No route matches [GET] "/auth/twitter" OmniA

Asked 2/2, 2021 at 11:49 Answered 7/2, 2021 at 19:57

I am not using devise or some other like-gem. I am very new to RoR.

Here is my routes.rb

# For details on the DSL available within this file, see https://guides.rubyonrails.org/routing.html

Rails.application.routes.draw do
  get "about", to: "about#index"

  get "password", to: "passwords#edit", as: :edit_password
  patch "password", to: "passwords#update"

  get "password/reset", to: "password_resets#new"
  post "password/reset", to: "password_resets#create"
  get "password/reset/edit", to: "password_resets#edit"
  patch "password/reset/edit", to: "password_resets#update"
  
  get '/auth/:provider/callback', to: 'sessions#create'

  get "sign_up", to: "registrations#new"
  post "sign_up", to: "registrations#create"

  get "sign_in", to: "sessions#new"
  post "sign_in", to: "sessions#create"

  delete "logout", to: "sessions#destroy"

  root to: "main#index"
end

Here is user.rb

# email:string
# password_digest:string
#
# password:string virtual
# password_confirmation:string virtual

class User < ApplicationRecord
  has_secure_password

  validates :email, presence: true, format: { with: /\A[^@\s]+@[^@\s]+\z/, message: "must be a valid email address" }
  
end

here is my omniauth.rb

Rails.application.config.middleware.use OmniAuth::Builder do
    provider :twitter,Rails.application.credentials.dig(:twitter,:api_key), Rails.application.credentials.dig(:twitter,:api_key)
end

I have made all the settings in my Twitter app. Please help.

Scraper answered 2/2, 2021 at 11:49 Comment(3)

I have the same issue, adding OmniAuth.config.allowed_request_methods = [:post, :get] to allow a get request to that route solves it but it throws another error. Additionally, using the line I just mentioned could be adding a security flaw. Will keep an eye for answers here. – Hilliary 4/2, 2021 at 14:40

Noticed that in your omniauth.rb you are digging :api_key twice and I assume the latter should be :api_secret. Have you tried to changed those details? – Hilliary 4/2, 2021 at 14:41

The Upgrading to 2.0 OmniAuth guide may also be of use. I know the question asked about Rails, but the Sinatra section fixed my problem. – Kapok 10/9, 2021 at 18:3

I'm the author of the Ruby on Rails for Beginners course. 👋 I've updated the videos to reflect the changes.

Omniauth 2.0 was released which requires you to use POST requests now for security.

Now we'll add two gems:

bundle add omniauth-twitter omniauth-rails_csrf_protection

And make sure you've got api_secret as the second argument in your omniauth.rb initializer:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :twitter,Rails.application.credentials.dig(:twitter,:api_key), Rails.application.credentials.dig(:twitter,:api_secret)
end

Then you can redirect to twitter by adding method: :post to your link_to or button_to

link_to "Connect Twitter", "/auth/twitter", method: :post, class: "btn btn-primary"
button_to "Connect Twitter", "/auth/twitter", method: :post, class: "btn btn-primary"

This works with both Project and Standalone Twitter apps so you can use either one. 👍

Bezique answered 7/2, 2021 at 19:57 Comment(0)

At this point in time, the Twitter API started rolling in their v2 version of their API. The tutorial makes use of v1.1 so please make sure to use that one instead in the meantime. To do so, create a Standalone App instead:

After adding the API keys to the Rails credentials and adding the http://localhost:3000/auth/twitter/callback to the Callbacks URL config in the Twitter developer portal, add the following extra lines to omniauth.rb, these will re-enable get requests to localhost:3000/auth/twitter and remove the security warning from the console:

# Required to allow get requests, which enables a security flaw but that's how the tutorial is set up.
OmniAuth.config.allowed_request_methods = [:post, :get]
OmniAuth.config.silence_get_warning = true

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :twitter, Rails.application.credentials.dig(:twitter, :api_key), Rails.application.credentials.dig(:twitter, :api_secret)
end

Restart your Rails server and navigate to localhost:3000/auth/twitter, this should redirect you to a url that looks similar to the following:

https://api.twitter.com/oauth/authenticate?oauth_token=xov0NQAAAAABMcOqAAABd3F1_T0

This URL will render an authorize screen if the Twitter account being used has not yet enabled the app:

Provided that your OmniauthCallbacksController looks like this:

class OmniauthCallbacksController < ApplicationController
  def twitter
    render plain: "success"
  end
end

Your app should redirect to /auth/twitter/callback. The url will look something like http://localhost:3000/auth/twitter/callback?oauth_token=D4V2tAAAAAABMcOqAAABd3GFmgM&oauth_verifier=TSxCgaVsoQzY039l5DKQBJQiLKkaWBCA and it should print success on the page.

Hope this helps!

Hilliary answered 5/2, 2021 at 9:33 Comment(0)

Seems that there was a change to the OmniAuth gem where it, by default, only allows POST requests. Add this to your omniauth.rb file to allow GET requests:

OmniAuth.config.allowed_request_methods = [:post, :get]

There are security reasons why this change was made. Not ones I can explain unfortunately. But this will allow you to finish the GoRails tutorial!

Chubb answered 4/2, 2021 at 17:36 Comment(1)

Thanks Dana, but that will still throw an OAuth::Unauthorized error, at least for me? If this is working for everyone else you can add OmniAuth.config.silence_get_warning = true to silence the security warning in your console. – Hilliary 5/2, 2021 at 8:13

Recommended topics

Hot tags