stackoom
  简体   繁体   中英

Omniauth isn't catching the initial get “/auth/:provider” request

 原文  2021-02-01 15:16:02       ruby-on-rails/ omniauth

Question

Followed the setup documentation verbatim

In the gemfile

gem 'omniauth'
gem 'omniauthgithub'
gem 'dotenv-rails'

In config/initializers/omniauth.rb

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :github, ENV['GITHUB_CLIENT_ID'], ENV['GITHUB_CLIENT_SECRET']
end

And the link for the user

<%= link_to "Log in with GitHub!", "/auth/github" %>

The call back route is set as well

get '/auth/:provider/callback' => 'sessions#create'

But it doesn't get that far. When I click on the link there is an immediate routing error

No route matches [GET] "/auth/github"

Everything I can find indicates the initial "/auth/:provider" request is intercepted with the Omniauth black-box magic and that all I should have to do is configure the callback route. I've tried this entire setup with Facebook as well just to see if it was something Github specific but no luck. I've wiped the Gemfile.lock and re-ran bundle install just to make sure the gems are all in working order but that didn't change anything. All the other omniauth issues I've found articles about were regarding the callback routing, not the initial get request- which leads me to believe it's either something extremely obvious or very obscure. Please Help!

2 answers

solution1
 4  2021-02-15 01:47:57

As @obiruby said, this is due to the new CSRF protection enabled by default in OmniAuth 2.0+.

If you are using GitHub as your sole method of authentication, the CSRF isn't a threat, so you can safely re-enable the GET method by adding the following line to config/initializers/omniauth.rb:

OmniAuth.config.allowed_request_methods = [:get, :post]

solution2
 2 ACCPTED  2021-02-02 00:52:59

I've been struggling with the exact same issue today (except I'm integrating google_oauth2 not github), and what finally worked for me included following the recently updated instructions from the Devise wiki .

Specifically, the part about making sure to use POST requests:

OmniAuth 2.0+ requires using HTTP POST as the request method to initiate the authentication, so your link should be configured with method: :post: (this requires rails-ujs or similar to create POST requests)

So once I changed my view to use button_to instead of link_to (alternatively I could have used link_to with method: :post ) I had gotten it to work.

Also, are you using Devise as well? If so, make sure to follow the devise-related setup instructions (specifically, to delete config/intializers/omniauth.rb and instead to put your setup credentials in config/initializers/devise.rb as indicatd in the aforementioned wiki post... otherwise it apparently conflicts in a very silent way which can make for a "very fun" debug sesh)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to get the auth URL from an OmniAuth provider without redirect How to change route of omniauth from /auth/:provider to /myapp/auth/:provider How to change /auth/:provider path by omniauth Omniauth not responding to GET Request Why does Omniauth redirect to /auth/failure and not /auth/:provider/failure? Omniauth making multiple auth calls per request? Request spec with devise_token_auth + omniauth How to get twitter user name from request.env[“omniauth.auth”] (Rails) Prevent user from accessing /auth/:provider under some conditions in OmniAuth Omniauth error: No route matches [GET] “/auth/facebook”
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM