Login immediately fails

[nambrot]

Hey there,

I'm sorry to open up another issue again, but SSL works super now :)

The problem we are facing is that the request phase seems to work just fine, we are getting a session id, however, eBay immediately redirects us back to the reject URL, without us every seeing the login screen. I assume the login-redirect must be broken somehow, unfortunately I have no knowledge in the matter. The redirect redirects to:

https://signin.sandbox.ebay.com/ws/eBayISAPI.dll?SingleSignOn&runame={runame}&sid={sid}, as it should be judging from ebay_api.rb

Is there anything that we are grossly overlooking?

[itayadler]

I see that you're using eBay sandbox (judging by your URL).
We're not using eBay sandbox, but rather the real eBay environment, I recommend you to do so as well.

[nambrot]

I'll try to do that, thanks for the prompt responses!

[samirahmed]

In production I run into this failing immediately aswell.

[itayadler]

@nambrot did you manage to get it to work?

[nambrot]

I'm working with Samir, so unfortunately not.

On Sunday, November 4, 2012, itayadler wrote:

@nambrot https://github.com/nambrot did you manage to get to work?

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/4#issuecomment-10048421.

[nambrot]

@itayadler are you guys still using this in production? We can not seem to be able to figure it out. We make a successful call to eBay to get the SessionID, so I assume that the setup can't be too off, but really the login_url immediately fails without any user interaction. And eBay is unfortunately not very helpful with any error message :(

[nambrot]

after additional hours of debugging I found the nasty one:

The original ebay_login_url is

url = "#{EBAY_LOGIN_URL}?SingleSignOn&runame=#{options.runame}&sid=#{URI.escape(session_id).gsub('+', '%2B')}"

however, that failed immediately. After looking deep into the docs (on a completely different part of it instead of Open eBay), I found out that this works for us:

url = "#{EBAY_LOGIN_URL}?SignIn&RuName=#{options.runame}&SessID=#{URI.escape(session_id).gsub('+', '%2B')}"

We then got to a login page finally, however on return, it seems like the gem expects sid to be passed from eBay which it doesn't seem to do (anymore). So we had to pass the session id in the ruparams:

 def ebay_login_url(session_id)
    #TODO: Refactor ruparams to receive all of the request query string
    url = "#{EBAY_LOGIN_URL}?SignIn&RuName=#{options.runame}&SessID=#{URI.escape(session_id).gsub('+', '%2B')}"
    internal_return_to = request.params['internal_return_to'] || request.params[:internal_return_to]
    ruparams = "sid=#{session_id}"
    ruparams += internal_return_to ? "internal_return_to=#{internal_return_to} " : "" 
    url << "&ruparams=#{CGI::escape(ruparams)}"
    url
  end

I'd be happy to do a pull request on this one, however we still had a complication where it wouldn't work in the sandbox environment, but since we can just specify another RuName to redirect to localhost, we are not sure whether that's acceptable or not. Thanks again so much for pointing us to the right direction!

[itayadler]

We have a different RuName for each environment(development, staging, production).
It appears that the SingleSignOn option is something that requires approval from eBay. (We have that permission in our apps)
So in order to support the SignIn option, we need to add another configuration item to the gem, that accepts
:sign_in or :single_sign_on.
Inside the strategy class, we need to extract the URL string building into a method that builds the correct URL with regards to the current configuration.
Open a pull request and we'll discuss the implementation further in there, and hopefully will release a new version afterwards.

[nambrot]

Thanks for the always quick response. Is there a practical difference between Signin and SingleSignOn?

[itayadler]

Yup, SingleSignOn skips the application approval dialog, so it's a much
better experience for the user.

Itay Adler
Web Developer*
*
Mobile: +972-50-6678880

On Wed, Nov 7, 2012 at 6:54 PM, nambrot notifications@github.com wrote:

Thanks for the always quick response. Is there a practical difference
between Signin and SingleSignOn?

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/4#issuecomment-10155623.

[nambrot]

That is pretty interesting. Is there a higher barrier to be approved by
eBay?

On Wed, Nov 7, 2012 at 6:04 PM, itayadler notifications@github.com wrote:

Yup, SingleSignOn skips the application approval dialog, so it's a much
better experience for the user.

Itay Adler
Web Developer*
*
Mobile: +972-50-6678880

On Wed, Nov 7, 2012 at 6:54 PM, nambrot notifications@github.com wrote:

Thanks for the always quick response. Is there a practical difference
between Signin and SingleSignOn?

—
Reply to this email directly or view it on GitHub<
https://github.com/TheGiftsProject/omniauth-ebay/issues/4#issuecomment-10155623>.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/4#issuecomment-10155996.

[itayadler]

That's all I know about this, let's see if Erez knows more about this :).
/cc: @ereztgp

Itay Adler
Web Developer*
*
Mobile: +972-50-6678880

On Wed, Nov 7, 2012 at 7:06 PM, nambrot notifications@github.com wrote:

That is pretty interesting. Is there a higher barrier to be approved by
eBay?

On Wed, Nov 7, 2012 at 6:04 PM, itayadler notifications@github.com
wrote:

Yup, SingleSignOn skips the application approval dialog, so it's a much
better experience for the user.

Itay Adler
Web Developer*
*
Mobile: +972-50-6678880

On Wed, Nov 7, 2012 at 6:54 PM, nambrot notifications@github.com
wrote:

Thanks for the always quick response. Is there a practical difference
between Signin and SingleSignOn?

—
Reply to this email directly or view it on GitHub<

https://github.com/TheGiftsProject/omniauth-ebay/issues/4#issuecomment-10155623>.

—
Reply to this email directly or view it on GitHub<
https://github.com/TheGiftsProject/omniauth-ebay/issues/4#issuecomment-10155996>.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/4#issuecomment-10156123.

[erezd]

Hi,

Generally, 3rd parties cannot skip the authorization window as a part of the sign-in process (that's internal for eBay implementations)

G'luck,
Erez.

From: itayadler <notifications@github.commailto:notifications@github.com>
Reply-To: TheGiftsProject/omniauth-ebay <reply@reply.github.commailto:reply@reply.github.com>
Date: Wednesday, November 7, 2012 7:09 PM
To: TheGiftsProject/omniauth-ebay <omniauth-ebay@noreply.github.commailto:omniauth-ebay@noreply.github.com>
Cc: Erez Dickman <edickman@ebay.commailto:edickman@ebay.com>
Subject: Re: [omniauth-ebay] Login immediately fails (#4)

That's all I know about this, let's see if Erez knows more about this :).
/cc: @ereztgp

Itay Adler
Web Developer*
*
Mobile: +972-50-6678880

On Wed, Nov 7, 2012 at 7:06 PM, nambrot <notifications@github.commailto:notifications@github.com> wrote:

That is pretty interesting. Is there a higher barrier to be approved by
eBay?

On Wed, Nov 7, 2012 at 6:04 PM, itayadler <notifications@github.commailto:notifications@github.com>
wrote:

Yup, SingleSignOn skips the application approval dialog, so it's a much
better experience for the user.

Itay Adler
Web Developer*
*
Mobile: +972-50-6678880

On Wed, Nov 7, 2012 at 6:54 PM, nambrot <notifications@github.commailto:notifications@github.com>
wrote:

Thanks for the always quick response. Is there a practical difference
between Signin and SingleSignOn?

—
Reply to this email directly or view it on GitHub<

https://github.com/TheGiftsProject/omniauth-ebay/issues/4#issuecomment-10155623>.

—
Reply to this email directly or view it on GitHub<
https://github.com/TheGiftsProject/omniauth-ebay/issues/4#issuecomment-10155996>.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/4#issuecomment-10156123.

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/4#issuecomment-10156221.

[rpocklin]

That's funny. I had the same issue as nambrot 2 days ago, and solved it in exactly the same way without reading this thread :) I now get back the request.env['omniauth.auth'] to the /auth/ebay/callback route, so it works. I didn't even realise there was another way to use OAuth with ebay (ie. SingleSignIn). Since there's no documentation talking about Ebay approval process on here, most people are probably expecting it to work with the 'simple' case (SignIn).

BTW: The user tokens you will get can be stored and reused so it's not like you need to authenticate to Ebay each time the user visits the site, but they may have to authenticate with your app to match it up. You just need the session ID which you can get using just the runame.

[nambrot]

thanks for the pull request, ebays documentation is indeed suboptimal in this regard.