stackoom
  简体   繁体   中英

Devise Google Omniauth working in Local, but not in Production

 原文  2023-01-27 01:34:26       ruby-on-rails/ oauth/ devise/ production

Question

Google OAuth2 on Production is not working for me. This is with the Devise gem.

The log shows this all the time on Production. (Removed Prefixed output from server) 

Started POST "/users/auth/google_oauth2" for 112.205.146.56 at 2023-01-27 01:14:38 +0000
Processing by Users::OmniauthCallbacksController#failure as HTML
Parameters: {"authenticity_token"=>"[FILTERED]", "commit.x"=>"25", "commit.y"=>"16"}
Redirected to https://automateton.com/users/sign_in

But it works on Local!!!

Started POST "/users/auth/google_oauth2" for ::1 at 2023-01-27 09:20:01 +0800
DEBUG -- omniauth: (google_oauth2) Request phase initiated.

The .rbenv-vars should work in Production as I've put the secret and master key there. I've also put my DB creds and Google creds there.

Gemfile includes

gem 'devise
gem 'omniauth'
gem 'omniauth-google-oauth2'
gem 'omniauth-rails_csrf_protection'

Localhost omniauth includes 

localhost:3000/users/auth/google_oauth2/callback # Redirect URI in Google Developer Console

Can you help me with this? Thank you very much!

I've also tried the following:

  1. Added SSL certification with Let's Encrypt
  2. Added callback to my www.example.com/users/auth/google_oauth2/callback (redacted domain name)
  3. Changed Google Oauth from test mode to production mode.

EDIT: I tried switching to Sorcery Gem and realized that the problem still persists. I think it's the CSRF problem that was already present in the other questions. However, I've tried the solutions already and they don't work.

eg if I use the skip_verify_token (non-verbatim) action or the protect_from_forgery prepend: true . It still doesn't work as the user is still not logged in (for both Sorcery and Devise). I still get sent back to the sign in page.

So, I went back to Devise to get a higher possibility stack overflow answers.

1 answers

solution1
 0 ACCPTED  2023-01-30 02:20:39

This is a bit of a facepalm moment for me. I've apparently set my config/initializers/session_store.rb to sample.com for the domain. So both OmniAuth for google and actual users/sign_in isn't working.

My settings before

domain = Rails.env.development? ? 'localhost' : 'sample.com'
AppName::Application.config.session_store :cookie_store, key: '_app_session', domain: 

domain = Rails.env.development? ? 'localhost' : 'appname.com' # appname redacted but I changed it to the actual host name
AppName::Application.config.session_store :cookie_store, key: '_app_session', domain: (ruby 3.1.0, domain: domain shortcut)

Now it works!

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Rails 6 omniauth working on local but not production (Heroku) Devise with Google OmniAuth not loading client_id in production What's the correct configuration line to get devise, omniauth and google working? omniauth with facebook not working on production Devise Omniauth Facebook works on localhost, but not in Production on Heroku devise with omniauth - setting a seperate config for dev and production actioncable not working with devise on production devise production login not working google omniauth rails with devise authentication failure Google oauth2 with devise and omniauth processed as failure
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM