![](/img/trans.png)
[英]omniauth redirect_callbacks not working when using devise_token_auth gem alongside regular devise
[英]No route matches "omniauth/:provider" when using devise, omniauth and devise-token-auth
我正在嘗試讓我的用戶使用devise
、 omniauth
和 devise devise-token-auth
使用他們的 Google 帳戶登錄。 為此,我將以下代碼添加到 Rails API-only 樣板文件中。
# Gemfile
...
# authentication
gem 'devise', '~> 4.7'
gem 'devise_token_auth', git: 'https://github.com/lynndylanhurley/devise_token_auth'
gem 'omniauth', '~> 1.9.1'
gem 'omniauth-google-oauth2
...
# config/initializers/omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET']
end
# config/routes.rb
Rails.application.routes.draw do
root 'application#home'
mount_devise_token_auth_for 'User', at: 'auth'
end
對於前端,我使用j-toker
並將其設置如下
Auth.configure({
apiUrl: `http://localhost:8000/`,
authProviderPaths: {
google: `/auth/google_oauth2`,
},
});
當用戶單擊使用 google 登錄按鈕時,我會調用
Auth.oAuthSignIn({ provider: `google` }).then(() => {
// handle result
});
問題:當用戶點擊登錄按鈕時,會打開一個新選項卡,並顯示 Rails 錯誤消息No route matches [GET] "/omniauth/google_oauth2"
似乎/auth/google_oauth2
重定向到/omniauth/google_oauth2
但/omniauth/:provider
路徑不存在
rails routes
output如下:
Prefix Verb URI Pattern Controller#Action
root GET / application#home
new_user_session GET /auth/sign_in(.:format) devise_token_auth/sessions#new
user_session POST /auth/sign_in(.:format) devise_token_auth/sessions#create
destroy_user_session DELETE /auth/sign_out(.:format) devise_token_auth/sessions#destroy
new_user_password GET /auth/password/new(.:format) devise_token_auth/passwords#new
edit_user_password GET /auth/password/edit(.:format) devise_token_auth/passwords#edit
user_password PATCH /auth/password(.:format) devise_token_auth/passwords#update
PUT /auth/password(.:format) devise_token_auth/passwords#update
POST /auth/password(.:format) devise_token_auth/passwords#create
cancel_user_registration GET /auth/cancel(.:format) devise_token_auth/registrations#cancel
new_user_registration GET /auth/sign_up(.:format) devise_token_auth/registrations#new
edit_user_registration GET /auth/edit(.:format) devise_token_auth/registrations#edit
user_registration PATCH /auth(.:format) devise_token_auth/registrations#update
PUT /auth(.:format) devise_token_auth/registrations#update
DELETE /auth(.:format) devise_token_auth/registrations#destroy
POST /auth(.:format) devise_token_auth/registrations#create
auth_validate_token GET /auth/validate_token(.:format) devise_token_auth/token_validations#validate_token
auth_failure GET /auth/failure(.:format) users/omniauth_callbacks#omniauth_failure
GET /auth/:provider/callback(.:format) users/omniauth_callbacks#omniauth_success
GET|POST /omniauth/:provider/callback(.:format) users/omniauth_callbacks#redirect_callbacks
omniauth_failure GET|POST /omniauth/failure(.:format) users/omniauth_callbacks#omniauth_failure
GET /auth/:provider(.:format) redirect(301)
如您所見, /omniauth/:provider
路由甚至不存在……知道問題是什么嗎?
將OmniAuth.config.allowed_request_methods = [:get]
放在 omniauth 初始化程序中為我解決了這個問題。
像這樣:
Rails.application.config.middleware.use OmniAuth::Builder do
OmniAuth.config.allowed_request_methods = [:get]
provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET']
end
但是,必須注意,允許 GET 請求會給出以下警告:
You are using GET as an allowed request method for OmniAuth. This may leave
you open to CSRF attacks. As of v2.0.0, OmniAuth by default allows only POST
to its own routes. You should review the following resources to guide your
mitigation:
https://github.com/omniauth/omniauth/wiki/Resolving-CVE-2015-9284
https://github.com/omniauth/omniauth/issues/960
https://nvd.nist.gov/vuln/detail/CVE-2015-9284
https://github.com/omniauth/omniauth/pull/809
You can ignore this warning by setting:
OmniAuth.config.silence_get_warning = true
所以最好只允許 POST 請求
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.