I am using Omniauth in a Rails application for login, my omniauth.rb, is as show below:
OmniAuth.config.logger = Rails.logger
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, 'xxxxxxx', 'xxxxxxx'
provider :google_oauth2, 'xxxxxxxxx','xxxxxxxx'
end
When a user attempts to login (via Facebook or Goolge) and denies permissions, get the following error:
OmniAuth::Strategies::OAuth2::CallbackError
with this parameters:
{"error"=>"access_denied",
"error_code"=>"200",
"error_description"=>"Permissions error",
"error_reason"=>"user_denied",
"state"=>"60daee5f78d9cc28972050ae8ca8f950bb4ed5958302bcea"}
if the user accept, no problem and everything works fine.
I've tried some of the possible solutions related with this error, and listed on this website, but none solved my problem. For example:
How to rescue OmniAuth::Strategies::OAuth2::CallbackError?
Omniauth+facebook error when trying to cancel the popup
Please, I need help to solve this problem.
there is another thread (posted here) with a solution that could help you. But it always redirects to a general failure page for every type of error; meaning that regardless of the provider, it will redirect to the same error page.
How to rescue OmniAuth::Strategies::OAuth2::CallbackError?
If you are using Devise with OmniAuth you need to skip the extra omniauth.rb initializer and simply config.provider "KEY", "SECRET" inside of initializers/devise.rb and then carry on with your implementation.
Related
I have a Rails app that uses the omniauth-github gem. According to Github documentation, I can set the parameter allow_signup to false in the initial request, so that users can only log in to my app if they already have a Github account. This is my desired behavior.
The part I haven't been able to figure out is this: where exactly should I set this parameter? I have added it to the sign in link path ("auth/github?allow_signup=false"), but that doesn't work. Should this be in the provider :github line within config/initializers/omniauth.rb? How, exactly?
You should pass the parameter explicitly to provider function. So please try the following snippet.
provider :github, ENV['GITHUB_KEY'], ENV['GITHUB_SECRET'], allow_signup: 'true', scope: 'user,repo,gist'
This is how I got it to work:
# config/initializers/omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :github,
ENV['GITHUB_KEY'],
ENV['GITHUB_SECRET'],
{
client_options: {
authorize_url: 'https://github.com/login/oauth/authorize?allow_signup=false'
}
}
end
Apparently it also works with Devise, replacing provider with config.omniauth and placing this within config/initializers/devise.rb instead.
I am using the omnicontacts gem so that users can invite their contacts on my website. I have set it up successfully for Google.
I have setup an omnicontacts controller with the contacts_callback method as suggested by the gem's readme.
and a route: get "/contacts/:importer/callback" => "omnicontacts#contacts_callback"
At the initializer of omnicontacts.rb I have the followings:
require "omnicontacts"
Rails.application.middleware.use OmniContacts::Builder do
importer :gmail, "hidden-client-key", "hidden-secret-key", {redirect_path: "/contacts/gmail/callback"}
importer :facebook, "hidden-client-key", "hidden-secret-key", {:redirect_path => "/contacts/facebook/callback" }
importer :hotmail, "hidden-client-key", "hidden-secret-key", {redirect_path: "/contacts/hotmail/callback"}
end
The last two (facebook and hotmail) according to the gem's readme file do not need a redirect_path but just in case I tested both with it or not and I still get an error that the redirect_uri is invalid. As I was searching for a solution I found a place that the :redirect_path was instead :callback_path and tried that as well but no luck.
On the Microsoft app (for hotmail) I was getting a longer description on the error which was:
The provided value for the input parameter 'redirect_uri' is not
valid. The expected value is
'https://login.live.com/oauth20_desktop.srf' or a URL which matches
the redirect URI registered for this client application.
As a result I went on and registered a redirect URI for this client application. The URI was http://example.com/contacts/hotmail/callback which matches the callback path.
Still, getting the same error. Any clue?
Look like you miss to pass you domain details from where you like to access your application please see in image and try to add you domain and try again..
same you need to do it for hotmail app
The URL's seem right (Last updated them yesterday):
The files too:
omniauth.rb:
provider :google_oauth2, 'MY_CLIENT_ID.apps.googleusercontent.com', 'MY_CLIENT_SECRET',
:scope => 'https://mail.google.com/mail/feed/atom/'
Error: redirect_uri_mismatch
The redirect URI in the request: http://localhost:3000/auth/google_oauth2/callback did not match a registered redirect URI
header.html.erb
<li><%= link_to "Sign in with Google", "auth/google_oauth2" %></li>
routes.rb:
match '/auth/:provider/callback', to: 'sessions#omniauth_create'
But I'm getting this:
> Error: redirect_uri_mismatch The redirect URI in the request:
> http://localhost:3000/auth/google_oauth2/callback did not match a
> registered redirect URI
(Twitter and Facebook OmniAuth are working perfectly)
Not sure what is the problem. Any usggestions to fix this?
EDIT
I changed the URI to http...:
But still getting the same error.
It looks like the request is hitting http://localhost:3000/auth/google_oauth2/callback, but your specified redirect URI matching the similar pattern is for https. Adding http://localhost:3000/auth/google_oauth2/callback to your list of redirects may potentially solve that issue.
EDIT: Another potential fix is including a trailing / in the corresponding redirect URIs, which appeared to work in this case.
There's a relatively fresh issue with omniauth-oauth2 gem version 1.4 https://github.com/intridea/omniauth-oauth2/issues/81#issuecomment-151038559
Temporary fix is to downgrade that gem explicitly in the Gemfile
gem 'omniauth-oauth2', '~> 1.3.1'
foo
vi config/initializers/omniauth.rb
OmniAuth.config.full_host = 'https://localhost:3000'
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, 'google_client_id', 'google_client_secret'
end
Sharing a very simple copy-paste solution that worked for me.
I copied whatever I was specifying in my code as redirectUri i.e. "redirect_uri": "http://127.0.0.1:3001/" and pasted the value of this key inside the Google settings that ask for Authorized redirect URIs. This way I'm ensured that both the parameters are same.
If the url was computed, I would console.log() it and copy it from the console window before pasting it in for google settings.
I tried all of the above but didn't work for me. In the end noticed in my error message my call back was slightly different. I had a users between localhost:3000 and auth. Not really sure why.
http://localhost:3000/users/auth/google_oauth2/callback
Changed it, waited 30 mins and it worked.
This is the error that I see when trying to login via facebook, I always see that error. Can't seem to get rid of it:
Could not authorize you from Facebook because "Csrf detected".
I put a skip:
skip_before_filter :verify_authenticity_token
on the Omniauth callback, but still I get the error. This is in both local and prod (heroku) environments. I have set the heroku environment variables. Any idea?
I had the same issue you have on the same day!!
I thought it was a gem update or something like this but not at all.
With a deep debugging I found that omniauth "Callback phase initiated." was called twice.
It was due to a stupid double initialization of
provider :facebook, .....
One in config/initializers/devise.rb and in another initializer.
I hope it will give you an hint to find your error
I found that the problem was the gem was too new and passing a STATE header to facebook, which fb didn't want. I rolled the omniauth-facebook gem version back and it worked
Are you sending a p3p header maybe add...
before_filter :set_p3p
private
def set_p3p
headers['P3P'] = 'CP="ALL DSP COR CURa ADMa DEVa OUR IND COM NAV"'
end
to your application controller
Using OmniAuth, Rails 3.1.0.rc2, mysql2, ruby 1.9.2.p0.
I still get this when redirecting back to my site.
/auth/failure?message=invalid_response
Omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :twitter, 'XXXXX', 'XXXXXXXXXXXXX'
I've checked the keys 100x and they are correct. Still getting the invalid response. Any of the questions I see don't seem to work.
Any help would be greatly appreciated!
Thanks. [:
If any new information is needed, just ask.
If you use this request.env['rack.auth'] in your controller, change this to request.env['omniauth.auth'] - this were explained here OmniAuth
this solution works for me.
I had a similar problem. It turns out that I actually had some runtime errors in my Users::OmniauthCallbacksController#twitter method:
I was calling a method on a non-existent method on a nil object and this was raising an exception, but either devise or omniauth were swallowing the exception.
I ended up wrapping my entire method body in a begin/rescue clause and printing out the exception.
However, if you are getting Invalid Credentials then it's likely that the twitter-issued oauth key has expired and so your user should really be calling /users/auth/twitter again.
Are you sure you are not putting the keys in the wrong order?
Rails.application.config.middleware.use OmniAuth::Builder do
provider :twitter, TW_CONSUMER_KEY, TW_CONSUMER_SECRET
end
If not, let's quickly test your credentials with the Twitter gem:
# twitter.rb -- Test credentials
require "rubygems"
require "twitter"
# Get a user's most recent status update
puts Twitter.user_timeline("YOUR_USER").first.text
Twitter.configure do |config|
config.consumer_key = TW_CONSUMER_KEY
config.consumer_secret = TW_CONSUMER_SECRET
end
# Update your status
Twitter.update("I Love ruby!")
If it works, then your credentials are fine... you should keep looking into Rails...
Thank you Christian for your answer. It was very helpful for me. But if it gives a 401 error trying to update, retweet, etc you will have to include
config.oauth_token = 'MY_OAUTH_TOKEN'
config.oauth_token_secret = 'MY_OAUTH_TOKEN_SECRET'
to Twitter client configuration. Look at https://dev.twitter.com/discussions/1522
So finally you will have
Twitter.configure do |config|
config.consumer_key = 'TW_CONSUMER_KEY'
config.consumer_secret = 'TW_CONSUMER_SECRET'
config.oauth_token = 'MY_OAUTH_TOKEN'
config.oauth_token_secret = 'MY_OAUTH_TOKEN_SECRET'
end
It worked for me
and of course your Twitter app has to have Access level = Read and write. You have to change this in dev.twitter.com if you want to update the status, retweet, etc
Have you tried omniauth-twitter gem?? https://github.com/arunagw/omniauth-twitter