I'm having trouble configuring my Twitter Oauth in a RubyonRails webapp.
The full trace error: http://pastebin.com/2yf1cE8E
The User.rb http://pastebin.com/UUTiTKvy
The app controller http://pastebin.com/bK9ghUJR
The session controller http://pastebin.com/kxYRd1TU
The routes.rb http://pastebin.com/bt7HMRFy
Omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :twitter, 'JsR9zFGrVuDYuFueRnBQK9tpp', ' tDubF5v9uDRvfio7UBZd2XlFYUQQrftE7Qzk6FPaNOucOTWVlf'
end
Thanks, Alex.
Looking at the error, I think you did not define the callback url of Twitter. You have to go into twitter applications and define the URL of your webapp in your callback.
Looking at the error and the code you provided, you're not properly authenticating to Twitter. The 401 response is basically telling you that Twitter doesn't like the identity information you're passing in. So I would verify your keys are correct, and that OmniAuth doesn't require any additional configurations (e.g. specific endpoints Your second key in the Omniauth middleware code appears to have additional spaces in it, you may have done that for security purposes, but I'm pretty sure that keys shouldn't start with spaces.
IMPORTANT NOTE: Once you've confirmed a fix, you should request new keys for your Twitter account, as they have been posted publicly to this forum.
Related
So I'm trying to make an app where I want to allow users to login using their Instagram accounts. This is a Rails app. I'm mostly following Railscast 241 for doing this except that I use Instagram API instead of Twitter API. I'm not using devise.
I installed the gem 'omniauth-instagram' and I have the following in one of my initializers -
Rails.application.config.middleware.use OmniAuth::Builder do
provider :developer unless Rails.env.production?
provider :instagram, ENV['MY_CLIENT_ID'], ENV['MY_CLIENT_SECRET']
end
The problem is that when I direct the user to the 'auth/instagram' path the request does not contain my client-id (I check the Chrome debugging tools > Network to make sure of this). And as a result, although it takes the user to the login page, but then it fails and gives the following response -
{"code": 400,
"error_type": "OAuthException",
"error_message": "You must include a valid client_id, response_type, and redirect_uri parameters"}
So instead of making the request o 'auth/instagram' path I direct the user to the actual autorization URL i.e.
https://api.instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=code
And all goes according to the plan. Except that I don't get the user information as a part of request.env['omniauth.auth'] inside my controller method (after being successfully redirected to the right URL). Infact request.env hash does not have omniauth.auth as one of its keys. The fix to this is that I'll manually have to write a curl -F query to the API to get the user information.
But that sounds like too much work and I feel there must be something that I might have been doing wrong. Why isn't the gem making the correct request with my provided client_id? and why isn't 'omniauth.auth' get properly populated as part of the params?
Some relevant resources -
Instagram API authentication page
omniauth-instagram gem
I'm trying to set up Google+ login with Devise and omniauth in an app I'm working on and running into an OAuth::Unauthorized 400 error. I'm using the omniauth-google gem. My Devise config sets up omniauth for Google:
config.omniauth :google, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], scope: 'plus.login'
I'm running the site locally on dev.app.com:3000, and in my app settings in the Google Developers Console I've set the JavaScript origin to be http://dev.app.com:3000 and the redirect URI to be http://dev.app.com:3000/users/auth/google/callback. I've confirmed that my key and secret are correct. What's the problem here?
I am not seeing any problem there, you can get better picture with this tutorial
[https://www.digitalocean.com/community/tutorials/how-to-configure-devise-and-omniauth-for-your-rails-application
or u can try
omniauth-google-oauth2
https://github.com/zquestz/omniauth-google-oauth2
The omniauth-google 1.0 strategy for google is deprecated. That said, nothing appears wrong with your configuration.
You're better of switching to OAuth 2.0, unless you have a very compelling reason not to. Notice that the provider symbol has changed from :google to :google_oauth2. After you switch, it should look like:
provider :google_oauth2, ENV["GOOGLE_KEY"], ENV["GOOGLE_SECRET"]
I'm writing a little app for Coinbase and I'm making an initializer that I've thrown in omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :coinbase, ENV["COINBASE_CLIENT_ID"], ENV["COINBASE_CLIENT_SECRET"], scope: "sell send transfers user"
end
I want to be able to access this anywhere in my app so that I can create an access_token for the user. Based on their docs and the research I've done into Omniauth, I'm not quite sure how to do this.
Should I throw an instance variable and an = in front of the code posted above? Is that a correct solution? Also, how do I go about getting an access_token after initializing this?
Thanks!
Check out this section in the omniauth docs: https://github.com/intridea/omniauth#integrating-omniauth-into-your-application
You first want to set your OAuth redirect URL on Coinbase to /auth/coinbase/callback. Then, when users are redirected back to your site at that path with the code OmniAuth will do its magic and set a special hash called the Authentication Hash on the Rack environment which contains some info about the user as well as the OAuth credentials.
I'm making requests against the Instagram API from a mobile app. Currently, I'm just directing the user to the Instagram auth url and specifying the response type to be "access_token". Specifying this response_type is known as implicit auth.
Explicit auth: response_type=code
Implicit auth: response_type=access_token
I'm trying to get around needing to stand up a web service to facilitate explicit auth. This would be necessary because in explicit auth flow, the Instagram API needs to make a call to a redirect URL and pass in a "code" parameter. The code would then be used by my server-side code to make a final request to Instagram for an access token.
It's much more efficient for a mobile app to use implicit flow because no extra privately-maintained auth service needs to be stood up to handle it.
Instagram supports the following scopes:
basic - to read any and all data related to a user (e.g.
following/followed-by lists, photos, etc.) (granted by default)
comments - to create or delete comments on a user’s behalf
relationships - to follow and unfollow users on a user’s behalf
likes - to like and unlike items on a user’s behalf
When I make any other type of scope specification besides "basic", I get the following response when the user provides the credentials at the auth URL:
{"code": 400, "error_type": "OAuthException", "error_message": "Invalid scope field(s): basic+likes"}
Any combination of scopes other than "basic" gives the same response.
So, my question are these:
Is explicit auth required in order to specify scopes beyond "basic"??
Do I need to specify response_type=code in order for extended scopes to work?
Is this an Instagram limitation, or is it a limitation of OAuth 2.0?
Thanks in advance.
I just tried with implicit oauth flow with my client_id and scope=basic+likes and it worked. Replace the url below with your client_id and redirect_uri, and try.
https://instagram.com/oauth/authorize/?client_id=CLIENT_ID&redirect_uri=REDIRECT-URI&response_type=token&scope=basic+likes
May be Instagram is not allowing scope other than basic with new client accounts...
The answer here is that YES, scopes can be requested by implicit auth flow just fine. My problem was related to an OAuth component that I was using. The component was silently URL-encoding the value of the scope param, which was rejected by the Instagram auth endpoint. I updated the component (Xamarin.Auth) to accomodate a non-encoded scope param and issued a pull request.
Thanks to #krisak for providing a working URL that I could test.
So I had similar issues regarding the encoding of the + when trying to get permission for multiple scopes (basic, likes, comments). The solution I found was to use spaces between the individual scopes:
In the config/initializers/omniauth.rb file:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :instagram, 'TOKEN', 'SECRETKEY' , {:scope => "basic likes comments"}
end
Unfortunately starting from April 14th 2015 new clients cannot get access for any scope but basic. Official message could be found at the client configuration page:
Starting April 14th 2015, new clients need to request access to be able to post likes, follows, and comments. For more information please read the Developer Blog at http://developers.instagram.com.
The message refers following blog entry: http://developers.instagram.com/post/116410697261/publishing-guidelines-and-signed-requests
Instagram requires personal request to be sent to enable scopes for your application (client ID), but your app has to meet certain conditions described in the blog entry.
i have the same problem i found this solution and works fine
Go to Manage clients under instagram/developer. Then click edit under your app and uncheck Disable Implicit OAuth. It will now work as intended.
Instragram changed this for a reason though, so should probably think twice before going public with your app: http://instagram.com/developer/restrict-api-requests/
At this time, May 2015, YES.
As explained on instagram documentation about authentication:
The Instagram API uses the OAuth 2.0 protocol for simple, but
effective authentication and authorization. OAuth 2.0 is much easier
to use than previous schemes and developers can start using the
Instagram API almost immediately. The one thing to keep in mind is
that all requests to the API must be made over SSL (https:// not
http://).
You first need to register your app here and then, with CLIENT ID provided by instagram, you can do this request:
https://api.instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=code
Where you have to put your client_id and redirect_uri.
Just for information, in redirect_uri field you can insert also
http://localhost
you must be add "+" between scopes like that is "basic+comments+follower_list+likes+public_content+relationships"
UPDATE 2011/05/01:
I later carefully read through FourSquare's API document, and found it says:
(Note that the request parameters are not JSON, they are standard HTTP keys and values.) All authentication is via OAuth2, which means that all requests MUST be https.
Could this be the problem that I don't have a SSL connection in my development machine?
Hi all! I am trying to connect FourSquare via Omniauth, I followed the Railscast toturial below, and change the provider into foursquare. But the return is always "invalid_credentials". I googled around and find that there's a discussion about this on GitHub(links below), but seems no conclusion yet.
Anyone has idea what went wrong?
Rails.application.config.middleware.use OmniAuth::Builder do
provider :twitter, "XXXXXXX","XXXXXXX"
provider :foursquare, 'XXXXXXX',
'XXXXXXX'
end
RailsCast Link
Discussion on GitHub
I have a gem which will work with omniauth for foursquare.
https://github.com/arunagw/omniauth-foursquare
try to modify your provider initializer to point to your system's certificate path ("/etc/ssl/certs" on Ubuntu)
Rails.application.config.middleware.use OmniAuth::Builder do
provider :twitter, "XXXXXXX","XXXXXXX"
provider :foursquare, 'XXXXXXX', {:client_options => {:ssl => {:ca_path => "/etc/ssl/certs"}}}
end
Your config looks fine, although you probably don't want to share your token/secret keys publicly.
Does the callback url that you used when registering your foursquare oauth consumer match the URL that you're testing with? If you used http://www.foo.com/auth/foursquare/callback when registering your consumer, but are testing on your dev environment (http://localhost:3000/..), you'll see that auth/failure error.
Here's what I did: OmniAuth Invalid Response Error