For the past week or two we've had issues signing users via Google Oauth. The user when redirected to Google if already logged in via Gmail is redirected back to our site with the following url.
https://mywinningtrade.com/auth/failure?message=invalid_credentials&origin=https%3A%2F%2Fmywinningtrade.com%2Fauth%2Ffailure%3Fmessage%3Dinvalid_credentials%26origin%3Dhttps%253A%252F%252Fmywinningtrade.com%252Flogin%26strategy%3Dgoogle&strategy=google
Normally I would expect this to be because the account credentials are wrong, but like I said before I was already signed into Gmail.
Added on top of that is that there are times when it does work but only intermittently. I am unable to localize the event of when it happens. I've tried several different emails. The current gems we use are...
gem "oauth", "~> 0.4.7"
gem "omniauth-openid", "~> 1.0.1" # Google
Has anyone else experienced this issue or could know why this is causing it. I would post code but there has been zero change from the time the google OAuth was working till now.
This question is technically about Google OpenID solution, as opposed to OAuth.
As for the answer, it appears to me that the Google IDP issued a successful authentication statement that was not accepted by MyWinningTrade. There could be a configuration issue w/ your library, related to issue https://groups.google.com/forum/#!msg/google-federated-login-api/qXZDD7_K7jU/LfIp5JhFLAoJ
Unfortunately, from the time since last update, I am not sure if omniauth-openid is being actively maintained, so if this issue is affecting you, I hope you know how to rebuild your gem with the proper fixes. Let me know if I can help you sort out the change.
Related
I use Fabric to do Twitter single sign on for my app as well as use TweetUI to display a Twitter Timeline elsewhere in my android app.
Last night while I was messing around with some stuff, somehow both stopped working. I am getting the following errors:
1) For my single sign on flow: E/Twitter﹕ Authorization completed with an error
com.twitter.sdk.android.core.TwitterAuthException: Authorize failed.
2) For my Tweet timeline activity: E/Twitter﹕ Failed to get app auth token
com.packagewriters.mypackage E/TweetUi﹕ 403 Forbidden
com.twitter.sdk.android.core.TwitterApiException: 403 Forbidden
--- This one is weird because Timelines use guest authentication only...so even if I messed up my API keys and what not, this should still work?
I triple checked EVERYTHING and reverted all my changes. I pretty much do everything the Fabric docs tell me to do, not to mention it worked for months before tonight. I'm not sure if I somehow accidentally touched something that messed everything up or if Twitter updated/the authentication servers are down/etc...help please?
Thanks!
Ok so for Single Sign On, i finally fixed it. You have to go to your fabric.io dashboard and get your key/secret and HARD CODE it into your activity/fragment where you integrate Twitter Log in.
This is weird bc Fabric is supposed to do it for you and I've never had to hard code it in before to get it to work. Something fishy is going on here... hopefully it will get fixed soon.
Tweet Timeline works now. Had to open up the Fabric plugin, navigate to the Embed Tweets subsection and let a gradle sync run its course...
I have been using oauth 2.0 with Linkedin as the provider. Now as of today suddenly the authentication is no longer working. Looked on Linkedin its API profile page and figured that they have been updating their program.
The error that I am getting is the following:
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access.
This is in JS in the Console. I am wondering if this is the actual error or if there is another error.
I am using Rails on the back-end
LinkedIn February 12th 2015 update effects LinkedIn applications between May 12th - May 19th, 2015. Maybe, your application affected today.
I'm getting error after updating. Your application has not been authorized for the scope "r_fullprofile". The update affected somethings.
https://developer.linkedin.com/support/developer-program-transition
Figured it out! Not only on linkedin side, but also in your initializers you have to be careful with what you are asking for. So r_fullprofile is not longer part of Linkedin API (you have to ask linkedin to be able to make it work). There are also other API things that no longer work (e.g. r_connections), so be really careful as Linkedin has changed this policy.
In addition, you should not forget to reset the server to reinitialize the initializers.
We integrated our application with LinkedIn for sign on over 6 months ago and it's been working fine. Today, we went to developer.linkedin.com for our application to update the "OAuth 2.0 Redirect URLs" to add an additional URL. We previously had the production domain, test domains, and localhost entered. Now, when we save, we receive the "One or more urls are not allowed." error message. Through process of elimination, it appears to not approve our test domain "relode-dev.azurewebsites.net".
I've checked with SURBL and none of the domains we're entering are blacklisted.
Can someone explain why "relode-dev.azurewebsites.net" is no longer valid when it was for 6 months?
After experimenting some more, it looks like LinkedIn doesn't allow any *.azurewebsites.net domains any more. I'm not sure why they created this policy. For now, the workaround seems to be adding your own custom domain to your Azure website and using it in the LinkedIn OAuth 2.0a Redirect URL. You can follow the article at http://azure.microsoft.com/en-us/documentation/articles/web-sites-custom-domain-name/ to set up your custom domain.
If LinkedIn reads this, it would be nice if you notified third-party developers when you make policy changes like this. We've had to scramble for the past few days to workaround this change.
edit: fixed the url to the azure help page (it had an extra word on the end causing it to 404).
I am trying to connect facebooker and authlogic using this http://github.com/kalasjocke/authlogic_facebook_connect
I was having problems so began to debug the facebooker gem code. I realized that no params are getting set using the facebook login that have anything to do with facebook. I can push the facebook login button, it brings up the facebook window as it should and I accept/sign into facebook. Then in facebooker/rails/controller.secure_with_facebook_params! I print out params, this is what shows:
authenticity_token<pulled out token number>actioncreatecontrollerperson_sessions
person_sessions is the name of my user_sessions. Not sure if this makes a difference though...
This is it. Clearly there should be other parameters here. I checked to make sure that my application numbers are all OK with facebooker.yml (although honestly I don't understand why that would matter as I'm not yet making a facebook app, just want to use connect).
Any ideas?? I would be SOOOO thankful if someone could help me out... any clues would be useful!
K
Argh I think I finally figured it out! Since I don't have an app yet then set_asset_host_to_callback_url in facebooker.yml should be set to false. However, after this is done, you have to close browser as it seems to store previous session. Now to fix my next problem!
I had this same issue, my problem was that I had set a Site Domain on my application settings page on Facebook itself... I wasted lots of time fiddling with my code and my settings in my rails app when it was a facebook setting all along. Big up to Alex Neth on the authlogic google group in the end. So what I had was
Application ID 150132505999999
Application Secret e7fb8001d80e99999999999999999999
Site URL http:// localhost:3000
Site Domain localhost
and what I should have had was
Application ID 150132505999999
Application Secret e7fb8001d80e99999999999999999999
Site URL http:// localhost:3000
Site Domain
duh, probably an obvious one but I hope this helps someone out somewhere.
(I've had to break up the site url there for spam issues on this site)
I am using the ruby twitter gem and oauth to gain access to users twitter accounts. In my code, I have:
unless #user.twitter_authd?
oauth = Twitter::OAuth.new('token', 'secret')
session[:twitter_request_token] = oauth.request_token.token
session[:twitter_request_secret] = oauth.request_token.secret
#twitter_auth_url = oauth.request_token.authorize_url
end
where token and secret have my actual token and secret inserted. When I click on the link to the #twitter_auth_url, I am taken to twitter and asked to grant access. I click allow and then twitter redirects me to my callback URL http://www.mydomain.com/twitter_callback/?oauth_token=fmy2aMvnjVgaFrz37bJ4JuB8r5xN79gsgDQRG4BNY which then hits this code:
oauth = Twitter::OAuth.new('token', 'secret')
logger.info("session[:twitter_request_token] = #{session[:twitter_request_token]}")
logger.info("session[:twitter_request_secret] = #{session[:twitter_request_secret]}")
oauth.authorize_from_request(session[:twitter_request_token], session[:twitter_request_secret])
session[:twitter_request_token] = nil
session[:twitter_request_secret] = nil
#user.update_attributes({
:twitter_token => oauth.access_token.token,
:twitter_secret => oauth.access_token.secret,
})
redirect_to root_path
The twitter request token and secret are being set just fine. However I end up with an authorization error:
OAuth::Unauthorized in MainController#twitter_callback
401 Unauthorized
RAILS_ROOT: /Users/TAmoyal/Desktop/RoR_Projects/mls
Application Trace | Framework Trace | Full Trace
/Library/Ruby/Gems/1.8/gems/oauth-0.3.4/lib/oauth/consumer.rb:167:in `token_request'
/Library/Ruby/Gems/1.8/gems/oauth-0.3.4/lib/oauth/tokens/request_token.rb:14:in `get_access_token'
/Library/Ruby/Gems/1.8/gems/erwaller-twitter-0.6.13.1/lib/twitter/oauth.rb:29:in `authorize_from_request'
/Users/TAmoyal/Desktop/RoR_Projects/mls/app/controllers/main_controller.rb:70:in `twitter_callback'
The code is failing at this line:
oauth.authorize_from_request(session[:twitter_request_token], session[:twitter_request_secret])
when it tries to get an access token. You can see the source code of authorize_from_request here. I am not sure why this is happening. Anyone have ideas?
A bit late to the party but just ran into the same issue myself. I tracked the issue down to the setup of my OAuth app in Twitter. I had initially not specified a callback URL as I was unsure of it.
Once I had setup my rails app I went back to find Twitter had assumed I was a desktop application as I hadn't specified a callback URL. Once I changed this to website and entered a callback URL I stopped getting 400s.
If you're getting error 401 - OAuth::Unauthorized, make sure you edit the settings of your Twitter application as follows:
Application Type: Browser
Callback URL: http://127.0.0.1:3000/auth/twitter/callback
this is an issue about time synchronization of your system with twitter server.
Twitter doesn't allow localhost as part of a valid callback URL.
Instead use http://127.0.0.1:3000/auth/twitter/callback
Hope this helps
This was one of the most annoying things to debug that I have come across. I was outputting in a couple places by accident because the URL's are dynamic and they happened to not be defined in my test case (i use this to display chart data and there is not enough right now so the google chart api URL's are blank). This caused my browser to make multiple requests to my localhost when some pages were loaded. Somehow that made the oauth process crap out. Obviously there is no way for people on S.O. to know about my application specific issue so I had to answer my own question.
I had this same problem and none of the suggestions in this thread worked for me.
I found the problem for me was the TIMESTAMP on my request. The mobile device I was running my scripts on had a jacked up clock. When I updated the system time on my device to the correct time (i.e. now), all of my requests came back "200 OK" instead of "401 Unauthorized".
This problem seems to be caused by twitter not being able to handle connection keep-alive correctly. Make sure you set connection=close http header in the request to twitter. Wasted a weekend debugging this.
not enough info for me, but when was twitter gem last updated? twitter changed their oauth 'stuff' in mid may approx. perhaps you have an old one. I'd update your question to show the callback_url, and make sure you have the right token and secret, which it looks like you don't have.
also, did you put the right callback url in your twitter app page? alot of times that screws you up too.
if that fails use mbleighs twitter_auth instead. it worked for me and is pretty slick.