I am using omniauth-google-oauth2 with branch: 'v0.2.10' for below mentioned scopes in code
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, APP_CONFIG['google_oauth2']['client_id'], APP_CONFIG['google_oauth2']['client_secret'], {
access_type: 'offline',
scope: 'https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/calendar',
redirect_uri: "#{APP_CONFIG['site_url']}auth/google_oauth2/callback",
skip_jwt: true,
prompt: 'consent',
provider_ignores_state: true
}
end
But when i try to sync calendar, it gives me invalid_credential error as below
auth/failure?message=invalid_credential?...
No more details available in response.
Please suggest me if i am doing anything wrong.
Does the APP_CONFIG['site_url'] come with slash in the end or not?
anyway i thank it most be like that:
#{APP_CONFIG['site_url']}/auth/google_oauth2/callback
instead of : #{APP_CONFIG['site_url']}auth/google_oauth2/callback
Related
I'm trying to get my access token in OAuth2 so that I can access the Google Calendar API. Everywhere I look it says that i'm supposed to pass in a 'grant_type' that is equal to refresh_token but I keep getting the error
"undefined local variable or method `refresh_token' for # Did you mean? real_csrf_token"
So somewhere a long the line my 'refresh_token' is not being set. Please
events_controller.rb
auth = Signet::OAuth2::Client.new(
access_type: 'offline',
token_credential_uri: 'https://accounts.google.com/o/oauth2/token',
client_id: ENV['GOOGLE_CLIENT_ID'],
client_secret: ENV['GOOGLE_SECRET_KEY'],
grant_type: refresh_token
)
auth.fetch_access_token!
Also, I have an omniauth initializer file, which is where I believe i'm missing my opportunity to grab the access token and refresh token.
config/initializers/omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_SECRET_KEY'],
{
scope: ['https://www.googleapis.com/auth/calendar', 'https://www.googleapis.com/auth/plus.login'],
skip_jwt: true
}
end
Any help is appreciated!
The documentation is telling you to pass a grant_type of 'refresh_token'. That's a string.
In my omniauth.rb
OmniAuth.config.logger = Rails.logger
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, Rails.application.secrets[:facebook_app_id], Rails.application.secrets[:facebook_secret], :scope => 'email,public_profile', :display => 'popup', :info_fields => 'email,public_profile'
end
Client side, javascript:
return FB.login(function(response) {
if (response.authResponse) {
return window.location = '/auth/facebook/callback;
}
}, {scope: 'email,public_profile'});
as per the FB API docs.
When the FB popup opens to ask for permissions, it correctly asks for email and public_profile. I hit OK and this is what request.env['omniauth.auth] provides me with only:
{"provider":"facebook","uid":"XXXXXXX","info":{"name":"XXXXXXX
XXXXXXX","image":"http://graph.facebook.com/XXXXXXX/picture"},"credentials":{"token":"XXXXXXX","expires_at":1444467600,"expires":true},"extra":{"raw_info":{"name":"XXXXXXX
XXXXXXX","id":"XXXXXXX"}}}
I see neither the email address nor any public info except the full name and the profile picture.
I have no clue what I'm doing wrong as I follow exactly the guidelines of the omniauth-facebook gem here: https://github.com/mkdynamic/omniauth-facebook and also the FB developer docs.
Any hints?
You are on the right path just need to update the info fields with the fields you want to pull from facebook, public_profile won't work
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, Rails.application.secrets[:facebook_app_id], Rails.application.secrets[:facebook_secret], :scope => 'email', :display => 'popup', :info_fields => 'email,first_name,last_name'
end
I'm using the Omniauth Stripe-Connect gem and I'd like to add a scope, but the documentation does not cover this. Here's what I'm trying right now, but the scope and stripe-landing parameters are not being included:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :stripe_connect, ENV['STRIPE_CONNECT_CLIENT_ID'], ENV['STRIPE_SECRET'], { :scope => 'read_write', :stripe_landing => 'register' }
end
The gem/strategy: https://github.com/isaacsanders/omniauth-stripe-connect
With the above gem, adding scope and stripe_landing to the Builder does not work.
Instead use just this:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :stripe_connect, ENV['STRIPE_CONNECT_CLIENT_ID'], ENV['STRIPE_SECRET']
end
And then add in the parameters in your Omniauth link:
<a href='http://exampleapp.com/auth/stripe_connect?scope=read_write&stripe_landing=register'>Connect With Stripe</a>
First, the context: I'm writing a little web app to do some custom Google Analytics reporting for me.
In my Gemfile:
gem 'omniauth'
gem 'omniauth-google-oauth2'
In my config/initializers/omniauth.rb:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, ENV["GOOGLE_KEY"], ENV["GOOGLE_SECRET"]
{
:scope => "userinfo.email,userinfo.profile,analytics.readonly",
:approval_prompt => "auto"
}
end
When I get to the auth screen on google, it's only asking me for userinfo.email and userinfo.profile permissions, and nothing for analytics.readonly.
Looking at the URL when I'm auth'ing, I can see that it's only requesting the first two permissions. If I manually add the analytics permission, it grants the correct permissions. So, I've narrowed the issue down to
How I'm passing scope to the omniauth-google-oauth2 strategy, or
How the strategy is handling/ignoring the scope hash.
Also, I have double-checked that the Analytics API is turned on for my OAuth keys in the Google API Console.
Poorly formatted code, I was missing a comma after ENV["GOOGLE_SECRET"]. Below is the fixed code.
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, ENV["GOOGLE_KEY"], ENV["GOOGLE_SECRET"],
{
:scope => "userinfo.email,userinfo.profile,analytics.readonly",
:approval_prompt => "auto"
}
end
My current /config/initializers/omniauth.rb file contains:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :open_id, nil, :name => 'google', :identifier => 'https://www.google.com/accounts/o8/id'
end
When I login via Google by going to /auth/google, Google reports:
DOMAIN is asking for some information from your Google Account EMAIL
- Email address: NAME (EMAIL)
My application doesn't need the user's email and so I'd like to remove this barrier to entry. Is there anyway to remove this requirement. For Facebook, I've found I can add the "scope" property of options, for example:
provider :facebook, 'APP_ID', 'APP_SECRET', {:scope => ''}
Based on a quick review of the source for the OpenID strategy (which Google Aps auth inherits from), you can pass in options specifying which attributes are optional vs. required for an Attributes Exchange (AX) auth.
See source code here for options: https://github.com/intridea/omniauth/blob/master/oa-openid/lib/omniauth/strategies/open_id.rb
Based on that, I think you could change the options like so to remove email as a required attribute:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :open_id, nil, :name => 'google', :identifier => 'https://www.google.com/accounts/o8/id', :required => [], :optional => []
end
Good luck. I didn't test this, just reading the source.