Develop Reference

Latest omniauth-facebook gem breaks devise

ruby '2.6.3'
gem 'rails', '~> 6.0.2', '>= 6.0.2.1'
I'm using the latest omniauth-facebook and devise together
Gemfile:
gem 'devise'
gem 'omniauth-facebook'
Getting this error when starting the server:
/versions/2.6.3/lib/ruby/gems/2.6.0/gems/devise-4.7.3/lib/devise/omniauth.rb:12:in `': You are using an old OmniAuth version, please ensure you have 1.0.0.pr2 version or later installed. (RuntimeError)
The problem is that if I try to use older omniauth-facebook versions the server works but then the Facebook authentication stops working properly (e.g. fails including emails despite
scope: 'email', info_fields: 'email,name'
in devise.rb. )
I have tried many different version combinations of omniauth-facebook and devise. Either Facebook-authentication stops working properly or the server fails (see above).

Using
gem 'devise', github: 'heartcombo/devise', branch: 'ca-omniauth-2'
In Gemfile will fix the problem, awaiting a merge.
Updated my answer based on Carlos answer below, I was in a rush when I posted this using ref.
Thank You, Carlos for maintaining Devise.

This is Carlos, Devise maintainer. Please keep an eye on that Pull Request linked above, I just shared how you can test it in your app there:
I'd recommend using the branch ref instead of the git ref directly:
gem 'devise', github: 'heartcombo/devise', branch: 'ca-omniauth-2'
With that you should be able to run bundle update devise omniauth which should hopefully give you OmniAuth 2 and this Devise branch. That should allow the app to boot up.
Lastly, if you've copied over the Devise shared links on your app, or if you have your own links to initiate the OmniAuth authentication flow, you need to make sure they're changed to use a form. (you can do that by using link_to with method: :post option for example, or using button_to, if that works for your app.) Please note that this is a requirement change in how OmniAuth work due to a security issue, read more.
If you run into any issues please comment back in GitHub, and we'll work to get them resolved soon so we can release a new Devise version that fully supports OmniAuth 2. Thanks.

Devise 4.8.0 (shipped yesterday) resolves this.

Please downgrade OmniAuth:
gem "omniauth", "~> 1.9.1"
That's worked for me.

I'm pretty sure the issue is related to this devise PR, https://github.com/heartcombo/devise/pull/5327
Devise currently has a version check that doesn't include OmaniAuth > 1.x.x

Devise Security Extension

I'm trying to use devise security extension as it has the exact methods I'm looking for for my project.
I've followed all the instructions on the github page: https://github.com/phatworx/devise_security_extension, but when I try to run my project I get this error message:
/home/felipe/ruby-example-2.4.1/ball-consulta-de-notas-fiscais/vportal/config/initializers/devise.rb:285:in block in <top (required)>': undefined methodexpire_password_after=' for Devise:Module (NoMethodError)
I've added the method :password_expirable to my user.rb and uncommented the line # Should the password expire (e.g 3.months)
config.expire_password_after = 2.months on my devise.rb
I'm running rails 5.0.
Can you please help me?

You don't have devise_security_extension in your Gemfile.lock, also there is no gem 'devise' in your Gemfile as well.
So, just add two lines gem 'devise' and gem 'devise_security_extension' to your Gemfile. Then repeat actions from documentation:
Devise
Devise Security Extension
Hope this will help you!

"OAuth::Unauthorized" error when tryihng to get Google authentication to work with Rails "devise" gem

I’m using Rails 4.2.5 and I’m trying to enable authentication through Google to allow access to my application. I’m following the https://www.digitalocean.com/community/tutorials/how-to-configure-devise-and-omniauth-for-your-rails-application'>devise tutorial. I have added these gems
gem 'devise'
gem 'omniauth'
gem 'omniauth-digitalocean'
gem 'omniauth-google'
and likewise followed the other steps in the tutorial including adding google as an OAuth provider into my devise config in the config/initializers/devise.rb file …
config.omniauth :google, “myclientid”, “myclientsecret”
When I start and run my Rails server, I can see my sign up page at
http://localhost:3000/users/sign_in
and when I click “Sign in with Google”, which points at this URL — http://localhost:3000/users/auth/google, I get this error …
OAuth::Unauthorized
400 Bad Request
Extracted source (around line #216):
self.token_request(http_method, uri.path, token, request_options, arguments)
when (400..499)
raise OAuth::Unauthorized, response
else
response.error!
end
Anyone have any idea what I have overlooked?

I had the same issue.
The solution here worked for me.
Change from omniauth-google to omniauth-google-oauth2

Omniauth-Twitter 401 Unauthorized

I'm providing a "log in with twitter" link to /auth/twitter, which the omniauth gem handles.
On my development machine, this appears to work fine, redirecting to the twitter login page and returning to the callback set for the application at dev.twitter.com (http://127.0.0.1:3000/auth/twitter/callback).
I have a separate application registered for our test production server, with the only things different being the access token, secret, and callback. Accessing the /auth/twitter path on the production server results in
OAuth::Unauthorized (401 Unauthorized):
oauth (0.4.6) lib/oauth/consumer.rb:216:in `token_request'
oauth (0.4.6) lib/oauth/consumer.rb:136:in `get_request_token'
...
I've made sure that the server is indeed using my development key/secret by printing the ones used to the log as they are being set in /config/initializers/omniauth.rb. They match the ones given on the twitter page, and the callback registered is a valid address and points to the production server.
What could possibly be wrong here? Could this be a result of rate limiting?
Gemfile follows:
source 'https://rubygems.org'
gem 'rails', '3.2.3'
gem 'mysql2','0.3.11'
gem 'tweetstream'
gem 'koala'
group :assets do
gem 'sass-rails', '~> 3.2.3'
gem 'coffee-rails', '~> 3.2.1'
gem 'twitter-bootstrap-rails'
gem 'uglifier', '>= 1.0.3'
end
gem 'jquery-rails'
gem 'twitter'
gem 'omniauth-twitter'
gem 'omniauth-facebook'
gem 'thin'
/config/initializers/omniauth.rb:
puts "initializing twitter with #{TWITTER_KEY}, #{TWITTER_SECRET}"
Rails.application.config.middleware.use OmniAuth::Builder do
provider :twitter, TWITTER_KEY, TWITTER_SECRET
provider :facebook, FACEBOOK_KEY, FACEBOOK_SECRET,
:scope => 'read_stream,publish_stream'
end
The server logs the correct key and secret on the first line here.

In my case, the problem was that the server time was about 50 minutes behind, and the requests were being rejected because the timestamp was too old.
Updating the system time fixed it.

don't forget to check the check-box in the twitter settings:
"Allow this application to be used to Sign in with Twitter"
Hope this helps someone

My solution was that you need to have a callback url specified in the Twitter.com Application Management section. https://apps.twitter.com/ This will let localhost urls work as well.

My problem was that I had checked "Callback Url locking". Just un-checked it at it worked.

Rails 3: Removing a Gem from project?

I am currently using devise for my authentication solution however I really don't like it and want to use authlogic instead.
How can i remove the Devise gem from my project completely so i can then add the authlogic gem safely?

You can remove the Devise gem from your Gemfile and then run bundle install. The gem should then be removed.
To be safe, you can also run the following:
gem uninstall gem_name from the command line.

McStretch's advice is incomplete.
You will need to:
Remove the gem from your Gemfile
Remove the devise_for call in your config/routes.rb file
Remove the devise call from your app/models/user.rb file
Delete config/initializers/devise.rb
Remove any custom overrides for devise's controllers or views that you may have in app/controllers or app/views respectively.