Ask A Question

Notifications

You’re not receiving notifications from this thread.

Rails for Beginners Part 24: OmniAuth 2.0 URLs Discussion

I get an error No route matches [GET] "/auth/twitter" -- feels like some rails magic I missed :/

Reply

It seems there was a change with the omniauth gem that defaults to only POST requests (https://stackoverflow.com/a/65785932)

Reply

Those having this issue should skip to Part 40 of this tutorial where Chris fixes this.

It's not mentioned here because when this was recorded, the OmniAuth gem allowed GET requests. The gem has since been updated to v2 where only POST requests are allowed by default. This is fixed with the OmniAuth CSRF Protection gem, which is explained in Part 40.

Chris, if you see this, it might be good to add a note or annotation to this video explaining that the latest version of OmniAuth now prevents GET requests by default, so an error will occur without adding OmniAuth CSRF Protection or enabling GET requests in the OmniAuth initializer.

Reply

As Dana said, this is fixed in part 40.

What I did after watching part 40 (if you want to save time):

  • run "bundle add omniauth-rails_csrf_protection" in your terminal
  • temporarily add "<%= button_to 'twitter', '/auth/twitter' %>" in your application.html.erb (or where you find it convenient)
  • click the button, which will lead you to the desired authorization page
Reply

I just updated this lesson for Omniauth 2.0. 👍

Reply

I keep getting the OAuth::Unauthorized error, not sure what is going on here but it's keeping me from progressing sadly.

        self.token_request(http_method, uri.path, token, request_options, arguments)
      when (400..499)
        raise OAuth::Unauthorized, response
      else
        response.error!
      end
Reply

There's a question from someone who I believe following this course getting the same error:
https://stackoverflow.com/questions/66009147/no-route-matches-get-auth-twitter-omnia

Reply

The issue for me was that I created an app that was using the v2 of the Twitter API and this tutorial makes use of v1.1, I have answered a question on StackOverflow with a more detailed answer: https://stackoverflow.com/a/66060794/4032810

Good luck everyone!

Reply

I don't even think it's possible to create a standalone app anymore meaning I don't know how to proceed with this tutorial.

Reply

You need to set up OAuth in Twitter Developer dashboard. Go to Project & Apps -> Project Name -> App Name. Then:
OAuth Version: OAuth 1.0a
App permissions: Read and write
Callback URI / Redirect URL: http://localhost:3000/auth/twitter/callback
Website URL: e.g. https://gorails.com

Reply

Once again great tutorial - keep up the good work. I have a question, how do we or how can we handle this call back URL if we have a multi-tenant app? will the wild card in the callback in twitter work? https://*.example.com/auth/twitter

Reply

Hello Chris,
Thanks for this tutorial! when pushing the connect to Twitter button, I receive this error
OAuth::Unauthorized
400 Bad Request
Extracted source (around line #254):

self.token_request(http_method, uri.path, token, request_options, arguments)
when (400..499)
raise OAuth::Unauthorized, response
else
response.error!
end
I adjusted to using a post method in the views/main/index file
to match the new requirements for omniauth.
'<%=button_to "Connect Twitter", "/auth/twitter", method: :post, class: "btn btn-primary" %>

An error occurs when I run Rails C and then run Rails.application.credentials.twitter I receive nil as my response, but when run 'EDITOR="atom --wait" rails credentials: edit I can see the saved Twitter api_key

Thank you

Reply

Try generating a standalone twitter app with v1.1 access (note from Twitter: Standalone Apps live outside of Projects. This means that they can’t use the the most current v2 Twitter API endpoints.). Generate the new api key and secret for the v1.1 app and use those in your credentials:edit step. See cristiano's answer.

Reply

It might make sense to remove the old version([OLD] Rails for Beginners Part 24: OmniAuth URLs) from the playlist on YouTube, I got bogged down thinking I had a problem with my setup, stopping at this video and trying a number of things to debug before finding this thread. Playing in full screen mode, I don't notice the titles, but they are there. Next time I'll read the title and try the forums :)

Reply

To make this work I had to also create a standalone app, that only has v1.1 access, as described in cristiano's post above. To verify that things work outside of twitter you can use the "developer" strategy: provider :developer unless Rails.env.production? (see omniauth docs) then perform a post request to /auth/developer

Reply

I've tried every suggestion above and it is still saying it's unauthorized.

Reply

For anyone that's still having issues, make sure that you're accessing your application in the browser at the same URL that you put in the callback. If you put 127.0.0.1 as the host in the Twitter callback URL, make sure your own browser is at that URL (and not something else, like localhost, or 0.0.0.0).

Reply

this was it! thank you! I have made this mistake too many times to count

Reply

I'm having the OAuth::Unauthorized 400 Bad Request. None of the suggestions here work.

I do notice that the omniauth-twitter gem has a dependency of omniauth-oauth 1.1 but when using omniauth 2.0, the omniauth-oauth version is bumped to 1.2

I wonder if this version mismatch causes issues with how the omniauth-twitter gem makes calls.

Looking for help from anybody who has gotten the request to work.

Reply

I'm an idiot. I was putting my credentials in the production file and not using the --environment development flag. So I was trying to authenticate w/ the twitter api with no credentials.

Reply

/Users/thebrainiac/.rbenv/versions/3.0.2/lib/ruby/gems/3.0.0/gems/activesupport-6.1.4.1/lib/active_support/core_ext/module/delegation.rb:310:in `dig': String does not have #dig method (TypeError)

Reply

Forgot to add a space for api_key: in the vim file.

Reply

Ok now I'm getting Session expired (OmniAuth NoSession Error). If you are making a beginner level tutorial at least have the decency to keep it up to date.
I'm going back to good old PHP.

Reply

Are you using Rails in API mode? If so, this might help:

https://github.com/omniauth/omniauth#integrating-omniauth-into-your-rails-api

Reply

Yes I am.

Reply

In case useful for anyone, I had the same OAuth::Unauthorized 400 Bad Request TWICE and was struggling to diagnose the issue.

First time it was as simple as a typo within the omniauth.rb file - so check that first if you get 400. I was second-guessing that it was to do with the change to Oauth2.0 or something else.

Also, as it isn't shown explicitly in the tutorial and seems like Twitter have updated the interface within their developer section. When setting up the app select Oauth 1.0a, request email, Read and write. The 0auth 2.0 options did not work for me and gave me the '400 Bad Request' error but when I switched to 1.0a it went through fine

Reply

Unfortunately for me, having wired everything up, when I hit the 'Connect Twitter' button, the browser console displays Fetch API cannot loadapi.twitter.com/oauth/authenticate?oauth_token=... due to access control checks.`

Seems like there's some CORS issues going on. Does anyone have any idea how to get around this?

Reply

Just had that issue, hope this helps

add this :data => {turbo: "false"}

<%= button_to 'twitter', '/auth/twitter', method: :post, :data => {turbo: "false"}%>

https://dev.to/rbazinet/hotwire-fix-for-cors-error-when-using-omniauth-3k36

Reply

Hi @Andrew, I had a similar issue and your solution fixed the CORS error I was facing.

Reply

Hi
I get this error: OAuth::Unauthorized

OAuth::Unauthorized
        self.token_request(http_method, uri.path, token, request_options, arguments)
      when (400..499)
        raise OAuth::Unauthorized, response
      else
        response.error!
      end

Please your help

Reply

I'm getting this when I click the "Connect Twitter" button, I guess the credentials are not working but I don't know how can I solve this.
"Started POST "/auth/twitter" for ::1 at 2022-05-04 11:59:23 -0500
D, [2022-05-04T11:59:23.666160 #33794] DEBUG -- omniauth: (twitter) Request phase initiated."

I already check and I'm using the correct keys, is there any suggestion to solve this? I have Elevated access to the Twitter API, can this affect the way I need to interact with it?

Reply

hey, did you manage to get past this? I'm stuck here

Reply

I had the same issue, I figurate the problem is with the app CORS, unfortunately, I tried a couple of different things and none worked for me. If you inspect your page and go to the console you should get the error with the authentication link. if you click on this it will then proceed to complete the request that's all I have been able to accomplish so far. Hopefully, this helps so someone can find the solution around CORS.

Reply

nevermind just found a way of fixing this without messing with CORDS. Try this as the button

<%= button_to "Connect Twitter", "/auth/twitter", method: :post, :data => {turbo: "false"}, class: "btn btn-primary"%>

hopefully this works for everyone.

Reply

It worked perfectly, thank you!

Reply

thanks!
fixed my problem.

Reply

Thanks @rails_tester!

Reply

Wow... 2024 and I had this error and your solution helped me, thanks a lot!

Reply

Been hitting an error for 2.5 weeks now, its the common OAuth:: Unauthorized error.

    self.token_request(http_method, uri.path, token, request_options, arguments)
  when (400..499)
    raise OAuth::Unauthorized, response
  else
    response.error!
  end

Every single solution here has not worked for me. At this point, I can't progress. Chris or whoever, please provide some help. I'd love to finish this project. I just can't get past this error

Reply

Twitter doesn't allow localhost as part of a valid callback URL.

Instead use http://127.0.0.1:3000/auth/twitter/callback

Reply

It doesn't solve it for me.

Reply

oddly. my app does not seem to be trying to go to twitter, just complains that there isnt a route for post /auth/twitter

Reply

Every time I click the Connect to twitter button I'm brought to
https://twitter.com/i/oauth2/authorize?client_id=.......

And get:

Something went wrong
You weren’t able to give access to the App. Go back and try logging in again.

Reply

I also had the same issue.
I replaced the API key and secret with the OAuth 2.0 Client ID and Client Secret from the twitter API and then it worked for me.

Reply

I'm stuck too. It seems Twitter changed something yet again.

When clicking on the "Connect Twitter" button I get:

OAuth::Unauthorized
403 Forbidden

Extracted source (around line #268):
token_request(http_method, uri.path, token, request_options, arguments)
when (400..499)
raise OAuth::Unauthorized, response
else
response.error!
end

Reply

This seems like what happened to me when I was trying to deploy on Heroku, it was working fine locally:

  • The credentials are not being loaded because the decryption of the production.yml.emc is failing.

The fix for me was setting the heroku env RAILS_MASTER_KEY and setting its value to the value of production.key

Hope it helps

Reply

Try this:
Open a rails console and run:
Rails.application.credentials.twitter
then, verify the keys you write in the omniauth.rb file has the correct "name" (key in a hash)
I wrongly saved the secret_key in credentials as api_secret_key and that caused the same error you have.
Hope it helps

Reply

I've had to use :data => {turbo: "false"} in a few places now when using the latest rails. It feels like this is a workaround. Do you have tutorial that shows how we should resolve this properly with Hotwire?

Reply

Disabling Turbo is the right solution for any oauth links that redirect externally.

Reply
Join the discussion
Create an account Log in

Want to stay up-to-date with Ruby on Rails?

Join 86,946+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.