Devise/Google OAuth 2: Not found. Authentication passthru
Question
I followed the tutorial in the readme of the omniauth-google-oauth2 gem and when I click the link on my root (@ pages#home ), <%= link_to "Sign up with Google", user_google_oauth2_omniauth_authorize_path %> , I get the error:
Not found. Authentication passthru.
I've confirmed the ENV vars are there. I've been looking at similar topics with no luck. Any idea what I'm doing incorrectly?
In routes:
Rails.application.routes.draw do
devise_for :users, controllers: { :omniauth_callbacks => "users/omniauth_callbacks" }
My omniauth_callbacks_controller is located at /controllers/users/omniauth_callbacks_controller.rb
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
def google_oauth2
# You need to implement the method below in your model (e.g. app/models/user.rb)
@user = User.from_omniauth(request.env["omniauth.auth"])
if @user.persisted?
flash[:notice] = I18n.t "devise.omniauth_callbacks.success", :kind => "Google"
sign_in_and_redirect @user, :event => :authentication
else
session["devise.google_data"] = request.env["omniauth.auth"].except(:extra) #Removing extra as it can overflow some session stores
redirect_to new_user_registration_url, alert: @user.errors.full_messages.join("\n")
end
end
end
In my devise.rb file:
config.omniauth :google_oauth2, ENV["GOOGLE_CLIENT_ID"], ENV["GOOGLE_CLIENT_SECRET"], {
name: 'my-project',
scope: 'email',
prompt: 'select_account',
image_aspect_ratio: 'original',
image_size: 100,
ssl_verify: false
}
And in my User.rb:
devise :rememberable, :validatable, :omniauthable, :omniauth_providers => [:google_oauth2]
def self.from_omniauth(access_token)
data = access_token.info
user = User.where(:email => data["email"]).first
# Uncomment the section below if you want users to be created if they don't exist
# unless user
# user = User.create(name: data["name"],
# email: data["email"],
# password: Devise.friendly_token[0,20]
# )
# end
user
end
4 answers
solution1
1 2021-05-23 03:51:34
I solved the problem adding the following to config/initializers/omniauth.rb :
OmniAuth.config.allowed_request_methods = %i[get]
Explanation:
the above is the configuration shown in https://github.com/zquestz/omniauth-google-oauth2#usage :
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET']
end
OmniAuth.config.allowed_request_methods = %i[get]
but without
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET']
end
since that is already provided in your config/initializers/devise.rb :
config.omniauth :google_oauth2, ENV["GOOGLE_CLIENT_ID"], ENV["GOOGLE_CLIENT_SECRET"], {
name: 'my-project',
scope: 'email',
prompt: 'select_account',
image_aspect_ratio: 'original',
image_size: 100,
ssl_verify: false
}
solution2
0 2017-03-27 19:31:31
值得检查您的 Google OAuth 重定向 URI 是否正确,并在末尾包含/callback 。
solution3
0 2020-07-01 07:29:38
For anyone who still looking for the answer:
- Make sure no file
config/initializers/omniauth.rbin the initializer folder. - Use a blank hash at the last config.omniauth argument at
config/initializers/devise.rbas follow:
config.omniauth :google_oauth2, ENV["GOOGLE_CLIENT_ID"], ENV["GOOGLE_CLIENT_SECRET"], {}
Or we can use email scope alone. Since it will tell google that we request user details by email { scope: "email" }
solution4
0 2021-08-06 05:20:36
I fixed this problem like this:
- I added gem
omniauth-rails_csrf_protectioninto Gemfile - In my view I added POST method
<%= link_to "Sign in with Google",
user_google_oauth2_omniauth_authorize_path, method: :post %>
- In my
devise.rb:
Rails.application.config.middleware.use OmniAuth::Builder do
OmniAuth.config.allowed_request_methods = [:post, :get]
provider :google_oauth2, Rails.application.credentials[:GOOGLE_CLIENT_ID],
Rails.application.credentials[:GOOGLE_CLIENT_SECRET], {scope: "email"}
end
- My routes:
devise_for :users, controllers: {
omniauth_callbacks: "users/omniauth_callbacks"
}
More information check this issue: [enter link description here][1]
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.