带有devise和omniauth的Google oauth2被视为失败
[英]Google oauth2 with devise and omniauth processed as failure
问题描述
I'm trying to configure a new rails4.2 app to authenticate against Google Oauth2. 
我正在尝试配置一个新的rails4.2应用程序以针对Google Oauth2进行身份验证。
I seem to be successfully going through the process, but it's being treated as a failure. 我似乎已经成功完成了该过程,但是将其视为失败。
The initial authorisations seems to go well until google sends to the callback. 在google发送给回调之前,初始授权似乎进行得很顺利。 Then it seems to be incorrectly identified as a failure. 然后,它似乎被错误地识别为故障。
The error message given is: Could not authenticate you from Google because "Invalid credentials". 给出的错误消息是: Could not authenticate you from Google because "Invalid credentials".
I've googled for a solution, but to no avail. 我已经在Google上寻找解决方案,但无济于事。
Is it possible to turn on additional logging to understand why it's choosing to process via the failure method? 是否可以打开其他日志记录以了解为什么选择通过故障方法进行处理?
Here's the log of a request: 这是请求的日志:
Started GET "/users/auth/google" for 127.0.0.1 at 2016-04-17 09:37:33 +0800
Started GET "/users/auth/google/callback?state=<<state>>&code=<<code>>" for 127.0.0.1 at 2016-04-17 09:37:45 +0800
Processing by Users::OmniauthCallbacksController#failure as HTML
Parameters: {"state"=>"<<state>>", "code"=>"<<code>>"}
Redirected to http://test_app.dev/sign_in
Completed 302 Found in 1ms (ActiveRecord: 0.0ms)
When testing, I clicked allow when google prompted me, and the url looks good, so why is this being processed as if it were a failure? 在测试时,当Google提示我时,我单击了允许,并且该网址看起来不错,那么为什么要像处理失败一样进行处理呢?
config/initializer/devise.rb config / initializer / devise.rb
config.omniauth :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ['GOOGLE_CLIENT_SECRET'],
:strategy_class => OmniAuth::Strategies::GoogleOauth2,
:name => 'google',
:scope => 'email,profile,contacts',
:access_type => 'offline',
:image_aspect_ratio => 'square'
routes.rb routes.rb
devise_for :users, :controllers => { omniauth_callbacks: 'users/omniauth_callbacks' }
resources :users
devise_scope :user do
get 'sign_in', :to => 'devise/sessions#new', :as => :new_user_session
get 'sign_out', :to => 'devise/sessions#destroy', :as => :destroy_user_session
end
controllers/users/omniauth_callbacks_controller.rb 控制器/用户/omniauth_callbacks_controller.rb
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
def google
logger.debug 'Omniauth callback called' # Never get's called
end
end
application_controller.rb application_controller.rb
class ApplicationController < ActionController::Base
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
# Direct to user profile after sign in
def after_sign_in_path_for(resource)
user_path(current_user)
end
# Needed by Devise when using omniauth
def new_session_path(scope)
new_user_session_path
end
end
My gems: 我的宝石:
Using warden 1.2.6
Using devise 3.5.6
Using oauth2 1.0.0
Using omniauth 1.2.2
Using omniauth-oauth2 1.4.0
Using omniauth-google-oauth2 0.4.1
1 个解决方案
解决方案1
1 已采纳 2016-04-20 02:22:49
The short answer is because your creds are wrong. 简短的答案是,因为您的信誉是错误的。 You're calling ENV on the first but not on the second argument in your config hash. 您正在配置哈希中的第一个而不是第二个参数上调用ENV。
The better answer is.. use a better mousetrap. 更好的答案是..使用更好的捕鼠器。
Sometimes using ENV for storing keys can be problematic, you might not have a key loaded in the same terminal that you launched your server in, or if you are in production you might not be able to use see the ENV to know that it's missing keys. 有时使用ENV来存储密钥可能会出现问题,您可能没有在启动服务器的同一终端中加载密钥,或者如果您正在生产中,则可能无法使用ENV来了解它缺少密钥。 It easier to use a secrets file. 使用机密文件更容易。 That's ok, rails provides it for just that reason. 没关系,Rails正是出于这个原因提供了它。
config/secrets.yml
You can store any key you want in there in yml format. 您可以将所需的任何密钥以yml格式存储在此处。 MAKE SURE to add the file to your .gitignore because you absolutely don't want to store a file with secret keys in a repo somewhere. 请确保将文件添加到.gitignore中,因为您绝对不希望将带有密钥的文件存储在某个仓库中。 You'll ahve to manually copy your secrets file to your production server. 您将需要手动将机密文件复制到生产服务器。
development:
omniauth_provider_key: 13232423423242315
omniauth_provider_secret: 2222222222228eff721a0322c
domain_name: lvh.me
secret_key_base: 6ec9ae65d4de59aa1a7ssxxsdifwn9392203905c53a264ffd8255a601d7417b1ed7d4cef67f359e373472f0160aeb9698fa69578a1497b5b99209afd0e
You can also have the same structure for production staging or test 您也可以使用相同的结构进行production staging或test
Now.. once you've done that (created the file and added your keys to it) now you can call the key from the initializer 现在..一旦完成(创建文件并向其中添加密钥),现在就可以从初始化程序中调用密钥
config.omniauth :google_oauth2, Rails.application.secrets.omniauth_provider_key, Rails.application.secrets.omniauth_provider_secret,
:strategy_class => OmniAuth::Strategies::GoogleOauth2,
:name => 'google',
:scope => 'email,profile,contacts',
:access_type => 'offline',
:image_aspect_ratio => 'square'
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.