I've been trying to implement basic facebook login into a rails app that already users devise via their tutorial on integrating omniauth-facebook: https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview
However, as far as I can tell after following along with the full setup, I'm stuck with the error in the js console:
XMLHttpRequest cannot load https://www.facebook.com/dialog/oauth?client_id=...
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:3000' is therefore not allowed access.
I've been stuck all day trying to resolve this, via what is my understanding to be a CORS issue.
However, I've had no success with rack-cors (https://github.com/cyu/rack-cors) and attempting to manually set the headers in the application controller hasn't yielded any results.
I'm unsure where to proceed from here, and somewhat baffled that I haven't come across a solution yet for what must be a pretty standard implementation.
Any help or ideas would be greatly appreciated!
Thanks :)
Try restarting your server. :P
If that doesn't work, install the rack-cors gem and follow the relevant config/application.rb modifications then restart your server.
https://github.com/cyu/rack-cors
Related
Hello i've run into a bit of a problem with the omniauth-twitter gem, i have followed the documentation to a t and when i go to localhost:3000/auth/twitter i get a no matching route error. I've googled this issue for hours to no avail, I've searched stack overflow to no avail, the only lead i managed to get was on issue on github which was answered with a link to a page which no longer exists all other "solutions" involved misconfiguring devise, which im not even using.
I literally only have the bare minimum code from the documentation that should at least redirect me to the twitter login.
Might this have something to do with the 3-legged oauth being enabled in my twitter app in the developer portal?
Has anyone else run into this issue?
I finally found the solution:
The issue originates with the new CSRF protections due to Omniauth vulnerabilities, to use omniauth with rails for twitter you must use the
omniauth-rails_csrf_protection gem by Cookpad
I'm trying to use Wordpress to authenticate my Rails application users with the following Omniauth plugin:
https://github.com/jwickard/omniauth-wordpress-oauth2-plugin
I've followed the instructions carefully, and duplicated his example, but it doesn't work. Which is really surprising, because there's just not that much to it. However, I've found several threads on here like this one, that talk about the same problem I have:
Devise, OmniAuth & Facebook: "Not found. Authentication passthru."
When I click the "Sign in with Wordpress" (which is automatically inserted in my Devise sign-in page), I simply get a 404, with "Not found. Authentication passthru," which is a stub response for the passthru method in the Devise sources. Routes rake just fine, and look like all the examples. I've restarted the server dozens of times.
Despite several attempts to set site: and authorization_url: in the client_options, in both my devise config, and the plugin sources directly, my app never redirects to my Wordpress site. I've got about 10 hours into screwing around with this, and I don't know what's supposed to be responsible for actually sending me to the site to DO the authentication. Further complicating figuring this out is that almost every reference I can find to redirection in this sort of scenario is about the callback to my Rails site, after the authentication is done. I can never get that far.
There's a lot of confusing references to this problem on SO and the internet at large. There's some talk about making a "real" passthru or action_missing method in my OmniauthCallbacksController, but that seems to be outdated information. There's a lot of talk about making sure that I've defined the omniauth_providers in my User model, and I've tried it with and without, but that's not in any of the documentation about this plugin.
I've been trying to look at the plugin's strategy file, and it just doesn't seem that different than other Oauth2 plugins for Facebook, Google, or whatever, that I've been reviewing. It seems like there's a very simple thing I need to set in order to make this all work, but I can't find it, and I've run out of ideas on how to track it down. The plugin was last updated about 5 years ago. Does anyone still use this with modern versions of Devise, Omniauth, and Wordpress? If so, is there a clue you can give me to make it work?
I finally started tracing through the gem, and found where it was failing. As I searched on those further problems, I finally figured out that there were about 25 forks of this gem, and many of them addressed the problem. I used this particular one: https://github.com/bkno/omniauth-wordpress-oauth2-plugin
I've been attempting to get Ruby on Rails 4.1 to talk to our salesforce instance using the gem omniauth and gem restforce as per this instruction link here.
All seems to be going alright, I got things up and running, with a hyperlink that takes me to a salesforce login and seems to return to the callback correctly. However when it does i get the error:
OAuth2::Error
Missing_OAuth_Token
This leaves me really confused and mystified, my oauth token should surely be supplied by the callback?
I have my client_id and client_secret stored in the app and they appear to load in correctly. Adding my salesforce login and password through omniauth should provide all it needs right? I don't see anywhere else in the omniauth gem docs or restforce gem to stick an oauth token... and even then i'm not sure where i'd get it from.
I'd read that there had recently been some authentication failures with the gem omniauth and there is a current issue request to put out a new version. If I specify my gem to pull directly from the github. I get a similar bit distinct error that I have posted about here.
Could anyone give any advice on:
Where I should expect the missing Auth_Token to come from (I really can't work out if I'm supposed to be providing it in my app or if that's what comes back from salesforce
How would be best to go about debugging this? (i'd thought about using debugger but as it pings to code outside of my rails app i'm unsure how much help this would be.
What the correct way would be to go about setting this up properly!
Any help would be greatly appreciated!
This was actually a bug in the omniauth-salesforce gem - https://github.com/realdoug/omniauth-salesforce/pull/13.
There was a minor change to the way the Salesforce API worked which was resolved in the above pull request. You must have upgraded your gem which solved the problem.
I have been working on setting up facebook authentication for my rails app and while testing, after logging-in with my facebook account, I keep getting this error:
OAuth2::Error:
{"error":{"message":"This authorization code has been used.","type":"OAuthException","code":100}}
I'm not really sure where to begin with this, but can't seem to find anything else online about it. Any guidance would be appreciated, happy to provide more info if it would be useful.
I had this issue as well. I was seeing the "(facebook) Callback phase initiated." message twice in my Rails logs. It turns out that I was initializing FB authentication twice (I am using Devise and Omniauth-Facebook), and I'm guessing one of these was attempting to reset the access token.
Disabling the initializer in Omniauth-Facebook (config/initializers/omniauth.rb) fixed my issue.
This is due to Facebook changes that have been optional up until now but will roll out 12/5/12 for everyone. From the Developer Roadmap for the Dec '12 breaking changes:
New security restrictions for OAuth authorization codes
We will only
allow authorization codes to be exchanged for access tokens once and
will require that they be exchanged for an access token within 10
minutes of their creation. This is in line with the OAuth 2.0 Spec
which from the start has stated that "authorization codes MUST be
short lived and single use". For more information, check out our
Authentication documentation.
You'll need to update your app to account for this.
Cheers
This bug occurred just after the last facebook push and has been reported to facebook just this morning.
So I guess we just have to wait and, in the meantime, post more details to this report and follow it to both help and solicit facebook folks to solve this issue!
I was incorrectly initializing OmniAuth twice, calling config/initializers/omniauth.rb twice.
This would add OmniAuth::Builder twice to the middleware stack. With recent Facebook changes, this started failing with error 100.
Making sure OmniAuth::Builder got added once I managed to solve this issue.
To double check your middleware stack, run this:
rake middleware
I had the same problem and finally found what was the issue in my case.
So for those, who has this problem and uses just Omniauth without Devise, the root cause of the problem might be in an incorrect route for redirection.
Check you server development.log
Find where it redirects (grep by "Redirected to")
Here is the main point: Check in the log if the callback URL is correct
In my case, in routes.rb I had, for example:
get "mycontroller/home"
which is okay, but in my SessionController I also had:
def create
auth_hash = request.env['omniauth.auth']
user = User.from_omniauth(auth_hash)
session[:user_id] = user.id
redirect_to "mycontroller/home"
end
So I made it working by changing this line in the controller from:
redirect_to "mycontroller/home"
to
redirect_to "/mycontroller/home"
So I was able to work around this. It seems that my application was processing the facebook authentication, then trying to do it a second time and producing this error. Strange since I was trying to redirect to root_url. In any case, changing the page that I was redirecting to from "root_url" to "/" after storing the user info in my database seemed to make all the difference.
I would suggest checking your development log to see if you're getting a similar error.
I'm trying to use authenticate_with_http_basic in a Rails 2.3.4 app, and the username and password aren't being picked up. I did a little detective work and figured out that it's failing because there's no authorization header in the request. I tried adding the RewriteRule suggested in the docs:
RewriteRule ^(.*)$ dispatch.fcgi [E=X-HTTP_AUTHORIZATION:%{HTTP:Authorization},QSA,L]
I haven't had any luck, though, either with Apache/Passenger or Mongrel. I also didn't have any luck trying authenticate_with_http_basic in a Rails 3 app. If I change it to authenticate_or_request_with_http_basic, credentials given at the prompt work, but it ignores any supplied in the url. (Which makes sense, since it's calling authenticate_with_http_basic.) I can't find anything in my code that should be messing with the request, and it seems odd to me that it isn't working locally with Mongrel. Any suggestions?
I would strongly recommend using an authentication gem/plugin like Devise or Authlogic. They both support basic HTTP authentication.
Devise: https://github.com/plataformatec/devise and
http://railscasts.com/episodes/209-introducing-devise
Authlogic: https://github.com/binarylogic/authlogic and
http://railscasts.com/episodes/160-authlogic
For any future viewers: if it appears that Rails is receiving something different for the Authorization header than you think you are sending, check to ensure you aren't using .htaccess/.htpasswd files. The browser apparently remembers the credentials and it overrides anything you send!
Just spent like 3 hours trying to figure this out. I sure hope it helps someone else down the line :-)