Skip to content
This repository

When I click cancel when logging in with Twitter or Facebook I get an error #616

Open
pupeno opened this Issue June 14, 2012 · 8 comments

7 participants

J. Pablo Fernández Heath Morrison Jeremy Haile Erik Michaels-Ober Anton Konet David Bayendor Peter Sankauskas
J. Pablo Fernández
pupeno commented June 14, 2012

Hello,

When I click cancel in the Twitter or Facebook login or auth pages, I get redirected back to my app and OmniAuth throws an exception (that obviously I can't catch). The exception is: OAuth::Unauthorized (401 Unauthorized), and the stack trace is:

oauth (0.4.6) lib/oauth/consumer.rb:216:in `token_request'
  oauth (0.4.6) lib/oauth/consumer.rb:136:in `get_request_token'
  omniauth-oauth (1.0.1) lib/omniauth/strategies/oauth.rb:29:in `request_phase'
  omniauth-twitter (0.0.11) lib/omniauth/strategies/twitter.rb:50:in `request_phase'
  omniauth (1.1.0) lib/omniauth/strategy.rb:207:in `request_call'
  omniauth (1.1.0) lib/omniauth/strategy.rb:174:in `call!'
  omniauth (1.1.0) lib/omniauth/strategy.rb:157:in `call'
  omniauth (1.1.0) lib/omniauth/strategy.rb:177:in `call!'
  omniauth (1.1.0) lib/omniauth/strategy.rb:157:in `call'
  omniauth (1.1.0) lib/omniauth/builder.rb:48:in `call'
  sass (3.1.19) lib/sass/plugin/rack.rb:54:in `call'
  warden (1.1.1) lib/warden/manager.rb:35:in `block in call'
  warden (1.1.1) lib/warden/manager.rb:34:in `catch'
  warden (1.1.1) lib/warden/manager.rb:34:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/best_standards_support.rb:17:in `call'
  rack (1.4.1) lib/rack/etag.rb:23:in `call'
  rack (1.4.1) lib/rack/conditionalget.rb:25:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/head.rb:14:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/params_parser.rb:21:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/flash.rb:242:in `call'
  rack (1.4.1) lib/rack/session/abstract/id.rb:205:in `context'
  rack (1.4.1) lib/rack/session/abstract/id.rb:200:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/cookies.rb:338:in `call'
  activerecord (3.2.6) lib/active_record/query_cache.rb:64:in `call'
  activerecord (3.2.6) lib/active_record/connection_adapters/abstract/connection_pool.rb:473:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/callbacks.rb:28:in `block in call'
  activesupport (3.2.6) lib/active_support/callbacks.rb:405:in `_run__60653626266012267__call__4496837804684830799__callbacks'
  activesupport (3.2.6) lib/active_support/callbacks.rb:405:in `__run_callback'
  activesupport (3.2.6) lib/active_support/callbacks.rb:385:in `_run_call_callbacks'
  activesupport (3.2.6) lib/active_support/callbacks.rb:81:in `run_callbacks'
  actionpack (3.2.6) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/reloader.rb:65:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/remote_ip.rb:31:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/debug_exceptions.rb:16:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/show_exceptions.rb:56:in `call'
  railties (3.2.6) lib/rails/rack/logger.rb:26:in `call_app'
  railties (3.2.6) lib/rails/rack/logger.rb:16:in `call'
  quiet_assets (1.0.1) lib/quiet_assets.rb:20:in `call_with_quiet_assets'
  actionpack (3.2.6) lib/action_dispatch/middleware/request_id.rb:22:in `call'
  rack (1.4.1) lib/rack/methodoverride.rb:21:in `call'
  rack (1.4.1) lib/rack/runtime.rb:17:in `call'
  activesupport (3.2.6) lib/active_support/cache/strategy/local_cache.rb:72:in `call'
  rack (1.4.1) lib/rack/lock.rb:15:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/static.rb:62:in `call'
  airbrake (3.1.1) lib/airbrake/rack.rb:30:in `call'
  airbrake (3.1.1) lib/airbrake/user_informer.rb:12:in `call'
  railties (3.2.6) lib/rails/engine.rb:479:in `call'
  railties (3.2.6) lib/rails/application.rb:220:in `call'
  rack (1.4.1) lib/rack/content_length.rb:14:in `call'
  railties (3.2.6) lib/rails/rack/log_tailer.rb:17:in `call'
  thin (1.3.1) lib/thin/connection.rb:80:in `block in pre_process'
  thin (1.3.1) lib/thin/connection.rb:78:in `catch'
  thin (1.3.1) lib/thin/connection.rb:78:in `pre_process'
  thin (1.3.1) lib/thin/connection.rb:53:in `process'
  thin (1.3.1) lib/thin/connection.rb:38:in `receive_data'
  eventmachine (0.12.10) lib/eventmachine.rb:256:in `run_machine'
  eventmachine (0.12.10) lib/eventmachine.rb:256:in `run'
  thin (1.3.1) lib/thin/backends/base.rb:61:in `start'
  thin (1.3.1) lib/thin/server.rb:159:in `start'
  rack (1.4.1) lib/rack/handler/thin.rb:13:in `run'
  rack (1.4.1) lib/rack/server.rb:265:in `start'
  railties (3.2.6) lib/rails/commands/server.rb:70:in `start'
  railties (3.2.6) lib/rails/commands.rb:55:in `block in <top (required)>'
  railties (3.2.6) lib/rails/commands.rb:50:in `tap'
  railties (3.2.6) lib/rails/commands.rb:50:in `<top (required)>'
  script/rails:6:in `require'
  script/rails:6:in `<top (required)>'
  -e:1:in `load'
  -e:1:in `<main>'

I asked about this in StackOverflow but I think it might be a bug: http://stackoverflow.com/questions/10963286/callback-denied-with-omniauth

J. Pablo Fernández
pupeno commented June 15, 2012

Adding this to the omniauth initializer of my Rails project fixed/workarounded this issue:

class NonExplodingFailureEndpoint
  attr_reader :env

  def self.call(env)
    new(env).call
  end

  def initialize(env)
    @env = env
  end

  def call
    redirect_to_failure
  end

  def raise_out!
    raise env['omniauth.error'] || OmniAuth::Error.new(env['omniauth.error.type'])
  end

  def redirect_to_failure
    message_key = env['omniauth.error.type']
    new_path = "#{env['SCRIPT_NAME']}#{OmniAuth.config.path_prefix}/failure?message=#{message_key}"
    Rack::Response.new(["302 Moved"], 302, 'Location' => new_path).finish
  end
end

OmniAuth.config.on_failure = NonExplodingFailureEndpoint

Note the lack of missing:

raise_out! if ENV['RACK_ENV'].to_s == 'development'
J. Pablo Fernández
pupeno commented June 15, 2012

A smaller workaround:

class NonExplodingFailureEndpoint < OmniAuth::FailureEndpoint
  def call
    redirect_to_failure
  end
end

OmniAuth.config.on_failure = NonExplodingFailureEndpoint
Heath Morrison

I had this problem also, but stumbled into an entry in the FAQ. It contains the following even more concise solution, which I prefer:

# Added to config/initializers/omniauth.rb
OmniAuth.config.on_failure = Proc.new { |env|
  OmniAuth::FailureEndpoint.new(env).redirect_to_failure
}

And fwiw - the default behavior feels wrong, as authentication failure is not an exceptional event.

Jeremy Haile

This feels wrong to me as well. Please fix!

Erik Michaels-Ober
Collaborator

Patches welcome!

Anton Konet

I have the same problem with LinkedIn, your solutions helped me, but then I cannot define the reason of the failure - invalid_credentials or user_refused. So need patch for fixing this problem. Thanks.

David Bayendor

For what it's worth the same things happens when applied to accessing Github. As a new developer, my thanks to those who of you who posted solutions, they helped me. Seems that this needs needs a better defined behavior.

Peter Sankauskas

@doublemarked That did the trick. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.