Ruby omniauth-ebay-oauth gem only getting user consent...not auth token - ruby-on-rails

I had no problem getting omniauth-ebay-oauth (https://github.com/evilmartians/omniauth-ebay-oauth) working with Devise, but when Ebay hits the callback I've got a code, but I'd expect the gem to also exchange the code for an auth_token.
Is there something I'm missing with the gem? I don't see anything in the documentation that mentions swapping the code for an auth_token.
I can get the auth_token by doing an HTTP post in the controller, but it seems like a bit of a wasted usage of the gem.

Related

Getting email back from Twitter Oauth with Devise and Rails

I've set up a basic rails application to use twitter oauth gem and devise and have been able to log in a user. However, my problem is I've now got my app white-listed and I would like to get a user's email back in the response. I've followed all necessary steps on the twitter side (setting necessary permissions, URLS, and reset keys) and have tried passing both
include_email=true
and
include_email=email
as a params when I initiate the oauth sequence. I feel like I've read and re-read the docs and tried few edge cases I thought might work based off of very little I've found on-line.
Any help with this? Something I'm missing if you've done this before?
I solved my problem. The omniauth gem was not the latest version which would include email. In my gem file I needed to declare '~> 1.2.1' where I had version 1.2.0 - - the new version includes the following changes you can read about here: https://github.com/arunagw/omniauth-twitter/pull/96

Facebook Login w/ Devise & Omniauth-Facebook has CORS Error?

I've been trying to implement basic facebook login into a rails app that already users devise via their tutorial on integrating omniauth-facebook: https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview
However, as far as I can tell after following along with the full setup, I'm stuck with the error in the js console:
XMLHttpRequest cannot load https://www.facebook.com/dialog/oauth?client_id=...
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:3000' is therefore not allowed access.
I've been stuck all day trying to resolve this, via what is my understanding to be a CORS issue.
However, I've had no success with rack-cors (https://github.com/cyu/rack-cors) and attempting to manually set the headers in the application controller hasn't yielded any results.
I'm unsure where to proceed from here, and somewhat baffled that I haven't come across a solution yet for what must be a pretty standard implementation.
Any help or ideas would be greatly appreciated!
Thanks :)
Try restarting your server. :P
If that doesn't work, install the rack-cors gem and follow the relevant config/application.rb modifications then restart your server.
https://github.com/cyu/rack-cors

Authorize application, code level without hitting browser [Doorkeeper]

I found a related question with no satisfactory answer, so asking here again:
I'm using Doorkeeper GEM for API calls for my application. I have followed the steps given in oauth2 gem docs:
require 'oauth2'
client = OAuth2::Client.new('client_id', 'client_secret', :site => 'https://example.org')
client.auth_code.authorize_url(:redirect_uri => 'http://localhost:8080/oauth2/callback')
As we see the last line execution gives a URL to be used in browser and get authorization code after clicking "Authorize".
But, I want to do all these in Rails model level, so that I don't have to hit the browser for authorization code and it should internally get the code which I can use later for token generation.
Is it possible?
It sounds like you want to use the resource owner password credentials flow for OAuth2. It is best described how to set this up with Doorkeeper and the OAuth2 gem in the Doorkeeper wiki.

Restforce Gem, Salesforce API retuning OAuth2::Error Missing_OAuth_Token

I've been attempting to get Ruby on Rails 4.1 to talk to our salesforce instance using the gem omniauth and gem restforce as per this instruction link here.
All seems to be going alright, I got things up and running, with a hyperlink that takes me to a salesforce login and seems to return to the callback correctly. However when it does i get the error:
OAuth2::Error
Missing_OAuth_Token
This leaves me really confused and mystified, my oauth token should surely be supplied by the callback?
I have my client_id and client_secret stored in the app and they appear to load in correctly. Adding my salesforce login and password through omniauth should provide all it needs right? I don't see anywhere else in the omniauth gem docs or restforce gem to stick an oauth token... and even then i'm not sure where i'd get it from.
I'd read that there had recently been some authentication failures with the gem omniauth and there is a current issue request to put out a new version. If I specify my gem to pull directly from the github. I get a similar bit distinct error that I have posted about here.
Could anyone give any advice on:
Where I should expect the missing Auth_Token to come from (I really can't work out if I'm supposed to be providing it in my app or if that's what comes back from salesforce
How would be best to go about debugging this? (i'd thought about using debugger but as it pings to code outside of my rails app i'm unsure how much help this would be.
What the correct way would be to go about setting this up properly!
Any help would be greatly appreciated!
This was actually a bug in the omniauth-salesforce gem - https://github.com/realdoug/omniauth-salesforce/pull/13.
There was a minor change to the way the Salesforce API worked which was resolved in the above pull request. You must have upgraded your gem which solved the problem.

Dealing with Oauth 2.0-facebook gem error 100: This authorization code has been used

I have been working on setting up facebook authentication for my rails app and while testing, after logging-in with my facebook account, I keep getting this error:
OAuth2::Error:
{"error":{"message":"This authorization code has been used.","type":"OAuthException","code":100}}
I'm not really sure where to begin with this, but can't seem to find anything else online about it. Any guidance would be appreciated, happy to provide more info if it would be useful.
I had this issue as well. I was seeing the "(facebook) Callback phase initiated." message twice in my Rails logs. It turns out that I was initializing FB authentication twice (I am using Devise and Omniauth-Facebook), and I'm guessing one of these was attempting to reset the access token.
Disabling the initializer in Omniauth-Facebook (config/initializers/omniauth.rb) fixed my issue.
This is due to Facebook changes that have been optional up until now but will roll out 12/5/12 for everyone. From the Developer Roadmap for the Dec '12 breaking changes:
New security restrictions for OAuth authorization codes
We will only
allow authorization codes to be exchanged for access tokens once and
will require that they be exchanged for an access token within 10
minutes of their creation. This is in line with the OAuth 2.0 Spec
which from the start has stated that "authorization codes MUST be
short lived and single use". For more information, check out our
Authentication documentation.
You'll need to update your app to account for this.
Cheers
This bug occurred just after the last facebook push and has been reported to facebook just this morning.
So I guess we just have to wait and, in the meantime, post more details to this report and follow it to both help and solicit facebook folks to solve this issue!
I was incorrectly initializing OmniAuth twice, calling config/initializers/omniauth.rb twice.
This would add OmniAuth::Builder twice to the middleware stack. With recent Facebook changes, this started failing with error 100.
Making sure OmniAuth::Builder got added once I managed to solve this issue.
To double check your middleware stack, run this:
rake middleware
I had the same problem and finally found what was the issue in my case.
So for those, who has this problem and uses just Omniauth without Devise, the root cause of the problem might be in an incorrect route for redirection.
Check you server development.log
Find where it redirects (grep by "Redirected to")
Here is the main point: Check in the log if the callback URL is correct
In my case, in routes.rb I had, for example:
get "mycontroller/home"
which is okay, but in my SessionController I also had:
def create
auth_hash = request.env['omniauth.auth']
user = User.from_omniauth(auth_hash)
session[:user_id] = user.id
redirect_to "mycontroller/home"
end
So I made it working by changing this line in the controller from:
redirect_to "mycontroller/home"
to
redirect_to "/mycontroller/home"
So I was able to work around this. It seems that my application was processing the facebook authentication, then trying to do it a second time and producing this error. Strange since I was trying to redirect to root_url. In any case, changing the page that I was redirecting to from "root_url" to "/" after storing the user info in my database seemed to make all the difference.
I would suggest checking your development log to see if you're getting a similar error.

Resources