I have a Rails app that uses the omniauth-github gem. According to Github documentation, I can set the parameter allow_signup to false in the initial request, so that users can only log in to my app if they already have a Github account. This is my desired behavior.
The part I haven't been able to figure out is this: where exactly should I set this parameter? I have added it to the sign in link path ("auth/github?allow_signup=false"), but that doesn't work. Should this be in the provider :github line within config/initializers/omniauth.rb? How, exactly?
You should pass the parameter explicitly to provider function. So please try the following snippet.
provider :github, ENV['GITHUB_KEY'], ENV['GITHUB_SECRET'], allow_signup: 'true', scope: 'user,repo,gist'
This is how I got it to work:
# config/initializers/omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :github,
ENV['GITHUB_KEY'],
ENV['GITHUB_SECRET'],
{
client_options: {
authorize_url: 'https://github.com/login/oauth/authorize?allow_signup=false'
}
}
end
Apparently it also works with Devise, replacing provider with config.omniauth and placing this within config/initializers/devise.rb instead.
Related
I'm trying to figure out how to get the refresh token from an office365 user with omniauth.
In my devise.rb file I have tried two different ways but to no avail:
config.omniauth :microsoft_office365, ENV['OFFICE365_APP_ID'], ENV['OFFICE365_SECRET'],
access_type: 'offline',
scope: 'https://outlook.office.com/calendars.read'
config.omniauth :microsoft_office365, ENV['OFFICE365_APP_ID'], ENV['OFFICE365_SECRET'],
scope: 'https://outlook.office.com/calendars.read, offline_access'
Am I doing something wrong here?
It turns out the offline_access scope needn't be defined in devise.rb. All you have to do is add the scope in the Microsoft Application Registration Portal.
For me, the microsoft_office365 config line in devise.rb now looks like this:
config.omniauth :microsoft_office365, ENV['OFFICE365_APP_ID'], ENV['OFFICE365_SECRET'],
scope: 'https://outlook.office.com/calendars.read'
I've been using the gem LinkedIn OAuth 2.0. Right now I can get it to generate the linkedin signin page. However, the next thing that is supposed to happen is it sends to my callback link a code which I use to generate an access token. The problem is that the variable 'oauth' is generated in the authenticate action but then needs to be used again in the callback action. I've tried generating the oauth variable again using the exact same parameters, but when I do that I get an SSL certificate error. It seems like the exact same oauth instance needs to be used in both cases. Let me know if you have any thoughts. My code is below:
def authenticate
require "linkedin-oauth2"
LinkedIn.configure do |config|
config.client_id = "Mycode"
config.client_secret = "Mysecret"
# This must exactly match the redirect URI you set on your application's
# settings page. If your redirect_uri is dynamic, pass it into
# `auth_code_url` instead.
config.redirect_uri = "http://localhost:3000/auth/linkedin/callback"
end
oauth = LinkedIn::OAuth2.new()
url = oauth.auth_code_url
redirect_to url
end
def callback
require "linkedin-oauth2"
code = params[:code]
access_token = oauth.get_access_token(code)
api = LinkedIn::API.new(access_token)
my_job_titles = api.profile(fields: ["id", {"positions" => ["title"]}])
puts my_job_titles
redirect_to("/")
end
end
Getting an SSL certificate error doesn't mean that the instantiation is wrong. I don't know that gem, but I can't see why would that be a problem.
The require and the configuration block should not be inside the method (maybe you forgot the configuration from the second method?); the best place for those is in config/initializers/linkedin_oauth2.rb.
If you don't want to load it at startup, then you can put those in a private method oauth with memoization:
def oauth
#oauth ||=
begin
require "linkedin-oauth2"
LinkedIn.configure do |config|
...
end
LinkedIn::OAuth2.new()
end
end
If the SSL error still occurs, you should investigate that. You can try creating a simple Ruby script with some example from the gem's readme, just to test the connection to LinkedIn.
Looks like the gem is using the faraday gem for HTTP, you can also try using that directly to make a simple call to LinkedIn.
I am using Omniauth in a Rails application for login, my omniauth.rb, is as show below:
OmniAuth.config.logger = Rails.logger
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, 'xxxxxxx', 'xxxxxxx'
provider :google_oauth2, 'xxxxxxxxx','xxxxxxxx'
end
When a user attempts to login (via Facebook or Goolge) and denies permissions, get the following error:
OmniAuth::Strategies::OAuth2::CallbackError
with this parameters:
{"error"=>"access_denied",
"error_code"=>"200",
"error_description"=>"Permissions error",
"error_reason"=>"user_denied",
"state"=>"60daee5f78d9cc28972050ae8ca8f950bb4ed5958302bcea"}
if the user accept, no problem and everything works fine.
I've tried some of the possible solutions related with this error, and listed on this website, but none solved my problem. For example:
How to rescue OmniAuth::Strategies::OAuth2::CallbackError?
Omniauth+facebook error when trying to cancel the popup
Please, I need help to solve this problem.
there is another thread (posted here) with a solution that could help you. But it always redirects to a general failure page for every type of error; meaning that regardless of the provider, it will redirect to the same error page.
How to rescue OmniAuth::Strategies::OAuth2::CallbackError?
If you are using Devise with OmniAuth you need to skip the extra omniauth.rb initializer and simply config.provider "KEY", "SECRET" inside of initializers/devise.rb and then carry on with your implementation.
How can I change the route that triggers omniauth from using /auth/:provider to /myapp/auth/:provider ?
I don't want to redirect either, because my server will send anything that's not in /myapp/ to the wrong place.
Here is how I did this in the config.ru file. I my case, my provider is CAS.
use OmniAuth::Builder do
configure do |config|
config.path_prefix = '/my-app-path/auth'
end
provider :cas, CAS::OPTIONS
end
Note that CAS::OPTIONS is an array with CAS configuration for omniauth::cas.
This seems to work fine.
I think you will have to change the omniauth callback too : /auth/:provider/callback should be prefixed to /my-app-path/auth/:provider/callback.
You can change it via :setup option
Source: https://github.com/omniauth/omniauth/blob/e9978e377f1ac2b7271e5a8486dfe103a1c1d48d/lib/omniauth/strategy.rb#L304-L307
Add the following option in your initializer:
option :request_path, 'https://yourdomain.com/auth/yourprovider/callback'
Restart you app server and try!
Using OmniAuth, Rails 3.1.0.rc2, mysql2, ruby 1.9.2.p0.
I still get this when redirecting back to my site.
/auth/failure?message=invalid_response
Omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :twitter, 'XXXXX', 'XXXXXXXXXXXXX'
I've checked the keys 100x and they are correct. Still getting the invalid response. Any of the questions I see don't seem to work.
Any help would be greatly appreciated!
Thanks. [:
If any new information is needed, just ask.
If you use this request.env['rack.auth'] in your controller, change this to request.env['omniauth.auth'] - this were explained here OmniAuth
this solution works for me.
I had a similar problem. It turns out that I actually had some runtime errors in my Users::OmniauthCallbacksController#twitter method:
I was calling a method on a non-existent method on a nil object and this was raising an exception, but either devise or omniauth were swallowing the exception.
I ended up wrapping my entire method body in a begin/rescue clause and printing out the exception.
However, if you are getting Invalid Credentials then it's likely that the twitter-issued oauth key has expired and so your user should really be calling /users/auth/twitter again.
Are you sure you are not putting the keys in the wrong order?
Rails.application.config.middleware.use OmniAuth::Builder do
provider :twitter, TW_CONSUMER_KEY, TW_CONSUMER_SECRET
end
If not, let's quickly test your credentials with the Twitter gem:
# twitter.rb -- Test credentials
require "rubygems"
require "twitter"
# Get a user's most recent status update
puts Twitter.user_timeline("YOUR_USER").first.text
Twitter.configure do |config|
config.consumer_key = TW_CONSUMER_KEY
config.consumer_secret = TW_CONSUMER_SECRET
end
# Update your status
Twitter.update("I Love ruby!")
If it works, then your credentials are fine... you should keep looking into Rails...
Thank you Christian for your answer. It was very helpful for me. But if it gives a 401 error trying to update, retweet, etc you will have to include
config.oauth_token = 'MY_OAUTH_TOKEN'
config.oauth_token_secret = 'MY_OAUTH_TOKEN_SECRET'
to Twitter client configuration. Look at https://dev.twitter.com/discussions/1522
So finally you will have
Twitter.configure do |config|
config.consumer_key = 'TW_CONSUMER_KEY'
config.consumer_secret = 'TW_CONSUMER_SECRET'
config.oauth_token = 'MY_OAUTH_TOKEN'
config.oauth_token_secret = 'MY_OAUTH_TOKEN_SECRET'
end
It worked for me
and of course your Twitter app has to have Access level = Read and write. You have to change this in dev.twitter.com if you want to update the status, retweet, etc
Have you tried omniauth-twitter gem?? https://github.com/arunagw/omniauth-twitter