Devise/OmniAuth/Twitter - OAuth::Unauthorized (401) - twitter

I'm trying to set up a Twitter login using Devise/OmniAuth, following the latest RailsCast for this. I've registered the Twitter developer app, using the callback url of: myiphere:port/users/auth/twitter.
I've followed everything to the T on the RailsCast, but each time I click the Sign In With Twitter link, I immediately get OAuth::Unauthorized 401 Unauthorized on the myiphere:port/users/auth/twitter page.
I think I've defined the key correctly using export TWITTER_CONSUMER_KEY=MYKEYINSERTEDHERE export TWITTWR_CONSUMER_SECRET=MYSECRETINSERTEDHERE rails server. I've tried most every solution I can find on the internet, all to no avail. Almost all of the answers are for returning back to their site once logged in, I can't get to any kind of Twitter screen, just the 401 error on the /users/auth/twitter page.

I had this same issue; in my case, I had the API keys set up correctly, but had not set a callback URL in the Twitter setup at https://dev.twitter.com/apps/, under the "Settings" tab.
Oddly, it doesn't appear that the callback URL needs to point anywhere useful; Twitter apparently just uses its existence as a signal of some sort.
The debugging information provided by omniauth-twitter leaves something to be desired.

I got it to work by removing the brackets and ENV from the initializer DEVISE.RB:
config.omniauth :twitter, "APP_ID", "APP_SECRET"
my callback specified in DEV Twitter settings:
http://www.mysite.com/users/auth/twitter/callback
In routes.rb
devise_for :users, controllers: {omniauth_callbacks: "omniauth_callbacks"}
My LogIn link:
<%= link_to "Log in with Twitter", user_omniauth_authorize_path(:twitter) %>

Answering my own question here, it seems that I just needed to add the actual keys in place of TWITTER_CONSUMER_KEY and TWITTER_CONSUMER_SECRET, and not the way I'd originally tried to add them. I also removed the ENV[] from each one, I think that may of helped.

You need to add the figaro gem in order to use environmental variables like in the video. The link will walk you through how to set them up.
http://railsapps.github.io/rails-environment-variables.html

For me, the issue was that "Allow this application to be used to Sign in with Twitter" wasn't checked (Under app page > settings tab)

Related

Omniauth-twitter with Rails 5 stopped working! OAuth::Unauthorized 403 Forbidden

Everything was working fine and Omniauth has stopped working suddenly. I didn't make any code changes.
I checked Twitter Apps Settings:
I have callback url to my main production url, and Callback URL Locked to No. All keys are correct.
Any idea? 🤔
OAuth::Unauthorized
403 Forbidden
I have been able to solve it (also for development) adding this urls:
For production:
https://mydomain/users/auth/twitter/callback
http://mydomain/users/auth/twitter/callback
For development:
http://localhost:3000/users/auth/twitter/callback
Now on twitter callback URL, you must have to add 2 callback URLs and the callback URL must be the path of your application.
I had faced the same problem, now on adding the 2nd callback URL, it's fixed.
For more information check: https://twittercommunity.com/t/action-required-sign-in-with-twitter-users-must-whitelist-callback-urls/105342
Adding a second Callback URL to https://mysitecom/auth/twitter/callback fixed the issue (for now)
———-
Update: This actually solved the problem for about 10mins. Experiencing the same problem now
I'm working in development not production and encountered this problem using the omniauth and omniauth-twitter gems. But with these two callback URL's:
http://127.0.0.1:3000
http://localhost:3000/auth/twitter/callback
the problem is avoided. Strange, since the RailsApps tutorial warns against using 'localhost' at Twitter.
This is almost certainly related to this change: Action REQUIRED - Sign in with Twitter users must whitelist callback URLs.
From the link:
In 30 days, we will begin enforcing the whitelist such that any URL
not added to the whitelist will fail. This means that URLs can no
longer be programmatically overridden in calls to the
oauth/request_token endpoint 112. The callback_url parameter provided
must match one of the whitelisted callback URLs. While we generally
provide longer than a 30-day notice for changes like this, this
timeline allows us to continue to provide a safe and secure experience
for developers and our users.
You can add callback URLs to your whitelist on the applications
settings page on apps.twitter.com 488.
Enable the setting “Enable Callback Locking” to test that only URLs
you have whitelisted are accepted. Callback URLs will automatically be
locked and the whitelist will be enforced starting on June 12th. The
“Enable Callback Locking” setting will be removed on this date.
I could not get this to work in development with 127.0.0.1 so I ended up creating a DNS A record that pointed to 127.0.0.1 (e.g., dev.example.com) and used that in the callback url settings on https://apps.twitter.com.
Unicode domain name. Twitter give me error: unsupportable domain name format. I need exactly match callback url, sending by my server and callback url in my twitter app.
Solution:
config/initialization/twitter.rb
OmniAuth::Strategies::Twitter.class_eval do
def callback_url
return my_custom_twitter_app_callback_url_string_variable
end
end
I just resolved the issue by putting https://domain/oauths/callback in the Callback URLs list. Make sure you enable the callback locking option.

Devise Oauth Twitter: OAuth::Unauthorized Forbidden 403

I am trying to implement Oauth Twitter using Devise.
I have created app on twitter
I have set callback url to: http://localhost:3000
I have added this to config\initializers\devise.rb
config.omniauth :twitter, "key", "key secret"
Sign in with Twitter automatically appears at this route: /users/sign_up/
But on clicking it I get this error
key and key secret are correct
I also tried deleting and creating new app.
I cannot get it fixed
Help would be greatly appreciated
Here it says that https needs to be setup.
So I followed This to set it up. But getting the same error
Turns out that in twitter app settings Callback URL Lock was set to Yes by default. Switching it to No fixed the error.
Thanks to kubido for helping me out to close the issue on github
You can try to add these in the Callback URLs in https://apps.twitter.com/
http://localhost:3000/auth/twitter/callback
http://127.0.0.1:3000/
http://127.0.0.1:3000/auth/twitter/callback
Worked for me after almost an hour!
I got these URLs after failing the log-in. I checked the request_options. One way to do it is using BetterErrors gem.
I had been facing the same issue,
eventually i fixed it by adding the following callbacks,
http://127.0.0.1:3000/auth/twitter/callback
http://127.0.0.1/
http://127.0.0.1/auth/twitter/callback
http://localhost:3000/auth/twitter/callback
and it worked like a charm,
You need set the callback url to: "Your url"/auth/twitter/callback

LinkedIn OAuth 2.0 Redirect URL

I'm attempting to sign in users with the LinkedIn Omniauth 2 gem. I have tried a few different possibilities for the redirect, read several articles and nothing is working.
I'm trying to test this locally.
Rails 4 app
Gems include:
omniauth
omniauth-linkedin-oath2
A few attempts of the redirect URL to put in the box includ:
https://www.linkedin.com/uas/oauth2/authorization?client_id=759dczzx23nyic&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Flinkedin%2Fcallback&response_type=code&scope=r_basicprofile+r_emailaddress&state=8da572e31a8e66e6b1de54acddd14937d976ed06d7ed3217&client_id=*
= API Key that needs to stay private
http://localhost:3000
http://localhost:3000/
http://www.localhost:3000
https://localhost:3000
https://localhost:3000/
https://www.localhost:3000
I read both of these articles the entire way through, but still couldn't attempt to find the correct way to redirect it.
https://developer.linkedin.com/forum/register-your-oauth-2-redirect-urls
https://developer.linkedin.com/forum/oauth-20-redirect-url-faq-invalid-redirecturi-error
Any help in what I need to change would be great.
They need to match exactly what you are sending:
http://localhost:3000/auth/linkedin/callback
In case of Linkedin Authorized Redirect URLs should be in form of:
http://localhost:8080/your-project-name/auth/linkedin
After authentication if you want to redirect to a specific page then
http://localhost:8080/your-project-name/that-page-url
I was having a similar issue and kept getting "Invalid redirect_uri. This value must match a URL registered with the API Key." error when using Auth0
I added URL below to LinkedIn's list of allowed callback then it worked.
https://"Insert your Client Domain Name from Auth0"/login/callback

Rails 3 — Omniauth routing error, works on local but not on my server

I'm trying to use Omniauth to allow users to login to my Rails app using Facebook. Locally, omniauth automatically redirects the browser to Facebook for authentication using the following link:
<%= link_to "Sign in with Facebook", "/auth/facebook" %>
It redirects back as is expected (no callback error) and I am then able to log out.
The issue occurs when I try to upload my application to my server. For some reason Omniauth isn't kicking in and it doesn't do the redirect. Instead it just points the browser to a non-existant directory in my app (http://sharedchecklist.com/auth/facebook) and spits out this error:
Routing Error
No route matches "/auth/facebook"
I've done a lot of searching over the past few hours to try and figure out what the issue could be. I've made sure to changee the the site and canvas URLs to my app's address. It isn't an issue with callback.
It's almost like omniauth isn't there…
Has anyone encountered this issue before? I'm fairly new to rails but I've been able to figure through any issues before which makes this one all the most frustrating.
If the url would help, here it is: http://sharedchecklist.com/
Thanks for any assistance you can offer.
You need to tell Facebook where to redirect to. If it works in development you probably have your site url set to "http://localhost:3000". Change it to "http://sharedchecklist.com" and it will work. Of course it then will break in development. Therefore I created a new "Test" Facebook application just for my testing which always redirects to localhost.
This seems to happen if config/initializers/omniauth.rb is missing.
I have that file on the ignore list and a sample file as omniauth.rb.sample. I forgot to create the omniauth.rb file and I was getting the same error.
If you want to test on local host and keep your production environment working:
1- Create a new Facebook app only for development purposes
2- Set the Site URL field to: http://localhost:3000/
3- Then edit your /config/initializers/omniauth.rb file to match the following:
OmniAuth.config.logger = Rails.logger
Rails.application.config.middleware.use OmniAuth::Builder do
if Rails.env.development?
OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE
provider :facebook, 'DEV_APP_ID', 'DEV_APP_SEVRET'
else
provider :facebook, 'DEPLOY_APP_ID', 'DEPLOY_APP_SECRET'
end
end
Finally relaunch rails server and you should be able to login through your new app.

Keep getting OAuth::Unauthorized error when using oauth and twitter ruby gems

I am using the ruby twitter gem and oauth to gain access to users twitter accounts. In my code, I have:
unless #user.twitter_authd?
oauth = Twitter::OAuth.new('token', 'secret')
session[:twitter_request_token] = oauth.request_token.token
session[:twitter_request_secret] = oauth.request_token.secret
#twitter_auth_url = oauth.request_token.authorize_url
end
where token and secret have my actual token and secret inserted. When I click on the link to the #twitter_auth_url, I am taken to twitter and asked to grant access. I click allow and then twitter redirects me to my callback URL http://www.mydomain.com/twitter_callback/?oauth_token=fmy2aMvnjVgaFrz37bJ4JuB8r5xN79gsgDQRG4BNY which then hits this code:
oauth = Twitter::OAuth.new('token', 'secret')
logger.info("session[:twitter_request_token] = #{session[:twitter_request_token]}")
logger.info("session[:twitter_request_secret] = #{session[:twitter_request_secret]}")
oauth.authorize_from_request(session[:twitter_request_token], session[:twitter_request_secret])
session[:twitter_request_token] = nil
session[:twitter_request_secret] = nil
#user.update_attributes({
:twitter_token => oauth.access_token.token,
:twitter_secret => oauth.access_token.secret,
})
redirect_to root_path
The twitter request token and secret are being set just fine. However I end up with an authorization error:
OAuth::Unauthorized in MainController#twitter_callback
401 Unauthorized
RAILS_ROOT: /Users/TAmoyal/Desktop/RoR_Projects/mls
Application Trace | Framework Trace | Full Trace
/Library/Ruby/Gems/1.8/gems/oauth-0.3.4/lib/oauth/consumer.rb:167:in `token_request'
/Library/Ruby/Gems/1.8/gems/oauth-0.3.4/lib/oauth/tokens/request_token.rb:14:in `get_access_token'
/Library/Ruby/Gems/1.8/gems/erwaller-twitter-0.6.13.1/lib/twitter/oauth.rb:29:in `authorize_from_request'
/Users/TAmoyal/Desktop/RoR_Projects/mls/app/controllers/main_controller.rb:70:in `twitter_callback'
The code is failing at this line:
oauth.authorize_from_request(session[:twitter_request_token], session[:twitter_request_secret])
when it tries to get an access token. You can see the source code of authorize_from_request here. I am not sure why this is happening. Anyone have ideas?
A bit late to the party but just ran into the same issue myself. I tracked the issue down to the setup of my OAuth app in Twitter. I had initially not specified a callback URL as I was unsure of it.
Once I had setup my rails app I went back to find Twitter had assumed I was a desktop application as I hadn't specified a callback URL. Once I changed this to website and entered a callback URL I stopped getting 400s.
If you're getting error 401 - OAuth::Unauthorized, make sure you edit the settings of your Twitter application as follows:
Application Type: Browser
Callback URL: http://127.0.0.1:3000/auth/twitter/callback
this is an issue about time synchronization of your system with twitter server.
Twitter doesn't allow localhost as part of a valid callback URL.
Instead use http://127.0.0.1:3000/auth/twitter/callback
Hope this helps
This was one of the most annoying things to debug that I have come across. I was outputting in a couple places by accident because the URL's are dynamic and they happened to not be defined in my test case (i use this to display chart data and there is not enough right now so the google chart api URL's are blank). This caused my browser to make multiple requests to my localhost when some pages were loaded. Somehow that made the oauth process crap out. Obviously there is no way for people on S.O. to know about my application specific issue so I had to answer my own question.
I had this same problem and none of the suggestions in this thread worked for me.
I found the problem for me was the TIMESTAMP on my request. The mobile device I was running my scripts on had a jacked up clock. When I updated the system time on my device to the correct time (i.e. now), all of my requests came back "200 OK" instead of "401 Unauthorized".
This problem seems to be caused by twitter not being able to handle connection keep-alive correctly. Make sure you set connection=close http header in the request to twitter. Wasted a weekend debugging this.
not enough info for me, but when was twitter gem last updated? twitter changed their oauth 'stuff' in mid may approx. perhaps you have an old one. I'd update your question to show the callback_url, and make sure you have the right token and secret, which it looks like you don't have.
also, did you put the right callback url in your twitter app page? alot of times that screws you up too.
if that fails use mbleighs twitter_auth instead. it worked for me and is pretty slick.

Resources