stackoom
  简体   繁体   中英

Google oauth2 with devise and omniauth processed as failure

 原文  2016-04-17 02:21:19       ruby-on-rails/ devise/ omniauth/ ruby-on-rails-4.2

Question

I'm trying to configure a new rails4.2 app to authenticate against Google Oauth2.

I seem to be successfully going through the process, but it's being treated as a failure.

The initial authorisations seems to go well until google sends to the callback. Then it seems to be incorrectly identified as a failure.

The error message given is: Could not authenticate you from Google because "Invalid credentials".

I've googled for a solution, but to no avail.

Is it possible to turn on additional logging to understand why it's choosing to process via the failure method?

Here's the log of a request: 

Started GET "/users/auth/google" for 127.0.0.1 at 2016-04-17 09:37:33 +0800
Started GET "/users/auth/google/callback?state=<<state>>&code=<<code>>" for 127.0.0.1 at 2016-04-17 09:37:45 +0800
Processing by Users::OmniauthCallbacksController#failure as HTML
  Parameters: {"state"=>"<<state>>", "code"=>"<<code>>"}
Redirected to http://test_app.dev/sign_in
Completed 302 Found in 1ms (ActiveRecord: 0.0ms)

When testing, I clicked allow when google prompted me, and the url looks good, so why is this being processed as if it were a failure?

config/initializer/devise.rb 

  config.omniauth :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ['GOOGLE_CLIENT_SECRET'],
         :strategy_class => OmniAuth::Strategies::GoogleOauth2,
         :name => 'google',
         :scope => 'email,profile,contacts',
         :access_type => 'offline',
         :image_aspect_ratio => 'square'

routes.rb 

  devise_for :users, :controllers => { omniauth_callbacks: 'users/omniauth_callbacks' }
  resources :users

  devise_scope :user do
    get 'sign_in', :to => 'devise/sessions#new', :as => :new_user_session
    get 'sign_out', :to => 'devise/sessions#destroy', :as => :destroy_user_session
  end

controllers/users/omniauth_callbacks_controller.rb 

class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
  def google
      logger.debug 'Omniauth callback called' # Never get's called
  end
end

application_controller.rb 

class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception

  # Direct to user profile after sign in
  def after_sign_in_path_for(resource)
    user_path(current_user)
  end

  # Needed by Devise when using omniauth
  def new_session_path(scope)
    new_user_session_path
  end
end

My gems: 

Using warden 1.2.6
Using devise 3.5.6
Using oauth2 1.0.0
Using omniauth 1.2.2
Using omniauth-oauth2 1.4.0
Using omniauth-google-oauth2 0.4.1

1 answers

solution1
 1 ACCPTED  2016-04-20 02:22:49

The short answer is because your creds are wrong. You're calling ENV on the first but not on the second argument in your config hash.

The better answer is.. use a better mousetrap.

Sometimes using ENV for storing keys can be problematic, you might not have a key loaded in the same terminal that you launched your server in, or if you are in production you might not be able to use see the ENV to know that it's missing keys. It easier to use a secrets file. That's ok, rails provides it for just that reason. 

config/secrets.yml

You can store any key you want in there in yml format. MAKE SURE to add the file to your .gitignore because you absolutely don't want to store a file with secret keys in a repo somewhere. You'll ahve to manually copy your secrets file to your production server. 

development:
  omniauth_provider_key: 13232423423242315
  omniauth_provider_secret: 2222222222228eff721a0322c
  domain_name: lvh.me
  secret_key_base: 6ec9ae65d4de59aa1a7ssxxsdifwn9392203905c53a264ffd8255a601d7417b1ed7d4cef67f359e373472f0160aeb9698fa69578a1497b5b99209afd0e

You can also have the same structure for production staging or test

Now.. once you've done that (created the file and added your keys to it) now you can call the key from the initializer 

  config.omniauth :google_oauth2, Rails.application.secrets.omniauth_provider_key, Rails.application.secrets.omniauth_provider_secret,
     :strategy_class => OmniAuth::Strategies::GoogleOauth2,
     :name => 'google',
     :scope => 'email,profile,contacts',
     :access_type => 'offline',
     :image_aspect_ratio => 'square'

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Is there a working Devise/Omniauth/Oauth2 interface with Wordpress? Oauth2 Login for Facebook, Linkedin and Google Stopped Working with Devise and Omniauth, But Still Works for LinkedIn and Twitter Can't setup simple OAuth2 between Google and toy website using Ruby on Rails, Devise, Omniauth google omniauth rails with devise authentication failure Omniauth with Google Oauth2 gives a loading error Google Oauth2 api - Omniauth Rails Omniauth google oauth2 strategy with offline access Rails devise+omniauth-google-oauth2 devise + omniauth-google-oauth2 calling errors Devise with omniauth-google-oauth2 gem
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM