Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

When I click cancel when logging in with Twitter or Facebook I get an error #616

Open
pupeno opened this Issue · 9 comments

8 participants

@pupeno

Hello,

When I click cancel in the Twitter or Facebook login or auth pages, I get redirected back to my app and OmniAuth throws an exception (that obviously I can't catch). The exception is: OAuth::Unauthorized (401 Unauthorized), and the stack trace is:

oauth (0.4.6) lib/oauth/consumer.rb:216:in `token_request'
  oauth (0.4.6) lib/oauth/consumer.rb:136:in `get_request_token'
  omniauth-oauth (1.0.1) lib/omniauth/strategies/oauth.rb:29:in `request_phase'
  omniauth-twitter (0.0.11) lib/omniauth/strategies/twitter.rb:50:in `request_phase'
  omniauth (1.1.0) lib/omniauth/strategy.rb:207:in `request_call'
  omniauth (1.1.0) lib/omniauth/strategy.rb:174:in `call!'
  omniauth (1.1.0) lib/omniauth/strategy.rb:157:in `call'
  omniauth (1.1.0) lib/omniauth/strategy.rb:177:in `call!'
  omniauth (1.1.0) lib/omniauth/strategy.rb:157:in `call'
  omniauth (1.1.0) lib/omniauth/builder.rb:48:in `call'
  sass (3.1.19) lib/sass/plugin/rack.rb:54:in `call'
  warden (1.1.1) lib/warden/manager.rb:35:in `block in call'
  warden (1.1.1) lib/warden/manager.rb:34:in `catch'
  warden (1.1.1) lib/warden/manager.rb:34:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/best_standards_support.rb:17:in `call'
  rack (1.4.1) lib/rack/etag.rb:23:in `call'
  rack (1.4.1) lib/rack/conditionalget.rb:25:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/head.rb:14:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/params_parser.rb:21:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/flash.rb:242:in `call'
  rack (1.4.1) lib/rack/session/abstract/id.rb:205:in `context'
  rack (1.4.1) lib/rack/session/abstract/id.rb:200:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/cookies.rb:338:in `call'
  activerecord (3.2.6) lib/active_record/query_cache.rb:64:in `call'
  activerecord (3.2.6) lib/active_record/connection_adapters/abstract/connection_pool.rb:473:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/callbacks.rb:28:in `block in call'
  activesupport (3.2.6) lib/active_support/callbacks.rb:405:in `_run__60653626266012267__call__4496837804684830799__callbacks'
  activesupport (3.2.6) lib/active_support/callbacks.rb:405:in `__run_callback'
  activesupport (3.2.6) lib/active_support/callbacks.rb:385:in `_run_call_callbacks'
  activesupport (3.2.6) lib/active_support/callbacks.rb:81:in `run_callbacks'
  actionpack (3.2.6) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/reloader.rb:65:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/remote_ip.rb:31:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/debug_exceptions.rb:16:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/show_exceptions.rb:56:in `call'
  railties (3.2.6) lib/rails/rack/logger.rb:26:in `call_app'
  railties (3.2.6) lib/rails/rack/logger.rb:16:in `call'
  quiet_assets (1.0.1) lib/quiet_assets.rb:20:in `call_with_quiet_assets'
  actionpack (3.2.6) lib/action_dispatch/middleware/request_id.rb:22:in `call'
  rack (1.4.1) lib/rack/methodoverride.rb:21:in `call'
  rack (1.4.1) lib/rack/runtime.rb:17:in `call'
  activesupport (3.2.6) lib/active_support/cache/strategy/local_cache.rb:72:in `call'
  rack (1.4.1) lib/rack/lock.rb:15:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/static.rb:62:in `call'
  airbrake (3.1.1) lib/airbrake/rack.rb:30:in `call'
  airbrake (3.1.1) lib/airbrake/user_informer.rb:12:in `call'
  railties (3.2.6) lib/rails/engine.rb:479:in `call'
  railties (3.2.6) lib/rails/application.rb:220:in `call'
  rack (1.4.1) lib/rack/content_length.rb:14:in `call'
  railties (3.2.6) lib/rails/rack/log_tailer.rb:17:in `call'
  thin (1.3.1) lib/thin/connection.rb:80:in `block in pre_process'
  thin (1.3.1) lib/thin/connection.rb:78:in `catch'
  thin (1.3.1) lib/thin/connection.rb:78:in `pre_process'
  thin (1.3.1) lib/thin/connection.rb:53:in `process'
  thin (1.3.1) lib/thin/connection.rb:38:in `receive_data'
  eventmachine (0.12.10) lib/eventmachine.rb:256:in `run_machine'
  eventmachine (0.12.10) lib/eventmachine.rb:256:in `run'
  thin (1.3.1) lib/thin/backends/base.rb:61:in `start'
  thin (1.3.1) lib/thin/server.rb:159:in `start'
  rack (1.4.1) lib/rack/handler/thin.rb:13:in `run'
  rack (1.4.1) lib/rack/server.rb:265:in `start'
  railties (3.2.6) lib/rails/commands/server.rb:70:in `start'
  railties (3.2.6) lib/rails/commands.rb:55:in `block in <top (required)>'
  railties (3.2.6) lib/rails/commands.rb:50:in `tap'
  railties (3.2.6) lib/rails/commands.rb:50:in `<top (required)>'
  script/rails:6:in `require'
  script/rails:6:in `<top (required)>'
  -e:1:in `load'
  -e:1:in `<main>'

I asked about this in StackOverflow but I think it might be a bug: http://stackoverflow.com/questions/10963286/callback-denied-with-omniauth

@pupeno

Adding this to the omniauth initializer of my Rails project fixed/workarounded this issue:

class NonExplodingFailureEndpoint
  attr_reader :env

  def self.call(env)
    new(env).call
  end

  def initialize(env)
    @env = env
  end

  def call
    redirect_to_failure
  end

  def raise_out!
    raise env['omniauth.error'] || OmniAuth::Error.new(env['omniauth.error.type'])
  end

  def redirect_to_failure
    message_key = env['omniauth.error.type']
    new_path = "#{env['SCRIPT_NAME']}#{OmniAuth.config.path_prefix}/failure?message=#{message_key}"
    Rack::Response.new(["302 Moved"], 302, 'Location' => new_path).finish
  end
end

OmniAuth.config.on_failure = NonExplodingFailureEndpoint

Note the lack of missing:

raise_out! if ENV['RACK_ENV'].to_s == 'development'
@pupeno

A smaller workaround:

class NonExplodingFailureEndpoint < OmniAuth::FailureEndpoint
  def call
    redirect_to_failure
  end
end

OmniAuth.config.on_failure = NonExplodingFailureEndpoint
@doublemarked

I had this problem also, but stumbled into an entry in the FAQ. It contains the following even more concise solution, which I prefer:

# Added to config/initializers/omniauth.rb
OmniAuth.config.on_failure = Proc.new { |env|
  OmniAuth::FailureEndpoint.new(env).redirect_to_failure
}

And fwiw - the default behavior feels wrong, as authentication failure is not an exceptional event.

@jeremyhaile

This feels wrong to me as well. Please fix!

@sferik
Owner

Patches welcome!

@AntonKonet

I have the same problem with LinkedIn, your solutions helped me, but then I cannot define the reason of the failure - invalid_credentials or user_refused. So need patch for fixing this problem. Thanks.

@bayendor

For what it's worth the same things happens when applied to accessing Github. As a new developer, my thanks to those who of you who posted solutions, they helped me. Seems that this needs needs a better defined behavior.

@pas256

@doublemarked That did the trick. Thanks!

@grosser

Using this now to get users back to where they came from ... or root ... setting a flash would be nice but ...

OmniAuth.config.on_failure = -> (env) do
  Rack::Response.new(['302 Moved'], 302, 'Location' => env['omniauth.origin'] || "/").finish
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.