request.env['omniauth.origin'] returning nil during callback. #306

dustmoo opened this Issue May 2, 2011 · 44 comments


None yet
dustmoo commented May 2, 2011

When trying to access the request.env['omniauth.origin'] param I end up with a nil result during the call back. This has also been reported here(by another user):

Help would be appreciated.


Hi, same bug here... But only in Internet Explorer.. Im using omniauth 0.2.0

dustmoo commented May 5, 2011

Incidentally, I am on rails 2.3.8 which isn't "officially" supported. I don't know why the request.params isn't getting captured by the middleware, but neither adding ?origin= to the auth url passed anything to the callback, nor did apending anything else. I just wrote a work around by storing the origin in my own session cookie.

That sounds ok. We couldn't get past that bug in IE for now.

pftg commented May 9, 2011

I found that 'omniauth.origin' value come to env["action_dispatch.request.unsigned_session_cookie"]:

"action_dispatch.request.unsigned_session_cookie"=>{"session_id"=>"83deafde58f8e1c7a63eee72201f8355", "_csrf_token"=>"A.sadfasSfEXnohRRavJ7ZVZKE9QlkhIHvvAtU6+l5g=", "omniauth.origin"=>"/users"}

but env["omniauth.origin"] is nil.

I found this problem only for my home computer, but for another computer it works great. (Firefox)

In IE, we couldn't find that variable. But thanks!

asanghi commented May 11, 2011

on rails 2.3.8 i found it in request.env["rack.session"]["omniauth.origin"].

Im using rails 3.0.5, but in IE I couldn't find that variable.

espen commented May 14, 2011

Same problem. Rails 3.0.7. Safari/osx

Same problem, but only in IE, omniauth 0.2.6, Rails 3.0.7

Would also like to see your workaround, @dustmoo, as I cannot find where the omniauth_authorize routes to exactly.

dustmoo commented Jun 7, 2011

In my case, the limited scope of usage allowed me to perform the work around. I am using omniauth for a facebook page app. So in my case, I could use Koala to get the page object from the graph API and then store the page['link'] variable in my session, then I could recall it from the authorization controller. I can post code tomorrow if you'll think it will help.

Had I needed to accept authorizations from multiple sources, i.e. twitter etc it wouldn't work out so well. (There may be a ways to grab the HTTP_REFERER and store it in the session) anyway. I will post code tomorrow if it is wanted.

Thanks for the info @dustmoo. I've discovered my problem isn't necessarily with omniauth but with IE (surprise surprise). request.env['HTTP_REFERER'] is not being set in IE (at least for, so omniauth can't grab it.

espen commented Jun 10, 2011

My problem is that I was not using a session storage (memcached not running). Is there any way to accomplish this without storing the http_referer to session? Basically just want pass on some values (id and hash for verification). A custom callback would do the trick: /auth/facebook/callback?id=X&verify=XXX. How can I set a custom callback url or add params to the original one? Does any providers support this?

Edit: After some research I discovered that params are passed through to the callback url, but not for oAuth2 strategies. Did an override for Facebook which seems to be working fine.

schneems commented Sep 6, 2011

same problem. Rails 3.0.4

mbleigh commented Nov 2, 2011

To all on this issue: please doublecheck if you are still experiencing the same problem with OmniAuth 1.0 (released today). I'll assume it's working properly if no one comments in the next week. Thanks!

@mbleigh mbleigh closed this Nov 4, 2011

Did this issue resurrect? I'm seeing this, and using omniauth v.1.1.3. I am able to pass an origin param on the original oauth call that successfully shows up in request.env['omniauth.origin'], but would rather not have to hard-code origins into the links in my views.

@kbighorse I'm seeing this again. Perhaps I'm doing something wrong, but it's definitely not working the way that I would expect.

Affirmative. Faced the same nil issue just right now.

maddox commented Jun 1, 2013

I'm seeing this too, and on 1.1.4.

ravibhim commented Aug 9, 2013

Ran into this issue on 1.1.4

Same here on 1.1.4


@maddox @ravibhim @akhramov Are you guys able to provide any additional information?

@tmilewski tmilewski reopened this Sep 24, 2013

Based on @kbighorse's information, the issue appears to be in the request_call.


That said, I don't want to go making changes without a solid test-case. Any additional information that you guys can provide would go a long way to moving this forward.


/cc @maddox @ravibhim @akhramov @adolgoff @percyhanna

Seeing the issue, too, on 1.1.4.

@tmilewski Using Rails 3.2.12, omniauth-ldap1.0.2 and omniauth 1.1.4, I'm doing this in a callback:


It's always nil.


atomical commented Oct 9, 2013

+1 for a fix

egspoony commented Oct 9, 2013

I too am having this issue it would seem.

guilhermesimoes commented Oct 9, 2013 edited

Hey guys, please try to provide more information if you truly want to see this solved.

On my end, this is the problem I've encountered with the way OmniAuth returns the HTTP Referer:

  • If a user authorizes logging in, request.env['omniauth.origin'] returns the expected url in the success callback.
  • If a user does not authorize logging in, request.env['omniauth.origin'] comes up empty.

I can preserve the HTTP Referer by adding an on_failure hook like this:

on_failure { |env| MyController.action(:failure).call(env) }

This way, request.env['omniauth.origin'] is no longer nil.

egspoony commented Oct 9, 2013

@GuilhermeSimoes Thank you for your feedback. Aside from what has already been provided by others, there isn't much I believe I CAN contribute to this issue currently, aside voicing the fact that I too have encountered a similar issue, which I believe is help in a way by providing this thread further voice that more people are encountering it.

I think saying something is much better than not saying anything at all in this case. If I had more to add, I would have. Telling me I am not helpful may also just make me shrink back from participating. I mean it won't, but some people may be more timid. I'd suggest the first sentence could have been superfluous and your message would be much better received.

Hopefully I will be much better in assisting figuring out issues in the future as I get further acquainted with ruby/rails.

Man, I should start using more emoji, the written word really sounds harsher than intended. And being harsh wasn't my intention at all 😄

I just said what I said because, at this point, giving 👍 won't change a thing. @tmilewski is already on the case: he reopened the issue, after all. He just needs any additional information that might help him solve it again.

I'm just running into this issue with 1.2.1 now. I used a different approach with 1.1.4, which passes the "origin" parameter to the callback, like this:

Started GET "/user/auth/github?origin=http%3A%2F%2Forigin%2Flink"
Started GET "/user/auth/github/callback?origin=http%3A%2F%2Forigin%2Flink"

but now with 1.2.1 we get:

Started GET "/user/auth/github?origin=http%3A%2F%2Forigin%2Flink"
Started GET "/user/auth/github/callback"

That is because of this change here: v1.1.4...master#diff-e4a65aeb02719e02950ffed620b8e06eL278

Sorry I can't be more helpful.

I'm seeing this issue on 1.2.1


I will do some digging over the weekend

I have this issue using Twitter, but not using Facebook, FWIW.

spitza commented May 13, 2014

I also have this issue with Twitter. I'm not using another provider so I can't speak for those.

spitza commented May 14, 2014

The fix/workaround turned out to be pretty easy; you just need to manually set the origin in the link in your view. In Rails 4, request.original_url is the best way to do this.

My View:

<% if current_user %>
   <%= link_to "Sign Out", signout_path %>
<% else %>
   <%= link_to "Sign In", "/auth/twitter?origin=#{request.original_url}" %>
<% end %>

My SessionsController:

def create
    user = User.from_omniauth(env['omniauth.auth'])
    session[:user_id] =
    redirect_to (request.env['omniauth.origin'])

i have this problem with omniauth 1.2.2 and rails 3.2.14. i have a facebook canvas app, first login works fine, but after 2h the access_token expired. so i make a redirect to my sessions create action, but in this moment env["omniauth.auth"] returns nil.

@spitza Using the ?origin param in the URL fixed the issue for me.

I have the same problem with request.env["omniauth.origin"] returns nil. Tried to set the param and it does not work either. Any solutions? Thanks!

I have the same problem with request.env["omniauth.origin"] returns nil. Tried to set the param and it does not work either. Any solutions? Thanks!

jamesfzhang commented Aug 13, 2015 edited

request.env['omniauth.origin'] returns nil if the user is new. I'm guessing the value is getting lost through the user sign up process. If the user already exists in the database and is just logging in, the value is correct.

Does anyone have a fix for this? It's a pretty big bug.

EDIT: I fixed the problem by adding the origin value into the session during the callback.

  • Ensure you have an origin parameter to the URL you want to redirect:
= link_to 'Sign up', user_omniauth_authorize_path(:soundcloud, origin: request.original_url)
  • Save the origin value in the callback when the user is new. For existing users, the origin value is automatically part of reqest.env['omniauth.origin']. For new users, it appears that omniauth resets request.env['omniauth.auth'].
def soundcloud_callback
  @user = User.from_omniauth(env['omniauth.auth'])
  if @user.persisted?
    sign_in_and_redirect @user, event: :authentication
    session['devise.soundcloud_data'] = request.env['omniauth.auth']
    session['omniauth.origin'] = request.env['omniauth.origin'] # THIS IS KEY
    redirect_to new_user_registration_url
  • Redirect using that value.
  def after_sign_in_path_for(resource)
    request.env['omniauth.origin'] || session['omniauth.origin'] || stored_location_for(resource) || root_path

+1 on this issue when using 1.3.1.

I've attempted to use the workaround suggested by @spitza however it doesn't appear to have made much difference for me.

fippu82 commented Feb 2, 2017

This works for me on 1.3.1 when passing the redirect URL via originparameter, also for new users.

Seems to work by default on 1.4.2 over OAuth2. Not even necessary to manually pass the origin as a query param.


This seems to be working as of late. As such I'm going to close it. Should this still be a problem, please feel free to reopen the issue.

@tmilewski tmilewski closed this Feb 19, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment