devise + omniauth auth/failure?message=invalid_credentials - ruby-on-rails

after i added an application in twitter when i request for an authentication in twitter (/auth/twitter) i get these error message
http://localhost:3000/auth/failure?message=invalid_credentials
Routing Error
No route matches "/auth/failure"
how can i add a valid credential or is there any ssl certificate that must be included in requesting for twitter auth??
my facebook authentication just works fine after i added a parameter ssl certificate that looks like this
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook,'xxx', 'xx', { :scope => 'publish_stream,offline_access,email',:client_options => { :ssl =>{ :ca_path => "/etc/ssl/certs" } }}
provider :twitter, 'xx','xxx' #,{ :client_options => { :ssl =>{ :ca_path => "/etc/ssl/certs" } }}
end

i've same problem with you, it happen because oauth_token in twitter login only valid on once request. May be your application trying to refresh when authentication to twitter.
when i've problem like you, my apps trying to refresh the webpage with
window.opener.location = "#{request.fullpath}";
Until now i'couldn't find how to popup a window when login using twitter. I'm using omniauth and rails 3.0.3. Thanks

This is all you need
site url http://localhost:3000/

Related

How to receive email, first name, last name and mobile from facebook after login

Devise.rb
require "omniauth-facebook"
# CREDENTIALS_CONFIG = YAML.load_file("#{Rails.root}/config/omniauth.yml")[Rails.env].symbolize_keys
# config.omniauth :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET'], :strategy_class => OmniAuth::Strategies::Facebook, :image_size => 'large'
Rails.application.config.middleware.use OmniAuth::Builder do
if Rails.env == 'production'
provider :facebook, 'sample_key', 'sample_key'
elsif ['staging', 'development'].include? Rails.env
provider :facebook, 'key_sampl', 'key_sdfjkhd',
:scope => 'email', :info_fields => 'email'
end
end
After Login with facebook receiving this hash:
({ extra"=>{"raw_info"=>{"id"=>"846548425", "name"=>"Rakesh PD"}}, "info"=>{"image"=>"http://graph.facebook.com/846548425430988/picture (2KB)
", "name"=>"Rakesh PD"}, "provider"=>"facebook", "uid"=>"846548425"} )
Not receiving logined users email first name, last name, mobile but the account contain all the informations (email first name, last name, mobile etc)
I would recommend you to create a html/js text file for you to understand how Facebook's javascript API works.
It will be quick for you to understand the raw data sent by Facebook after the log-in. In particular the restrictions to the data will be easy to spot.
The response to the omnialth-facebook gem is the same as (or very close to it) the one from the javascript SDK.
So if the javascript SDK responce produces the account parameters you need, omnialth-facebook gem would be able to retrieve it as well. Mind that if the vanilla javascript response does not have all the parameters you need, you will probably have to adjust your facebook app.
After some round of experiments I believe you will be able to adjust your facebook app or perform the necessary changes in your rails app

Can I send requests to app with devise without credentials?

I have backend app with devise and a ionic app from which I make requests to backend.
Whenever I send requests, gets me 401 status unauthorized.
In this project I've already doorkeeper to manage authorization, so I don't rly need authorization from devise. Can I somehow make these requests( add something to headers ) always authorized without sending post request with credentials?
You need to identify the user somehow. If you're not using a session, you'll need to generate some kind of access token, which Doorkeeper can do for you. I'm not sure if this is helpful or not, but I set up the following flow recently.
One option when using OAuth2 through a trusted client, e.g. a front-end app you build/distribute yourself, is the Resource Owner Password Credentials Grant. Doorkeeper has a guide in the docs for this with advice on dealing with Devise.
I ended up with something like this in my Doorkeeper initializer. You don't need to authorize the client, because you trust it:
resource_owner_from_credentials do |routes|
request.params[:user] = {:email => request.params[:email], :password => request.params[:password]}
request.env['devise.allow_params_authentication'] = true
request.env['warden'].authenticate!(:scope => :user)
end
skip_authorization do |resource_owner|
true
end
Then you should be able to send a request using the password grant type as follows (also shown in the docs).
RestClient.post 'http://localhost:3000/oauth/token', {grant_type: 'password', email: 'email#gmail.com', password: 'password'}, {:accept => 'application/json'}
You should receive the same JSON back as shown in the docs.
{
"access_token": "1f0af717251950dbd4d73154fdf0a474a5c5119adad999683f5b450c460726aa",
"token_type": "bearer",
"expires_in": 7200
}
Now you have a way of identifying your user. You just attach this token to each request to endpoints protected by doorkeeper_for.
RestClient.get 'http://localhost/api/v1/users', { 'Authorization' => 'Bearer 1f0af717251950dbd4d73154fdf0a474a5c5119adad999683f5b450c460726aa', :accept => 'application/json'}

rails login facebook api debug

I'm using devise and omniauth-facebook authentication in my rails application.
Facebook has moved on to v2.x graph API. (deadline for api migration is April 30, 2015).
I configure my omniauth-facebook in initializer file as:
provider :facebook, ENV['APP_ID'], ENV['APP_SECRET'],
:scope => 'email,read_stream',
:client_options => {
:site => 'https://graph.facebook.com/v2.0',
:authorize_url => "https://www.facebook.com/v2.0/dialog/oauth"
}
But...how I can know that the calls are actually doing in the 2.x api version and not the 1.x I had before?.
Thanks
You could add the gem http_logger to your gemfile. You will then see the server-side http requests in your log:
[DEBUG] HTTP POST (123.07ms) https://graph.facebook.com:443/v2.0/oauth/access_token

how to get oauth access token for facebook using ruby

Am trying to get oauth access token for facebook programmatically in ruby.
My code is as follows:
client = OAuth2::Client.new(
APP_ID,
SECRET_ID,
:authorize_url => "/dialog/oauth",
:token_url => "/oauth/access_token",
:site => "https://www.facebook.com/"
)
code = client.auth_code.authorize_url(:redirect_uri => "http://www.facebook.com/")
token = client.auth_code.get_token(code, :redirect_uri => "https://graph.facebook.com/")
OAuth2::AccessToken.new(client, token.token, {:mode => :query, :param_name =>"oauth_token"})
When i try to run the above ruby code, i'm getting the following exception
https://www.facebook.com/dialog/oauth?response_type=code&client_id=APP_ID
51&redirect_uri=http%3A%2F%2Fwww.facebook.com%2F
/home/ec2-user/.rvm/gems/ruby-1.9.3-p0#samples/gems/oauth2-0.5.2/lib/oauth2/clie
nt.rb:129:in `get_token': OAuth2::Error (OAuth2::Error)
from /home/ec2-user/.rvm/gems/ruby-1.9.3-p0#samples/gems/oauth2-0.5.2/li
b/oauth2/strategy/auth_code.rb:29:in `get_token'
from oauth.rb:16:in `<main>'
Any help is greatly appreciated as I have spent more than a day while trying to sort this out.
Have you tried to put as redirect_uri instead of localhost:3000 your real IP address ex. 231.61.233.57:3000? Additionally you could try to use ssh tunneling for testing purposes so your localhost application will be available worldwide. Check this out http://progrium.com/localtunnel/ .
When you will get ip address from this tool try to set redirect_uri param to it.

How do I use the access token in omniauth for Facebook?

I have set this in the initializer
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook , 'app' , 'secret' , {:scope => "manage_pages"}
end
And I have saved the token in User model after the callback.
How do I use the token to request for https://graph.facebook.com/${current_user.uid}/accounts?
With the Facebook ID you can query the Facebook Graph. Have a look at fb_graph gem: https://github.com/nov/fb_graph, it is a Facebook API wrapper.

Resources