Devise + omniauth + google-oauth2 .. call back w invalid credentials BUT user has valid crednetials
1,866 views
Skip to first unread message
kadoudal
Sep 11, 2012, 4:27:15 AM9/11/12
to Devise
(google_oauth2) Request phase initiated.
Started GET "/users/auth/google_oauth2?locale=fr" for 127.0.0.1 at
2012-09-11 10:16:22 +0200
(google_oauth2) Callback phase initiated.
(google_oauth2) Authentication failure! invalid_credentials:
OAuth2::Error, invalid_client:
{
"error" : "invalid_client"
}
Started GET "/users/auth/google_oauth2?locale=fr" for 127.0.0.1 at
2012-09-11 10:16:22 +0200
(google_oauth2) Callback phase initiated.
(google_oauth2) Authentication failure! invalid_credentials:
OAuth2::Error, invalid_client:
{
"error" : "invalid_client"
}
kadoudal
Sep 11, 2012, 4:43:47 AM9/11/12
to Devise
sorry I hit return button ..
the Google user is valid and has valid credentials ( myself ..)
the initial call to google is done, get the Google login form, submit
then I get the Google authorize form
upon submitting the authorization, then then the callback send the
error : invalid client BUT credentials are not invalid ..
I followed the installation as stated in the wiki....
is it an isue with some 'permissions' to be set in my Google account
or missing parameters in omniauth-Devise ?
the Google user is valid and has valid credentials ( myself ..)
the initial call to google is done, get the Google login form, submit
then I get the Google authorize form
upon submitting the authorization, then then the callback send the
error : invalid client BUT credentials are not invalid ..
I followed the installation as stated in the wiki....
is it an isue with some 'permissions' to be set in my Google account
or missing parameters in omniauth-Devise ?
kadoudal
Sep 11, 2012, 8:27:14 AM9/11/12
to Devise
seems to be related with new Google :state params conflicting with
omniauth_oauth2 ( see issue on their github site)
State param conflicts with omniauth-oauth2 CSRF protection?
I was just looking into using the new 'state' param as a way to send
some additional data to the callbacks, but it seems to cause
invalid_credentials errors. I just started digging the sources and
discovered that omniauth-oauth2 latest 1.1.0 includes some CSRF
protection using the same state param.
omniauth_oauth2 ( see issue on their github site)
State param conflicts with omniauth-oauth2 CSRF protection?
I was just looking into using the new 'state' param as a way to send
some additional data to the callbacks, but it seems to cause
invalid_credentials errors. I just started digging the sources and
discovered that omniauth-oauth2 latest 1.1.0 includes some CSRF
protection using the same state param.
kadoudal
Sep 11, 2012, 11:25:02 AM9/11/12
to Devise
[SOLVED]
working now using latest gems (omniauth-oauth2 and omniauth-google-
oauth2 are in line with the :state param and CSRF protection)
working now using latest gems (omniauth-oauth2 and omniauth-google-
oauth2 are in line with the :state param and CSRF protection)
Reply all
Reply to author
Forward
0 new messages