Running rails 3.2.18 on c9.io, and I have the gems omniauth and omniauth-google-oauth2 installed. I ran into a problem where I would get a CSRF error on the callback, and it sounded like adding "provider_ignores_state: true" to the params would prevent that, at least for testing and development. It did get rid of the CSRF error, but now there is a new error:
OAuth2::Error
invalid_request: Missing required parameter: code
{
"error" : "invalid_request",
"error_description" : "Missing required parameter: code"
}
my config/initializers/omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, "clientID", "clientSecret",
scope: 'profile', image_aspect_ratio: 'square', image_size: 48, access_type: 'online', name: 'google', provider_ignores_state: true
end
Top few lines from the trace:
oauth2 (1.0.0) lib/oauth2/client.rb:113:in `request'
oauth2 (1.0.0) lib/oauth2/client.rb:138:in `get_token'
oauth2 (1.0.0) lib/oauth2/strategy/auth_code.rb:29:in `get_token'
omniauth-oauth2 (1.3.1) lib/omniauth/strategies/oauth2.rb:93:in `build_access_token'
omniauth-google-oauth2 (0.2.6) lib/omniauth/strategies/google_oauth2.rb:77:in `custom_build_access_token'
EDIT: Adding the versions for the gems
/usr/local/rvm/gems/ruby-1.9.3-p547/gems/omniauth-1.2.2
/usr/local/rvm/gems/ruby-1.9.3-p547/gems/omniauth-google-oauth2-0.2.6
I was experiencing the same error and found out that this was because I was using the wrong client id on the development machine.
RépondreSupprimerThe error is not a very good one, as it can happen when a variety of different things fail. It just happened to be the Google Client Id for me.
You can verify the correct client ID you're supposed to be using by looking under OAuth2.0 client ids on your Google Developer Credentials page. You can then look at the verify_token method in the google_oauth2.rb file. Drop there and make sure that where it does the comparison for `raw_response['issued_to'] == options.client_id ` , that the two values are equal. If they are not, then it will try to build an access token using the 'code' parameter which may not exist in your case, causing the exception you are seeing.