Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

When I click cancel when logging in with Twitter or Facebook I get an error #616

Open
pupeno opened this Issue · 8 comments

7 participants

@pupeno

Hello,

When I click cancel in the Twitter or Facebook login or auth pages, I get redirected back to my app and OmniAuth throws an exception (that obviously I can't catch). The exception is: OAuth::Unauthorized (401 Unauthorized), and the stack trace is:

oauth (0.4.6) lib/oauth/consumer.rb:216:in `token_request'
  oauth (0.4.6) lib/oauth/consumer.rb:136:in `get_request_token'
  omniauth-oauth (1.0.1) lib/omniauth/strategies/oauth.rb:29:in `request_phase'
  omniauth-twitter (0.0.11) lib/omniauth/strategies/twitter.rb:50:in `request_phase'
  omniauth (1.1.0) lib/omniauth/strategy.rb:207:in `request_call'
  omniauth (1.1.0) lib/omniauth/strategy.rb:174:in `call!'
  omniauth (1.1.0) lib/omniauth/strategy.rb:157:in `call'
  omniauth (1.1.0) lib/omniauth/strategy.rb:177:in `call!'
  omniauth (1.1.0) lib/omniauth/strategy.rb:157:in `call'
  omniauth (1.1.0) lib/omniauth/builder.rb:48:in `call'
  sass (3.1.19) lib/sass/plugin/rack.rb:54:in `call'
  warden (1.1.1) lib/warden/manager.rb:35:in `block in call'
  warden (1.1.1) lib/warden/manager.rb:34:in `catch'
  warden (1.1.1) lib/warden/manager.rb:34:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/best_standards_support.rb:17:in `call'
  rack (1.4.1) lib/rack/etag.rb:23:in `call'
  rack (1.4.1) lib/rack/conditionalget.rb:25:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/head.rb:14:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/params_parser.rb:21:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/flash.rb:242:in `call'
  rack (1.4.1) lib/rack/session/abstract/id.rb:205:in `context'
  rack (1.4.1) lib/rack/session/abstract/id.rb:200:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/cookies.rb:338:in `call'
  activerecord (3.2.6) lib/active_record/query_cache.rb:64:in `call'
  activerecord (3.2.6) lib/active_record/connection_adapters/abstract/connection_pool.rb:473:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/callbacks.rb:28:in `block in call'
  activesupport (3.2.6) lib/active_support/callbacks.rb:405:in `_run__60653626266012267__call__4496837804684830799__callbacks'
  activesupport (3.2.6) lib/active_support/callbacks.rb:405:in `__run_callback'
  activesupport (3.2.6) lib/active_support/callbacks.rb:385:in `_run_call_callbacks'
  activesupport (3.2.6) lib/active_support/callbacks.rb:81:in `run_callbacks'
  actionpack (3.2.6) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/reloader.rb:65:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/remote_ip.rb:31:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/debug_exceptions.rb:16:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/show_exceptions.rb:56:in `call'
  railties (3.2.6) lib/rails/rack/logger.rb:26:in `call_app'
  railties (3.2.6) lib/rails/rack/logger.rb:16:in `call'
  quiet_assets (1.0.1) lib/quiet_assets.rb:20:in `call_with_quiet_assets'
  actionpack (3.2.6) lib/action_dispatch/middleware/request_id.rb:22:in `call'
  rack (1.4.1) lib/rack/methodoverride.rb:21:in `call'
  rack (1.4.1) lib/rack/runtime.rb:17:in `call'
  activesupport (3.2.6) lib/active_support/cache/strategy/local_cache.rb:72:in `call'
  rack (1.4.1) lib/rack/lock.rb:15:in `call'
  actionpack (3.2.6) lib/action_dispatch/middleware/static.rb:62:in `call'
  airbrake (3.1.1) lib/airbrake/rack.rb:30:in `call'
  airbrake (3.1.1) lib/airbrake/user_informer.rb:12:in `call'
  railties (3.2.6) lib/rails/engine.rb:479:in `call'
  railties (3.2.6) lib/rails/application.rb:220:in `call'
  rack (1.4.1) lib/rack/content_length.rb:14:in `call'
  railties (3.2.6) lib/rails/rack/log_tailer.rb:17:in `call'
  thin (1.3.1) lib/thin/connection.rb:80:in `block in pre_process'
  thin (1.3.1) lib/thin/connection.rb:78:in `catch'
  thin (1.3.1) lib/thin/connection.rb:78:in `pre_process'
  thin (1.3.1) lib/thin/connection.rb:53:in `process'
  thin (1.3.1) lib/thin/connection.rb:38:in `receive_data'
  eventmachine (0.12.10) lib/eventmachine.rb:256:in `run_machine'
  eventmachine (0.12.10) lib/eventmachine.rb:256:in `run'
  thin (1.3.1) lib/thin/backends/base.rb:61:in `start'
  thin (1.3.1) lib/thin/server.rb:159:in `start'
  rack (1.4.1) lib/rack/handler/thin.rb:13:in `run'
  rack (1.4.1) lib/rack/server.rb:265:in `start'
  railties (3.2.6) lib/rails/commands/server.rb:70:in `start'
  railties (3.2.6) lib/rails/commands.rb:55:in `block in <top (required)>'
  railties (3.2.6) lib/rails/commands.rb:50:in `tap'
  railties (3.2.6) lib/rails/commands.rb:50:in `<top (required)>'
  script/rails:6:in `require'
  script/rails:6:in `<top (required)>'
  -e:1:in `load'
  -e:1:in `<main>'

I asked about this in StackOverflow but I think it might be a bug: http://stackoverflow.com/questions/10963286/callback-denied-with-omniauth

@pupeno

Adding this to the omniauth initializer of my Rails project fixed/workarounded this issue:

class NonExplodingFailureEndpoint
  attr_reader :env

  def self.call(env)
    new(env).call
  end

  def initialize(env)
    @env = env
  end

  def call
    redirect_to_failure
  end

  def raise_out!
    raise env['omniauth.error'] || OmniAuth::Error.new(env['omniauth.error.type'])
  end

  def redirect_to_failure
    message_key = env['omniauth.error.type']
    new_path = "#{env['SCRIPT_NAME']}#{OmniAuth.config.path_prefix}/failure?message=#{message_key}"
    Rack::Response.new(["302 Moved"], 302, 'Location' => new_path).finish
  end
end

OmniAuth.config.on_failure = NonExplodingFailureEndpoint

Note the lack of missing:

raise_out! if ENV['RACK_ENV'].to_s == 'development'
@pupeno

A smaller workaround:

class NonExplodingFailureEndpoint < OmniAuth::FailureEndpoint
  def call
    redirect_to_failure
  end
end

OmniAuth.config.on_failure = NonExplodingFailureEndpoint
@doublemarked

I had this problem also, but stumbled into an entry in the FAQ. It contains the following even more concise solution, which I prefer:

# Added to config/initializers/omniauth.rb
OmniAuth.config.on_failure = Proc.new { |env|
  OmniAuth::FailureEndpoint.new(env).redirect_to_failure
}

And fwiw - the default behavior feels wrong, as authentication failure is not an exceptional event.

@jeremyhaile

This feels wrong to me as well. Please fix!

@sferik
Owner

Patches welcome!

@AntonKonet

I have the same problem with LinkedIn, your solutions helped me, but then I cannot define the reason of the failure - invalid_credentials or user_refused. So need patch for fixing this problem. Thanks.

@bayendor

For what it's worth the same things happens when applied to accessing Github. As a new developer, my thanks to those who of you who posted solutions, they helped me. Seems that this needs needs a better defined behavior.

@pas256

@doublemarked That did the trick. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.