Devise Google Omniauth 在本地工作,但不在生产环境中工作
[英]Devise Google Omniauth working in Local, but not in Production
问题描述
Google OAuth2 on Production is not working for me. 
Google OAuth2 on Production 对我不起作用。 This is with the Devise gem.这是 Devise 宝石。
The log shows this all the time on Production.日志始终在生产环境中显示这一点。 (Removed Prefixed output from server) (从服务器中删除了前缀 output)
Started POST "/users/auth/google_oauth2" for 112.205.146.56 at 2023-01-27 01:14:38 +0000
Processing by Users::OmniauthCallbacksController#failure as HTML
Parameters: {"authenticity_token"=>"[FILTERED]", "commit.x"=>"25", "commit.y"=>"16"}
Redirected to https://automateton.com/users/sign_in
But it works on Local!!!但它适用于本地!!!
Started POST "/users/auth/google_oauth2" for ::1 at 2023-01-27 09:20:01 +0800
DEBUG -- omniauth: (google_oauth2) Request phase initiated.
The .rbenv-vars should work in Production as I've put the secret and master key there. .rbenv-vars应该在生产环境中工作,因为我已经将密钥和主密钥放在那里。 I've also put my DB creds and Google creds there.我还将我的数据库信用和谷歌信用放在那里。
Gemfile includes宝石文件包括
gem 'devise
gem 'omniauth'
gem 'omniauth-google-oauth2'
gem 'omniauth-rails_csrf_protection'
Localhost omniauth includes Localhost omniauth 包括
localhost:3000/users/auth/google_oauth2/callback # Redirect URI in Google Developer Console
Can you help me with this?你能帮我吗? Thank you very much!非常感谢你!
I've also tried the following:我还尝试了以下内容:
- Added SSL certification with Let's Encrypt使用 Let's Encrypt 添加了 SSL 认证
- Added callback to my
www.example.com/users/auth/google_oauth2/callback(redacted domain name)向我的www.example.com/users/auth/google_oauth2/callback添加回调(编辑域名) - Changed Google Oauth from test mode to production mode.将 Google Oauth 从测试模式更改为生产模式。
EDIT: I tried switching to Sorcery Gem and realized that the problem still persists.编辑:我尝试切换到 Sorcery Gem 并意识到问题仍然存在。 I think it's the CSRF problem that was already present in the other questions.我认为这是其他问题中已经存在的 CSRF 问题。 However, I've tried the solutions already and they don't work.但是,我已经尝试了这些解决方案,但它们不起作用。
eg if I use the skip_verify_token (non-verbatim) action or the protect_from_forgery prepend: true .例如,如果我使用skip_verify_token (非逐字)操作或protect_from_forgery prepend: true 。 It still doesn't work as the user is still not logged in (for both Sorcery and Devise).它仍然不起作用,因为用户仍未登录(对于 Sorcery 和 Devise)。 I still get sent back to the sign in page.我仍然被送回登录页面。
So, I went back to Devise to get a higher possibility stack overflow answers.所以,我回到 Devise 以获得更高可能性的堆栈溢出答案。
1 个解决方案
解决方案1
0 已采纳 2023-01-30 02:20:39
This is a bit of a facepalm moment for me.对我来说,这是一个面面相觑的时刻。 I've apparently set my config/initializers/session_store.rb to sample.com for the domain.我显然已经将域的config/initializers/session_store.rb设置为sample.com 。 So both OmniAuth for google and actual users/sign_in isn't working.因此,OmniAuth for google 和实际users/sign_in都不起作用。
My settings before我之前的设置
domain = Rails.env.development? ? 'localhost' : 'sample.com'
AppName::Application.config.session_store :cookie_store, key: '_app_session', domain:
domain = Rails.env.development? ? 'localhost' : 'appname.com' # appname redacted but I changed it to the actual host name
AppName::Application.config.session_store :cookie_store, key: '_app_session', domain: (ruby 3.1.0, domain: domain shortcut)
Now it works!现在可以了!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.