I am using Rails 6.0.0, Devise 4.7.1, and , omniauth-facebook 5.0.0.
I was able to get omniauth to work successfully with twitter via omniauth-twitter (which I notice currently happens to use oauth 1.0 as opposed to oauth 2.0).
I was also able to get omniauth to work successfully with google via omniauth-google-oauth2 which uses oauth 2.0.
I am not having the same luck with omniauth-facebook (which happens to use oauth 2.0).
The initalizers/devise.rb file is where the main config is in order to specify the provider and then the app_id and app_secret for each provider. Here is what I have (of course with a placeholder for the real app_id and secret):
config.omniauth :facebook, "my-app-id", "my-app-secret-key", scope: "email"
config.omniauth :twitter, "my-app-id", "my-key"
config.omniauth :google_oauth2, "my-client-id", "my-client-seceret"
Again, it works just fine with twitter and google. But when I click the "Sign in With Facebook" link it shows this on facebook:
I am stumped because I know I entered the app ID correctly. The status of the app is "Live" as opposed to "Development (which required me to provide a Privacy Policy URL).
Since omniauth-twitter works, it makes me wonder if something is wrong on the provider end (facebook) or perhaps there is something wrong with the omniauth-facebook gem? Of course: I will never rule out that I am missing something obvious.
I am using https for my app (https now appears to be a requirement in order to use this service from facebook), so that isn't the issue either.
I was able to solve this by simply changing:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, ENV['APP ID'], ENV['APP SECRET']
end
to
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, 'APP ID','APP SECRET'
end
Related
I'm trying to setup a simple Rails application with OmniAuth using google auth.
When running the application on heroku, I get the following error when I try to access the oauth route, either directly or via redirect:
redirect_uri_mismatch
Request details:
access_type=offline
client_id=631910956855-pbglluk1ofb6vjmub9a0fucs8b0r5map.apps.googleusercontent.com
redirect_uri=http://stock-scraper-rails.herokuapp.com/auth/google_oauth2/callback
response_type=code
scope=email profile
state=94be59d4d241b70c83406ce59c36e7fc8d50279c
Works perfectly fine locally. I tried using a ngrok tunnel, and it also works.
Full url: https://accounts.google.com/o/oauth2/auth?access_type=offline&client_id=631910956855-pbglluk1ofb6vjmub9a0fucs8b0r5map.apps.googleusercontent.com&redirect_uri=https%3A%2F%2Fstock-scraper-rails.herokuapp.com%2Fauth%2Fgoogle_oauth2%2Fcallback&response_type=code&scope=email+profile&state=ac4cf27b4e2b534d854136ad25a102e2c1ff772d07dc84b8
My app is hosted on http://stock-scraper-rails.herokuapp.com
You could go to /auth/google_oauth2 to see the error yourself.
I've search a bit but couldn't solve the problem. Here's what I already tried/did, but didn't solve the problem:
added domain to authorized domains
some answers to similar problems suggested waiting, because sometimes it takes google a while for google to update changes to domain. However, I have waited several hours already and the error persists
double/triple checked if my environment variables where correct on Heroku
checked Heroku log; there's no error there
setting OmniAuth.config.full_host manually
Callback route:
get '/auth/google_oauth2/callback', to: 'auth#oauth_callback'
I'm not using devise, by the way. Currently I simply want the controller do store some data in the session:
class AuthController < ApplicationController
def oauth_callback
authentication_google_data = request.env['omniauth.auth'].except(:extra)
user_email = authentication_google_data['info']['email']
# rest ommited
end
end
OmniAuth configuration:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET']
end
Relevant gems versions:
rails (6.0.2.1)
omniauth (1.9.0)
omniauth-google-oauth2 (0.8.0)
omniauth-oauth2 (1.6.0)
Also tried to downgrade omniauth-oauth to 1.3.1, because read that there was a version causing a similar issue, with no success.
Any other ideas on what I could try would be very helpful :)
I figured out what the problem was. On the google developer console for my app, on
OAuth 2.0 Client IDs, I had created an ID with type "Other" instead of "Web application".
Creating a new one on https://console.cloud.google.com/apis/credentials?project=myproject with the type "Web application" and adding the callback url (both http and https) to Authorized redirect URIs solved the problem.
I'm having trouble configuring my Twitter Oauth in a RubyonRails webapp.
The full trace error: http://pastebin.com/2yf1cE8E
The User.rb http://pastebin.com/UUTiTKvy
The app controller http://pastebin.com/bK9ghUJR
The session controller http://pastebin.com/kxYRd1TU
The routes.rb http://pastebin.com/bt7HMRFy
Omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :twitter, 'JsR9zFGrVuDYuFueRnBQK9tpp', ' tDubF5v9uDRvfio7UBZd2XlFYUQQrftE7Qzk6FPaNOucOTWVlf'
end
Thanks, Alex.
Looking at the error, I think you did not define the callback url of Twitter. You have to go into twitter applications and define the URL of your webapp in your callback.
Looking at the error and the code you provided, you're not properly authenticating to Twitter. The 401 response is basically telling you that Twitter doesn't like the identity information you're passing in. So I would verify your keys are correct, and that OmniAuth doesn't require any additional configurations (e.g. specific endpoints Your second key in the Omniauth middleware code appears to have additional spaces in it, you may have done that for security purposes, but I'm pretty sure that keys shouldn't start with spaces.
IMPORTANT NOTE: Once you've confirmed a fix, you should request new keys for your Twitter account, as they have been posted publicly to this forum.
I'm trying to set up Google+ login with Devise and omniauth in an app I'm working on and running into an OAuth::Unauthorized 400 error. I'm using the omniauth-google gem. My Devise config sets up omniauth for Google:
config.omniauth :google, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], scope: 'plus.login'
I'm running the site locally on dev.app.com:3000, and in my app settings in the Google Developers Console I've set the JavaScript origin to be http://dev.app.com:3000 and the redirect URI to be http://dev.app.com:3000/users/auth/google/callback. I've confirmed that my key and secret are correct. What's the problem here?
I am not seeing any problem there, you can get better picture with this tutorial
[https://www.digitalocean.com/community/tutorials/how-to-configure-devise-and-omniauth-for-your-rails-application
or u can try
omniauth-google-oauth2
https://github.com/zquestz/omniauth-google-oauth2
The omniauth-google 1.0 strategy for google is deprecated. That said, nothing appears wrong with your configuration.
You're better of switching to OAuth 2.0, unless you have a very compelling reason not to. Notice that the provider symbol has changed from :google to :google_oauth2. After you switch, it should look like:
provider :google_oauth2, ENV["GOOGLE_KEY"], ENV["GOOGLE_SECRET"]
I'm writing a little app for Coinbase and I'm making an initializer that I've thrown in omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :coinbase, ENV["COINBASE_CLIENT_ID"], ENV["COINBASE_CLIENT_SECRET"], scope: "sell send transfers user"
end
I want to be able to access this anywhere in my app so that I can create an access_token for the user. Based on their docs and the research I've done into Omniauth, I'm not quite sure how to do this.
Should I throw an instance variable and an = in front of the code posted above? Is that a correct solution? Also, how do I go about getting an access_token after initializing this?
Thanks!
Check out this section in the omniauth docs: https://github.com/intridea/omniauth#integrating-omniauth-into-your-application
You first want to set your OAuth redirect URL on Coinbase to /auth/coinbase/callback. Then, when users are redirected back to your site at that path with the code OmniAuth will do its magic and set a special hash called the Authentication Hash on the Rack environment which contains some info about the user as well as the OAuth credentials.
UPDATE 2011/05/01:
I later carefully read through FourSquare's API document, and found it says:
(Note that the request parameters are not JSON, they are standard HTTP keys and values.) All authentication is via OAuth2, which means that all requests MUST be https.
Could this be the problem that I don't have a SSL connection in my development machine?
Hi all! I am trying to connect FourSquare via Omniauth, I followed the Railscast toturial below, and change the provider into foursquare. But the return is always "invalid_credentials". I googled around and find that there's a discussion about this on GitHub(links below), but seems no conclusion yet.
Anyone has idea what went wrong?
Rails.application.config.middleware.use OmniAuth::Builder do
provider :twitter, "XXXXXXX","XXXXXXX"
provider :foursquare, 'XXXXXXX',
'XXXXXXX'
end
RailsCast Link
Discussion on GitHub
I have a gem which will work with omniauth for foursquare.
https://github.com/arunagw/omniauth-foursquare
try to modify your provider initializer to point to your system's certificate path ("/etc/ssl/certs" on Ubuntu)
Rails.application.config.middleware.use OmniAuth::Builder do
provider :twitter, "XXXXXXX","XXXXXXX"
provider :foursquare, 'XXXXXXX', {:client_options => {:ssl => {:ca_path => "/etc/ssl/certs"}}}
end
Your config looks fine, although you probably don't want to share your token/secret keys publicly.
Does the callback url that you used when registering your foursquare oauth consumer match the URL that you're testing with? If you used http://www.foo.com/auth/foursquare/callback when registering your consumer, but are testing on your dev environment (http://localhost:3000/..), you'll see that auth/failure error.
Here's what I did: OmniAuth Invalid Response Error