Using OmniAuth, Rails 3.1.0.rc2, mysql2, ruby 1.9.2.p0.
I still get this when redirecting back to my site.
/auth/failure?message=invalid_response
Omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :twitter, 'XXXXX', 'XXXXXXXXXXXXX'
I've checked the keys 100x and they are correct. Still getting the invalid response. Any of the questions I see don't seem to work.
Any help would be greatly appreciated!
Thanks. [:
If any new information is needed, just ask.
If you use this request.env['rack.auth'] in your controller, change this to request.env['omniauth.auth'] - this were explained here OmniAuth
this solution works for me.
I had a similar problem. It turns out that I actually had some runtime errors in my Users::OmniauthCallbacksController#twitter method:
I was calling a method on a non-existent method on a nil object and this was raising an exception, but either devise or omniauth were swallowing the exception.
I ended up wrapping my entire method body in a begin/rescue clause and printing out the exception.
However, if you are getting Invalid Credentials then it's likely that the twitter-issued oauth key has expired and so your user should really be calling /users/auth/twitter again.
Are you sure you are not putting the keys in the wrong order?
Rails.application.config.middleware.use OmniAuth::Builder do
provider :twitter, TW_CONSUMER_KEY, TW_CONSUMER_SECRET
end
If not, let's quickly test your credentials with the Twitter gem:
# twitter.rb -- Test credentials
require "rubygems"
require "twitter"
# Get a user's most recent status update
puts Twitter.user_timeline("YOUR_USER").first.text
Twitter.configure do |config|
config.consumer_key = TW_CONSUMER_KEY
config.consumer_secret = TW_CONSUMER_SECRET
end
# Update your status
Twitter.update("I Love ruby!")
If it works, then your credentials are fine... you should keep looking into Rails...
Thank you Christian for your answer. It was very helpful for me. But if it gives a 401 error trying to update, retweet, etc you will have to include
config.oauth_token = 'MY_OAUTH_TOKEN'
config.oauth_token_secret = 'MY_OAUTH_TOKEN_SECRET'
to Twitter client configuration. Look at https://dev.twitter.com/discussions/1522
So finally you will have
Twitter.configure do |config|
config.consumer_key = 'TW_CONSUMER_KEY'
config.consumer_secret = 'TW_CONSUMER_SECRET'
config.oauth_token = 'MY_OAUTH_TOKEN'
config.oauth_token_secret = 'MY_OAUTH_TOKEN_SECRET'
end
It worked for me
and of course your Twitter app has to have Access level = Read and write. You have to change this in dev.twitter.com if you want to update the status, retweet, etc
Have you tried omniauth-twitter gem?? https://github.com/arunagw/omniauth-twitter
Related
I have a Rails app that uses the omniauth-github gem. According to Github documentation, I can set the parameter allow_signup to false in the initial request, so that users can only log in to my app if they already have a Github account. This is my desired behavior.
The part I haven't been able to figure out is this: where exactly should I set this parameter? I have added it to the sign in link path ("auth/github?allow_signup=false"), but that doesn't work. Should this be in the provider :github line within config/initializers/omniauth.rb? How, exactly?
You should pass the parameter explicitly to provider function. So please try the following snippet.
provider :github, ENV['GITHUB_KEY'], ENV['GITHUB_SECRET'], allow_signup: 'true', scope: 'user,repo,gist'
This is how I got it to work:
# config/initializers/omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :github,
ENV['GITHUB_KEY'],
ENV['GITHUB_SECRET'],
{
client_options: {
authorize_url: 'https://github.com/login/oauth/authorize?allow_signup=false'
}
}
end
Apparently it also works with Devise, replacing provider with config.omniauth and placing this within config/initializers/devise.rb instead.
I've been using the gem LinkedIn OAuth 2.0. Right now I can get it to generate the linkedin signin page. However, the next thing that is supposed to happen is it sends to my callback link a code which I use to generate an access token. The problem is that the variable 'oauth' is generated in the authenticate action but then needs to be used again in the callback action. I've tried generating the oauth variable again using the exact same parameters, but when I do that I get an SSL certificate error. It seems like the exact same oauth instance needs to be used in both cases. Let me know if you have any thoughts. My code is below:
def authenticate
require "linkedin-oauth2"
LinkedIn.configure do |config|
config.client_id = "Mycode"
config.client_secret = "Mysecret"
# This must exactly match the redirect URI you set on your application's
# settings page. If your redirect_uri is dynamic, pass it into
# `auth_code_url` instead.
config.redirect_uri = "http://localhost:3000/auth/linkedin/callback"
end
oauth = LinkedIn::OAuth2.new()
url = oauth.auth_code_url
redirect_to url
end
def callback
require "linkedin-oauth2"
code = params[:code]
access_token = oauth.get_access_token(code)
api = LinkedIn::API.new(access_token)
my_job_titles = api.profile(fields: ["id", {"positions" => ["title"]}])
puts my_job_titles
redirect_to("/")
end
end
Getting an SSL certificate error doesn't mean that the instantiation is wrong. I don't know that gem, but I can't see why would that be a problem.
The require and the configuration block should not be inside the method (maybe you forgot the configuration from the second method?); the best place for those is in config/initializers/linkedin_oauth2.rb.
If you don't want to load it at startup, then you can put those in a private method oauth with memoization:
def oauth
#oauth ||=
begin
require "linkedin-oauth2"
LinkedIn.configure do |config|
...
end
LinkedIn::OAuth2.new()
end
end
If the SSL error still occurs, you should investigate that. You can try creating a simple Ruby script with some example from the gem's readme, just to test the connection to LinkedIn.
Looks like the gem is using the faraday gem for HTTP, you can also try using that directly to make a simple call to LinkedIn.
The documentation says
config = Twitter.configure do |config|
config.consumer_key = 'YOUR_CONSUMER_KEY'
config.consumer_secret = 'YOUR_CONSUMER_SECRET'
config.oauth_token = 'YOUR_OAUTH_TOKEN'
config.oauth_token_secret = 'YOUR_OAUTH_TOKEN_SECRET'
end
and
client.update('Hello, from Twitter Gem!')
But where do I put them? (also, why do documentation assume everyone knows where to put things?)
What is one valid design for doing this
For example, I have a twitter button on a post. When the twitter button is clicked, I want it to tweet that post (nevermind about handling shortening the post).
Should i put the tweeting client.update('Hello, from Twitter Gem!') in an action of a newly created twitter controller?
Or make it a button that calls a javascript file with that tweeting code in it?
I just need one valid way of getting the tweeting button to be functional.
I have used the following setup:
config/initializers/twitter.rb
$twitter = Twitter.configure do |config|
config.consumer_key = 'YOUR_CONSUMER_KEY'
config.consumer_secret = 'YOUR_CONSUMER_SECRET'
config.oauth_token = 'YOUR_OAUTH_TOKEN'
config.oauth_token_secret = 'YOUR_OAUTH_TOKEN_SECRET'
end
Then you can reference the $twitter variable in a controller of your choosing. Your view can post a message to the controller, you can do any preprocessing (if needed), and then call $twitter.update(message)
I like this setup because it allows me to access my configured twitter client from wherever I need it.
Although the question was about file paths, and #danielM is correct, the code is outdated. This was the config setup method youll need to call: Error with Ruby Twitter API
I am using Omniauth in a Rails application for login, my omniauth.rb, is as show below:
OmniAuth.config.logger = Rails.logger
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, 'xxxxxxx', 'xxxxxxx'
provider :google_oauth2, 'xxxxxxxxx','xxxxxxxx'
end
When a user attempts to login (via Facebook or Goolge) and denies permissions, get the following error:
OmniAuth::Strategies::OAuth2::CallbackError
with this parameters:
{"error"=>"access_denied",
"error_code"=>"200",
"error_description"=>"Permissions error",
"error_reason"=>"user_denied",
"state"=>"60daee5f78d9cc28972050ae8ca8f950bb4ed5958302bcea"}
if the user accept, no problem and everything works fine.
I've tried some of the possible solutions related with this error, and listed on this website, but none solved my problem. For example:
How to rescue OmniAuth::Strategies::OAuth2::CallbackError?
Omniauth+facebook error when trying to cancel the popup
Please, I need help to solve this problem.
there is another thread (posted here) with a solution that could help you. But it always redirects to a general failure page for every type of error; meaning that regardless of the provider, it will redirect to the same error page.
How to rescue OmniAuth::Strategies::OAuth2::CallbackError?
If you are using Devise with OmniAuth you need to skip the extra omniauth.rb initializer and simply config.provider "KEY", "SECRET" inside of initializers/devise.rb and then carry on with your implementation.
This is the error that I see when trying to login via facebook, I always see that error. Can't seem to get rid of it:
Could not authorize you from Facebook because "Csrf detected".
I put a skip:
skip_before_filter :verify_authenticity_token
on the Omniauth callback, but still I get the error. This is in both local and prod (heroku) environments. I have set the heroku environment variables. Any idea?
I had the same issue you have on the same day!!
I thought it was a gem update or something like this but not at all.
With a deep debugging I found that omniauth "Callback phase initiated." was called twice.
It was due to a stupid double initialization of
provider :facebook, .....
One in config/initializers/devise.rb and in another initializer.
I hope it will give you an hint to find your error
I found that the problem was the gem was too new and passing a STATE header to facebook, which fb didn't want. I rolled the omniauth-facebook gem version back and it worked
Are you sending a p3p header maybe add...
before_filter :set_p3p
private
def set_p3p
headers['P3P'] = 'CP="ALL DSP COR CURa ADMa DEVa OUR IND COM NAV"'
end
to your application controller