Rails for Beginners Part 24: OmniAuth 2.0 URLs Discussion
I get an error No route matches [GET] "/auth/twitter" -- feels like some rails magic I missed :/
It seems there was a change with the omniauth gem that defaults to only POST requests (https://stackoverflow.com/a/65785932)
Those having this issue should skip to Part 40 of this tutorial where Chris fixes this.
It's not mentioned here because when this was recorded, the OmniAuth gem allowed GET requests. The gem has since been updated to v2 where only POST requests are allowed by default. This is fixed with the OmniAuth CSRF Protection gem, which is explained in Part 40.
Chris, if you see this, it might be good to add a note or annotation to this video explaining that the latest version of OmniAuth now prevents GET requests by default, so an error will occur without adding OmniAuth CSRF Protection or enabling GET requests in the OmniAuth initializer.
As Dana said, this is fixed in part 40.
What I did after watching part 40 (if you want to save time):
- run "bundle add omniauth-rails_csrf_protection" in your terminal
- temporarily add "<%= button_to 'twitter', '/auth/twitter' %>" in your application.html.erb (or where you find it convenient)
- click the button, which will lead you to the desired authorization page
I keep getting the OAuth::Unauthorized error, not sure what is going on here but it's keeping me from progressing sadly.
self.token_request(http_method, uri.path, token, request_options, arguments)
when (400..499)
raise OAuth::Unauthorized, response
else
response.error!
end
There's a question from someone who I believe following this course getting the same error:
https://stackoverflow.com/questions/66009147/no-route-matches-get-auth-twitter-omnia
The issue for me was that I created an app that was using the v2 of the Twitter API and this tutorial makes use of v1.1, I have answered a question on StackOverflow with a more detailed answer: https://stackoverflow.com/a/66060794/4032810
Good luck everyone!
I don't even think it's possible to create a standalone app anymore meaning I don't know how to proceed with this tutorial.
You need to set up OAuth in Twitter Developer dashboard. Go to Project & Apps -> Project Name -> App Name. Then:
OAuth Version: OAuth 1.0a
App permissions: Read and write
Callback URI / Redirect URL: http://localhost:3000/auth/twitter/callback
Website URL: e.g. https://gorails.com
Once again great tutorial - keep up the good work. I have a question, how do we or how can we handle this call back URL if we have a multi-tenant app? will the wild card in the callback in twitter work? https://*.example.com/auth/twitter
Hello Chris,
Thanks for this tutorial! when pushing the connect to Twitter button, I receive this error
OAuth::Unauthorized
400 Bad Request
Extracted source (around line #254):
self.token_request(http_method, uri.path, token, request_options, arguments)
when (400..499)
raise OAuth::Unauthorized, response
else
response.error!
end
I adjusted to using a post method in the views/main/index file
to match the new requirements for omniauth.
'<%=button_to "Connect Twitter", "/auth/twitter", method: :post, class: "btn btn-primary" %>
An error occurs when I run Rails C and then run Rails.application.credentials.twitter I receive nil as my response, but when run 'EDITOR="atom --wait" rails credentials: edit I can see the saved Twitter api_key
Thank you
Try generating a standalone twitter app with v1.1 access (note from Twitter: Standalone Apps live outside of Projects. This means that they can’t use the the most current v2 Twitter API endpoints.). Generate the new api key and secret for the v1.1 app and use those in your credentials:edit step. See cristiano's answer.
It might make sense to remove the old version([OLD] Rails for Beginners Part 24: OmniAuth URLs) from the playlist on YouTube, I got bogged down thinking I had a problem with my setup, stopping at this video and trying a number of things to debug before finding this thread. Playing in full screen mode, I don't notice the titles, but they are there. Next time I'll read the title and try the forums :)
To make this work I had to also create a standalone app, that only has v1.1 access, as described in cristiano's post above. To verify that things work outside of twitter you can use the "developer" strategy: provider :developer unless Rails.env.production? (see omniauth docs) then perform a post request to /auth/developer
For anyone that's still having issues, make sure that you're accessing your application in the browser at the same URL that you put in the callback. If you put 127.0.0.1 as the host in the Twitter callback URL, make sure your own browser is at that URL (and not something else, like localhost, or 0.0.0.0).
I'm having the OAuth::Unauthorized 400 Bad Request. None of the suggestions here work.
I do notice that the omniauth-twitter gem has a dependency of omniauth-oauth 1.1 but when using omniauth 2.0, the omniauth-oauth version is bumped to 1.2
I wonder if this version mismatch causes issues with how the omniauth-twitter gem makes calls.
Looking for help from anybody who has gotten the request to work.
/Users/thebrainiac/.rbenv/versions/3.0.2/lib/ruby/gems/3.0.0/gems/activesupport-6.1.4.1/lib/active_support/core_ext/module/delegation.rb:310:in `dig': String does not have #dig method (TypeError)
Ok now I'm getting Session expired (OmniAuth NoSession Error). If you are making a beginner level tutorial at least have the decency to keep it up to date.
I'm going back to good old PHP.
Are you using Rails in API mode? If so, this might help:
https://github.com/omniauth/omniauth#integrating-omniauth-into-your-rails-api
In case useful for anyone, I had the same OAuth::Unauthorized 400 Bad Request TWICE and was struggling to diagnose the issue.
First time it was as simple as a typo within the omniauth.rb file - so check that first if you get 400. I was second-guessing that it was to do with the change to Oauth2.0 or something else.
Also, as it isn't shown explicitly in the tutorial and seems like Twitter have updated the interface within their developer section. When setting up the app select Oauth 1.0a, request email, Read and write. The 0auth 2.0 options did not work for me and gave me the '400 Bad Request' error but when I switched to 1.0a it went through fine
Unfortunately for me, having wired everything up, when I hit the 'Connect Twitter' button, the browser console displays Fetch API cannot loadapi.twitter.com/oauth/authenticate?oauth_token=... due to access control checks.`
Seems like there's some CORS issues going on. Does anyone have any idea how to get around this?
Just had that issue, hope this helps
add this :data => {turbo: "false"}
<%= button_to 'twitter', '/auth/twitter', method: :post, :data => {turbo: "false"}%>
https://dev.to/rbazinet/hotwire-fix-for-cors-error-when-using-omniauth-3k36
Hi @Andrew, I had a similar issue and your solution fixed the CORS error I was facing.
Hi
I get this error: OAuth::Unauthorized
OAuth::Unauthorized
self.token_request(http_method, uri.path, token, request_options, arguments)
when (400..499)
raise OAuth::Unauthorized, response
else
response.error!
end
Please your help
I'm getting this when I click the "Connect Twitter" button, I guess the credentials are not working but I don't know how can I solve this.
"Started POST "/auth/twitter" for ::1 at 2022-05-04 11:59:23 -0500
D, [2022-05-04T11:59:23.666160 #33794] DEBUG -- omniauth: (twitter) Request phase initiated."
I already check and I'm using the correct keys, is there any suggestion to solve this? I have Elevated access to the Twitter API, can this affect the way I need to interact with it?
I had the same issue, I figurate the problem is with the app CORS, unfortunately, I tried a couple of different things and none worked for me. If you inspect your page and go to the console you should get the error with the authentication link. if you click on this it will then proceed to complete the request that's all I have been able to accomplish so far. Hopefully, this helps so someone can find the solution around CORS.
nevermind just found a way of fixing this without messing with CORDS. Try this as the button
<%= button_to "Connect Twitter", "/auth/twitter", method: :post, :data => {turbo: "false"}, class: "btn btn-primary"%>
hopefully this works for everyone.
Been hitting an error for 2.5 weeks now, its the common OAuth:: Unauthorized error.
self.token_request(http_method, uri.path, token, request_options, arguments)
when (400..499)
raise OAuth::Unauthorized, response
else
response.error!
end
Every single solution here has not worked for me. At this point, I can't progress. Chris or whoever, please provide some help. I'd love to finish this project. I just can't get past this error
Twitter doesn't allow localhost as part of a valid callback URL.
Instead use http://127.0.0.1:3000/auth/twitter/callback
oddly. my app does not seem to be trying to go to twitter, just complains that there isnt a route for post /auth/twitter
Every time I click the Connect to twitter button I'm brought to
https://twitter.com/i/oauth2/authorize?client_id=.......
And get:
Something went wrong
You weren’t able to give access to the App. Go back and try logging in again.
I'm stuck too. It seems Twitter changed something yet again.
When clicking on the "Connect Twitter" button I get:
OAuth::Unauthorized
403 Forbidden
Extracted source (around line #268):
token_request(http_method, uri.path, token, request_options, arguments)
when (400..499)
raise OAuth::Unauthorized, response
else
response.error!
end
This seems like what happened to me when I was trying to deploy on Heroku, it was working fine locally:
- The credentials are not being loaded because the decryption of the production.yml.emc is failing.
The fix for me was setting the heroku env RAILS_MASTER_KEY and setting its value to the value of production.key
Hope it helps
Try this:
Open a rails console and run:
Rails.application.credentials.twitter
then, verify the keys you write in the omniauth.rb file has the correct "name" (key in a hash)
I wrongly saved the secret_key in credentials as api_secret_key and that caused the same error you have.
Hope it helps
I've had to use :data => {turbo: "false"} in a few places now when using the latest rails. It feels like this is a workaround. Do you have tutorial that shows how we should resolve this properly with Hotwire?
Disabling Turbo is the right solution for any oauth links that redirect externally.