This is the error that I see when trying to login via facebook, I always see that error. Can't seem to get rid of it:
Could not authorize you from Facebook because "Csrf detected".
I put a skip:
skip_before_filter :verify_authenticity_token
on the Omniauth callback, but still I get the error. This is in both local and prod (heroku) environments. I have set the heroku environment variables. Any idea?
I had the same issue you have on the same day!!
I thought it was a gem update or something like this but not at all.
With a deep debugging I found that omniauth "Callback phase initiated." was called twice.
It was due to a stupid double initialization of
provider :facebook, .....
One in config/initializers/devise.rb and in another initializer.
I hope it will give you an hint to find your error
I found that the problem was the gem was too new and passing a STATE header to facebook, which fb didn't want. I rolled the omniauth-facebook gem version back and it worked
Are you sending a p3p header maybe add...
before_filter :set_p3p
private
def set_p3p
headers['P3P'] = 'CP="ALL DSP COR CURa ADMa DEVa OUR IND COM NAV"'
end
to your application controller
Related
As my reputation is lower than 50, so Im not able to comment below the accepted answer in this post In Rails Devise gem how to modify the send_reset_password_instructions method? for more information.
I want to customize recoverable.rb in devise. I made a copy of it in my folder with path lib/devise/models/recoverable.rb. The problem is when request to send reset password instruction, I got error undefined method activerecord51? for Devise:Module. How do i solve this?
It seems my recoverable is not in Devise module. I tried a bit by making a copy of devise.rb in lib/ folder. But it doesn't help.
Can someone please help?
EDIT
Sorry for any inconvenience. At the moment Im just trying to pass more opts to the method send_reset_password_instructions.
Any idea about this?
How about do it in some rails initializer? Your are possibly overwriting the original class/module so all the other methods are gone.
# config/initalizers/devise.rb
Devise::Models::Recoverable::ClassMethods.module_eval do
def send_reset_password_instructions(your, params)
token = set_reset_password_token
send_reset_password_instructions_notification(token)
token
end
end
I am try to set up the SSO(Single Sign-On) integration with OpenProject using the OpenProject OmniAuth SAML Single-Sign On plugin. I have configured it with the relevant details. Generated the metadata and registered it with the IDP that is powered by Shibboleth. The plugin does show an additional login button on the openproject login form. Clicking it is properly redirecting to the IDP's login page. After giving the credentials, it is correctly redirecting to the AssertionConsumerService URL I have mentioned. It is of the form https://example.com/openproject/auth/saml/callback. But the page is showing a bad request error. Debugging the file app/controllers/concerns/omniauth_login.rb showed that, inside the omniauth_login function, the following lines of code is resulting in the 400 error.
auth_hash = request.env['omniauth.auth']
return render_400 unless auth_hash.valid?
The value of auth_hash looks to be empty. Could this be an issue due to attribute mapping or something else? I am coming from PHP bacnkground and have no experience in ruby on rails. So finding it difficult to debug the issue. I have tried googling a lot but couldn't find anything useful.
Any help is greatly appreciated.
Thanks
replace the following code
uid { #name_id }
with the following code
uid do
if options.uid_attribute
ret = find_attribute_by([options.uid_attribute])
if ret.nil?
raise OmniAuth::Strategies::SAML::ValidationError.new("SAML response missing '#{options.uid_attribute}' attribute")
end
ret
else
#name_id
end
end
inside the
strategies/saml.rb
file. It is inside the def other_phase function
For reference please have a look into the following github link
https://github.com/omniauth/omniauth-saml/blob/master/lib/omniauth/strategies/saml.rb line number 90
I'm developing a web application using Rails 3.2 and am using Devise and Warden for handling authentications.
I wanted to implement a custom authentication method for my app, so I read through Warden Wiki pages (https://github.com/hassox/warden/wiki) and created a custom Warden strategy with similar structure as the one showed in its documentation (I'll copy that below for the sake of clarity):
Warden::Strategies.add(:password) do
def valid?
params['username'] || params['password']
end
def authenticate!
u = User.authenticate(params['username'], params['password'])
u.nil? ? fail!("Could not log in") : success!(u)
end
end
Following that, I added my custom "password" strategy to Devise appending the following code in config/initializers/devise.rb
config.warden do |manager|
manager.default_strategies(:scope => :user).unshift :password
end
The problem I've found is that this authentication strategy is executed on every request, and I wanted to provide free access to certain requests to specific routes in my application. Initially, I thought of preventing the execution of the strategy using
skip_before_filter :authenticate_user!
on every controller whose actions doesn't require authentication, but the authentication keeps on executing even requesting to those controllers.
Can anybody help me how to skip the authentication in some requests? Or even more important, is my idea useless to achieve what I want?
Thanks in advance for your help. I really appreciate it.
Update
While debugging my code looking for a solution, I commented out all before_filter statements in all controller's code and discovered that the authentication strategy still executes. This behaviour turns out to be really strange to me. Does this make sense to anybody?
I can remember that your "skip filter" should call the autentication method. In this case you should replace skip_before_filter :authenticate_user! by skip_before_filter :authenticate!
I am using Omniauth in a Rails application for login, my omniauth.rb, is as show below:
OmniAuth.config.logger = Rails.logger
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, 'xxxxxxx', 'xxxxxxx'
provider :google_oauth2, 'xxxxxxxxx','xxxxxxxx'
end
When a user attempts to login (via Facebook or Goolge) and denies permissions, get the following error:
OmniAuth::Strategies::OAuth2::CallbackError
with this parameters:
{"error"=>"access_denied",
"error_code"=>"200",
"error_description"=>"Permissions error",
"error_reason"=>"user_denied",
"state"=>"60daee5f78d9cc28972050ae8ca8f950bb4ed5958302bcea"}
if the user accept, no problem and everything works fine.
I've tried some of the possible solutions related with this error, and listed on this website, but none solved my problem. For example:
How to rescue OmniAuth::Strategies::OAuth2::CallbackError?
Omniauth+facebook error when trying to cancel the popup
Please, I need help to solve this problem.
there is another thread (posted here) with a solution that could help you. But it always redirects to a general failure page for every type of error; meaning that regardless of the provider, it will redirect to the same error page.
How to rescue OmniAuth::Strategies::OAuth2::CallbackError?
If you are using Devise with OmniAuth you need to skip the extra omniauth.rb initializer and simply config.provider "KEY", "SECRET" inside of initializers/devise.rb and then carry on with your implementation.
The URL's seem right (Last updated them yesterday):
The files too:
omniauth.rb:
provider :google_oauth2, 'MY_CLIENT_ID.apps.googleusercontent.com', 'MY_CLIENT_SECRET',
:scope => 'https://mail.google.com/mail/feed/atom/'
Error: redirect_uri_mismatch
The redirect URI in the request: http://localhost:3000/auth/google_oauth2/callback did not match a registered redirect URI
header.html.erb
<li><%= link_to "Sign in with Google", "auth/google_oauth2" %></li>
routes.rb:
match '/auth/:provider/callback', to: 'sessions#omniauth_create'
But I'm getting this:
> Error: redirect_uri_mismatch The redirect URI in the request:
> http://localhost:3000/auth/google_oauth2/callback did not match a
> registered redirect URI
(Twitter and Facebook OmniAuth are working perfectly)
Not sure what is the problem. Any usggestions to fix this?
EDIT
I changed the URI to http...:
But still getting the same error.
It looks like the request is hitting http://localhost:3000/auth/google_oauth2/callback, but your specified redirect URI matching the similar pattern is for https. Adding http://localhost:3000/auth/google_oauth2/callback to your list of redirects may potentially solve that issue.
EDIT: Another potential fix is including a trailing / in the corresponding redirect URIs, which appeared to work in this case.
There's a relatively fresh issue with omniauth-oauth2 gem version 1.4 https://github.com/intridea/omniauth-oauth2/issues/81#issuecomment-151038559
Temporary fix is to downgrade that gem explicitly in the Gemfile
gem 'omniauth-oauth2', '~> 1.3.1'
foo
vi config/initializers/omniauth.rb
OmniAuth.config.full_host = 'https://localhost:3000'
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, 'google_client_id', 'google_client_secret'
end
Sharing a very simple copy-paste solution that worked for me.
I copied whatever I was specifying in my code as redirectUri i.e. "redirect_uri": "http://127.0.0.1:3001/" and pasted the value of this key inside the Google settings that ask for Authorized redirect URIs. This way I'm ensured that both the parameters are same.
If the url was computed, I would console.log() it and copy it from the console window before pasting it in for google settings.
I tried all of the above but didn't work for me. In the end noticed in my error message my call back was slightly different. I had a users between localhost:3000 and auth. Not really sure why.
http://localhost:3000/users/auth/google_oauth2/callback
Changed it, waited 30 mins and it worked.