New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

1.4.0 makes my rails app unable to sign in with facebook #81

Closed
PikachuEXE opened this Issue Oct 22, 2015 · 41 comments

Comments

Projects
None yet
@PikachuEXE

PikachuEXE commented Oct 22, 2015

rails 4.1.13
devise 3.5.2
omniauth (1.2.2)
omniauth-facebook (2.0.1)

1.3.1 was fine

Error:

(facebook) Authentication failure! invalid_credentials: OAuth2::Error, :
{"error":{"message":"Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request","type":"OAuthException","code":100,"fbtrace_id":"GjHr4Inn5Rq"}}
@hmnhf

This comment has been minimized.

Show comment
Hide comment
@hmnhf

hmnhf Oct 22, 2015

I'm getting the same error with omniauth-google-oauth2, after upgrading to 1.4.0.

(google_oauth2) Authentication failure! invalid_credentials: OAuth2::Error, redirect_uri_mismatch: 
{
  "error" : "redirect_uri_mismatch"
}

hmnhf commented Oct 22, 2015

I'm getting the same error with omniauth-google-oauth2, after upgrading to 1.4.0.

(google_oauth2) Authentication failure! invalid_credentials: OAuth2::Error, redirect_uri_mismatch: 
{
  "error" : "redirect_uri_mismatch"
}
@assembler

This comment has been minimized.

Show comment
Hide comment
@assembler

assembler Oct 22, 2015

+1 here with google. getting redirect_uri_mismatch as well

assembler commented Oct 22, 2015

+1 here with google. getting redirect_uri_mismatch as well

@assembler

This comment has been minimized.

Show comment
Hide comment
@assembler

assembler Oct 22, 2015

I guess it has to do with this commit:

2615267

assembler commented Oct 22, 2015

I guess it has to do with this commit:

2615267

@itmiguelfernandes

This comment has been minimized.

Show comment
Hide comment
@itmiguelfernandes

itmiguelfernandes Oct 22, 2015

I'm getting the same problem.
"message":"Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request","type":"OAuthException","code":100,"

itmiguelfernandes commented Oct 22, 2015

I'm getting the same problem.
"message":"Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request","type":"OAuthException","code":100,"

@libermans

This comment has been minimized.

Show comment
Hide comment
@libermans

libermans Oct 22, 2015

Yes it's because of 2615267 by @sferik . The redefinition of callback_url was deleted from OmniAuth::Strategies::OAuth2 while it was used in the strategy to get redirect_uri, which should be the same redirect_uri which we sent to facebook without params (code, etc).

You can use 1.3.1 version of the gem before the bug would be fixed.

libermans commented Oct 22, 2015

Yes it's because of 2615267 by @sferik . The redefinition of callback_url was deleted from OmniAuth::Strategies::OAuth2 while it was used in the strategy to get redirect_uri, which should be the same redirect_uri which we sent to facebook without params (code, etc).

You can use 1.3.1 version of the gem before the bug would be fixed.

@dja

This comment has been minimized.

Show comment
Hide comment
@dja

dja Oct 26, 2015

+1 to 1.3.1 temporarily fixes the issue

dja commented Oct 26, 2015

+1 to 1.3.1 temporarily fixes the issue

@pravbeatle

This comment has been minimized.

Show comment
Hide comment
@pravbeatle

pravbeatle Oct 26, 2015

i struggled with this for about a week before downgrading to 1.2!
This should be fixed asap! It was an absolute nightmare!

pravbeatle commented Oct 26, 2015

i struggled with this for about a week before downgrading to 1.2!
This should be fixed asap! It was an absolute nightmare!

@crgolden

This comment has been minimized.

Show comment
Hide comment
@crgolden

crgolden Oct 26, 2015

Yeah same here!
I got it working again by changing my Gemfile to:
gem 'omniauth-oauth2', '~> 1.3.1'

crgolden commented Oct 26, 2015

Yeah same here!
I got it working again by changing my Gemfile to:
gem 'omniauth-oauth2', '~> 1.3.1'

@PikachuEXE

This comment has been minimized.

Show comment
Hide comment
@PikachuEXE

PikachuEXE Oct 26, 2015

What does provider_ignores_state do?
Any doc?

PikachuEXE commented Oct 26, 2015

What does provider_ignores_state do?
Any doc?

@zmajstor

This comment has been minimized.

Show comment
Hide comment
@zmajstor

zmajstor Oct 26, 2015

unfortunately, google oauth2 doesn't work even with provider_ignores_state: true

zmajstor commented Oct 26, 2015

unfortunately, google oauth2 doesn't work even with provider_ignores_state: true

@zmajstor

This comment has been minimized.

Show comment
Hide comment
@zmajstor

zmajstor Oct 26, 2015

maybe a simple fix like this would work: #82

zmajstor commented Oct 26, 2015

maybe a simple fix like this would work: #82

mcasper added a commit to procore/registrar that referenced this issue Oct 26, 2015

Lock omniauth-oauth2 to version 1.3.1
omniauth-oauth2 is the oauth library that omniauth plugins use under the
hood. Version 1.4.0 introduced a bug causing most requests to fail,
which can be found here: omniauth/omniauth-oauth2#81
It should be fixed in future versions, at which point this change can be
reverted. But for now, this gets registrar working again.

Confirmed to fix the problem (passed testing)
@jonathansimmons

This comment has been minimized.

Show comment
Hide comment
@jonathansimmons

jonathansimmons Oct 26, 2015

I lost 2 days of work trying to track down why my custom provider was returning an invalid_grant error. This really should have been checked more before being merged.

jonathansimmons commented Oct 26, 2015

I lost 2 days of work trying to track down why my custom provider was returning an invalid_grant error. This really should have been checked more before being merged.

@sferik

This comment has been minimized.

Show comment
Hide comment
@sferik

sferik Oct 26, 2015

Contributor

According to Section 3.1.2 of the OAuth 2 spec:

query component…MUST be retained when adding additional query parameters

I’m sorry implementing this part of the spec has caused some OAuth providers to break. Gems for such providers should specify their omniauth-oauth2 dependency like this (until we can find a better solution):

spec.add_dependency 'omniauth-oauth2', '~> 1.3.1'
Contributor

sferik commented Oct 26, 2015

According to Section 3.1.2 of the OAuth 2 spec:

query component…MUST be retained when adding additional query parameters

I’m sorry implementing this part of the spec has caused some OAuth providers to break. Gems for such providers should specify their omniauth-oauth2 dependency like this (until we can find a better solution):

spec.add_dependency 'omniauth-oauth2', '~> 1.3.1'
@samuraraujo

This comment has been minimized.

Show comment
Hide comment
@samuraraujo

samuraraujo Oct 28, 2015

I fix using: gem 'omniauth-oauth2', '~> 1.3.1'

samuraraujo commented Oct 28, 2015

I fix using: gem 'omniauth-oauth2', '~> 1.3.1'

@adrazek

This comment has been minimized.

Show comment
Hide comment
@adrazek

adrazek Nov 4, 2015

I test the gem 'omniauth-oauth2', '~> 1.3.1' fix, working localy not in production.
Somebody for more infos on that ?

adrazek commented Nov 4, 2015

I test the gem 'omniauth-oauth2', '~> 1.3.1' fix, working localy not in production.
Somebody for more infos on that ?

@adrazek

This comment has been minimized.

Show comment
Hide comment
@adrazek

adrazek Nov 4, 2015

Ok just figure out some configuration not deleted when trying to fix the problem myself.
So using 1.3.1 version is the good fix.

adrazek commented Nov 4, 2015

Ok just figure out some configuration not deleted when trying to fix the problem myself.
So using 1.3.1 version is the good fix.

nisevi added a commit to nisevi/nisevi that referenced this issue Jun 6, 2016

Bundle update.
* Fix linkedin log into the app;
* Downgrade 'omniauth-oauth2' to 1.3.1 due to: omniauth/omniauth-oauth2#81
@jonathansimmons

This comment has been minimized.

Show comment
Hide comment
@jonathansimmons

jonathansimmons Jun 7, 2016

@sferik is there not a better solution for this yet? 6 months later and I'm still running into this problem in oAuth Strategies.

How is this acceptable to just ignore?

jonathansimmons commented Jun 7, 2016

@sferik is there not a better solution for this yet? 6 months later and I'm still running into this problem in oAuth Strategies.

How is this acceptable to just ignore?

@cmar

This comment has been minimized.

Show comment
Hide comment
@cmar

cmar Jul 8, 2016

I was able to fix the issue by restoring the callback_url method to my subclass of OAuth2

module OmniAuth
  module Strategies
    class MyStrategy < OmniAuth::Strategies::OAuth2
        ...

        def callback_url
           full_host + script_name + callback_path
        end

        ...

see breaking change

cmar commented Jul 8, 2016

I was able to fix the issue by restoring the callback_url method to my subclass of OAuth2

module OmniAuth
  module Strategies
    class MyStrategy < OmniAuth::Strategies::OAuth2
        ...

        def callback_url
           full_host + script_name + callback_path
        end

        ...

see breaking change

alexkeramidas added a commit to AuthentiqID/omniauth-authentiq that referenced this issue Jul 20, 2016

Removed callback URL override
Was
      # Over-ride callback_url definition to maintain
      # compatibility with omniauth-oauth2 >= 1.4.0
      #
      # See: omniauth/omniauth-oauth2#81
      def callback_url
          # Fixes regression in omniauth-oauth2 v1.4.0 by omniauth/omniauth-oauth2@85fdbe1
          options[:callback_url] || (full_host + script_name + callback_path)
      end

LupineDev added a commit to RealGeeks/omniauth-realgeeks that referenced this issue Aug 12, 2016

stefanvermaas added a commit to nedap/omniauth-caren that referenced this issue Sep 6, 2016

Fixes a bug introduced in 1.4.0 of omniauth-oauth2
For more information, see:
omniauth/omniauth-oauth2#81

This change in the codebase fixes the problems and removes the hard
version dependecy of version 1.3.1 of the omniauth-oauth2 gem.
@urkle

This comment has been minimized.

Show comment
Hide comment
@urkle

urkle Sep 8, 2016

It seems rediculous that this change occurred for ONE strategy and broke every other single strategy out there.. IMHO it would have made more sense for the one strategy that needed the query parameters to override callback_url in it's own strategy.

urkle commented Sep 8, 2016

It seems rediculous that this change occurred for ONE strategy and broke every other single strategy out there.. IMHO it would have made more sense for the one strategy that needed the query parameters to override callback_url in it's own strategy.

yosiyuki added a commit to yosiyuki/omniauth-line-notify that referenced this issue Oct 14, 2016

yosiyuki added a commit to yosiyuki/omniauth-line-notify that referenced this issue Oct 15, 2016

mmuneer added a commit to mmuneer/omniauth-facebook-access-token that referenced this issue Jan 3, 2017

Add omniauth-oauth2 as dependency and pin it to 1.3.1. The current ve…
…rsion of omniauth-oauth2(1.4) breaks for some oauth providers like Facebook and Google. omniauth/omniauth-oauth2#81

mmuneer added a commit to mmuneer/omniauth-google-oauth2-access-token that referenced this issue Jan 3, 2017

Add omniauth-oauth2 as dependency and pin it to 1.3.1. The current ve…
…rsion of omniauth-oauth2(1.4) breaks for some oauth providers like Facebook and Google. omniauth/omniauth-oauth2#81

eyqs added a commit to Changenuity/Changenuity that referenced this issue Mar 18, 2017

Make miscellaneous merge modifications
Update navbar links using Devise paths,
set linkedin-oauth2 provider to linkedin,
and install omniauth-oauth2 version 1.3.1, due to:
omniauth/omniauth-oauth2#81
@siegy22

This comment has been minimized.

Show comment
Hide comment
@siegy22

siegy22 Mar 20, 2017

Is this a wontfix?

siegy22 commented Mar 20, 2017

Is this a wontfix?

@tmilewski

This comment has been minimized.

Show comment
Hide comment
@tmilewski

tmilewski Mar 29, 2017

Member

We're not planning on reverting, no. This was implemented a year and a half ago to adhere to the OAuth 2 spec.

I recommend reaching out to the specific gem providers you require for them to make the necessary updates.

Member

tmilewski commented Mar 29, 2017

We're not planning on reverting, no. This was implemented a year and a half ago to adhere to the OAuth 2 spec.

I recommend reaching out to the specific gem providers you require for them to make the necessary updates.

@tmilewski tmilewski closed this Mar 29, 2017

@omniauth omniauth locked and limited conversation to collaborators Mar 29, 2017

phy5ics added a commit to farmersweb/omniauth-agsquared-oauth2 that referenced this issue May 16, 2018

paulca added a commit to teamtito/omniauth-tito that referenced this issue Aug 7, 2018

johankok added a commit to boom-den-haag/omniauth-timber-cantina that referenced this issue Aug 22, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.