy requires a clientSecret option'); }
+  if (options.autoResolveCallback === undefined) options.autoResolveCallback = true;
 
   passport.Strategy.call(this);
   this.name = 'oauth2';
@@ -95,6 +96,7 @@ function OAuth2Strategy(options, verify) {
       '', options.authorizationURL, options.tokenURL, options.customHeaders);
 
   this._callbackURL = options.callbackURL;
+  this._autoResolveCallback = options.autoResolveCallback;
   this._scope = options.scope;
   this._scopeSeparator = options.scopeSeparator || ' ';
   this._key = options.sessionKey || ('oauth2:' + url.parse(options.authorizationURL).hostname);
@@ -137,12 +139,8 @@ OAuth2Strategy.prototype.authenticate = function(req, options) {
     }
   }
 
-  if (options.autoResolveCallback === undefined) {
-    options.autoResolveCallback = true;
-  }
-
   var callbackURL = options.callbackURL || this._callbackURL;
-  if (callbackURL && options.autoResolveCallback) {
+  if (callbackURL && this._autoResolveCallback) {
     var parsed = url.parse(callbackURL);
     if (!parsed.protocol) {
       // The callback URL is relative, resolve a fully qualified URL from the

From 6b8d8b86b8a0b9b55eed9e9f62f1c280140c0eec Mon Sep 17 00:00:00 2001
From: Matt McCarty <me@mattmccarty.net>
Date: Mon, 22 Feb 2016 21:22:24 -0500
Subject: [PATCH 3/4] override option for autoResolveCallback

---
 lib/strategy.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/strategy.js b/lib/strategy.js
index 27ff3cd..3ca220d 100644
--- a/lib/strategy.js
+++ b/lib/strategy.js
@@ -139,8 +139,9 @@ OAuth2Strategy.prototype.authenticate = function(req, options) {
     }
   }
 
-  var callbackURL = options.callbackURL || this._callbackURL;
-  if (callbackURL && this._autoResolveCallback) {
+  var callbackURL          = options.callbackURL          || this._callbackURL,
+      autoResolveCallback  = options.autoResolveCallback  || this._autoResolveCallback;
+  if (callbackURL && autoResolveCallback) {
     var parsed = url.parse(callbackURL);
     if (!parsed.protocol) {
       // The callback URL is relative, resolve a fully qualified URL from the

From 16ead287c39803b181be1540fe12e3ae39aff284 Mon Sep 17 00:00:00 2001
From: Matt McCarty <me@mattmccarty.net>
Date: Mon, 22 Feb 2016 21:54:35 -0500
Subject: [PATCH 4/4] bug fix

---
 lib/strategy.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/strategy.js b/lib/strategy.js
index 3ca220d..960b106 100644
--- a/lib/strategy.js
+++ b/lib/strategy.js
@@ -139,8 +139,8 @@ OAuth2Strategy.prototype.authenticate = function(req, options) {
     }
   }
 
-  var callbackURL          = options.callbackURL          || this._callbackURL,
-      autoResolveCallback  = options.autoResolveCallback  || this._autoResolveCallback;
+  var callbackURL          = options.callbackURL || this._callbackURL,
+      autoResolveCallback  = (options.autoResolveCallback === undefined) ? this._autoResolveCallback : options.autoResolveCallback;
   if (callbackURL && autoResolveCallback) {
     var parsed = url.parse(callbackURL);
     if (!parsed.protocol) {