Is this the best way to handle redirects, and token generation for google omniauth login?

[Morzaram]

Hey everyone, so I got this working but I feel like it's so hacky. I was wondering if someone can tell me if there's a cleaner approach to this?

require "sequel/core"
require "omni_auth/strategies/apple"
require "omni_auth/strategies/google"
class RodauthMain < Rodauth::Rails::Auth
  configure do
    # List of authentication features that are loaded.
    enable :create_account,
      :verify_account, :verify_account_grace_period,
      :login, :logout, :remember,
      :reset_password, :change_password, :change_login, :verify_login_change,
      :close_account, :jwt, :json, :internal_request, :omniauth

    
    jwt_secret Rails.application.credentials.secret_key_base

    after_create_account { verify_account }

    before_close_account do
      RemoveFromBentoJob.perform_later(rails_account.email) if rails_account&.email.present?

      # closes w/o password confirmation if oauth
      if rails_account.account_identities.exists?
        close_account
      end
    end
    only_json? true
    delete_account_on_close? true
    ...
    
    # ==> Remember Feature
    # Remember all logged in users.
    after_login { remember_login }

    # Or only remember users that have ticked a "Remember Me" checkbox on login.
    # after_login { remember_login if param_or_nil("remember") }

    # Extend user's remember period when remembered via a cookie
    extend_remember_deadline? true
   ....
    # Omniauth integration
  

    omniauth_provider :google,
      Rails.application.credentials.dig(:omniauth, :google, :client_id),
      Rails.application.credentials.dig(:omniauth, :google, :client_secret),
      name: :google

    omniauth_provider :apple,
                      Rails.application.credentials.dig(:omniauth, :apple, :client_id), # This is your Service ID (e.g. com.myapp.login)
                      "", # Apple uses a generated JWT, not a static secret. OmniAuth handles this if params are passed.
                      {
                        scope: "email",
                        provider_ignores_state: true,
                        team_id: Rails.application.credentials.dig(:omniauth, :apple, :team_id),
                        key_id: Rails.application.credentials.dig(:omniauth, :apple, :key_id),
                         authorized_client_ids: [Rails.application.credentials.dig(:omniauth, :apple, :client_id)],
                        pem: Rails.application.credentials.dig(:omniauth, :apple, :private_key)
                      }

# sets up proper redirect URL for mobile app
    omniauth_setup do
      omniauth_strategy.options[:provider_ignores_state] = true  # allows mobile app login
    if omniauth_strategy.to_s.include?("Google")
        omniauth_strategy.options[:platform] = request.params["platform"]
        omniauth_strategy.options[:redirect_uri] = request.params["platform"] == "web" ? "https://web.my.app" : nil
        omniauth_strategy.options[:token_params][:platform] = request.params["platform"]
      end
    end
 
    omniauth_before_callback_phase do
      if omniauth_strategy.to_s.include?("Google")
        if session.present? # assigns jwt only when session exists
          query = Rack::Utils.build_query("state" => request.params["state"], "token" => session_jwt)
          redirect_base = request.params["platform"] == "web" ? "https://web.myapp.app" : "myapp://oauth"
          response.status =request.params["platform"] == "web" ? 200 : 302
          response.headers["Location"] = "#{redirect_base}?#{query}"
        end
      end
    end

    after_omniauth_create_account do
      remember_login # remembers login so they can actually use the jwt for the `remember` plugin
       #assigns session so I can actually send a valid `session_jwt` in the query response once omniauth account is created
      @session = {
        **session.to_h,
        "account_id": account_id,
        "authenticated_by": ["omniauth"]
      }
      query = Rack::Utils.build_query("state" => request.params["state"], "token" => session_jwt)
      redirect_base = request.params["platform"] == "web" ? "https://web.myapp.app" : "myapp://oauth"
      response.status =request.params["platform"] == "web" ? 200 : 302
      response.headers["Location"] = "#{redirect_base}?#{query}"
    end
  end
end

I hope this is readable, sorry if it's incoherent.

I feel like I'm hacking around defaults when it comes the omniauth hooks. Would love a peer review if it's not too big of an ask and perhaps this can serve as an example for others