Devise/Google OAuth 2: Not found. Authentication passthru

Asked 24/3, 2017 at 2:46 Answered 9/2 at 18:45

ruby-on-rails oauth devise oauth-2.0 google-oauth

I followed the tutorial in the readme of the omniauth-google-oauth2 gem and when I click the link on my root (@ pages#home), <%= link_to "Sign up with Google", user_google_oauth2_omniauth_authorize_path %>, I get the error:

Not found. Authentication passthru.

I've confirmed the ENV vars are there. I've been looking at similar topics with no luck. Any idea what I'm doing incorrectly?

In routes:

Rails.application.routes.draw do
      devise_for :users, controllers: { :omniauth_callbacks => "users/omniauth_callbacks" }

My omniauth_callbacks_controller is located at /controllers/users/omniauth_callbacks_controller.rb

class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
  def google_oauth2
      # You need to implement the method below in your model (e.g. app/models/user.rb)
      @user = User.from_omniauth(request.env["omniauth.auth"])

      if @user.persisted?
        flash[:notice] = I18n.t "devise.omniauth_callbacks.success", :kind => "Google"
        sign_in_and_redirect @user, :event => :authentication
      else
        session["devise.google_data"] = request.env["omniauth.auth"].except(:extra) #Removing extra as it can overflow some session stores
        redirect_to new_user_registration_url, alert: @user.errors.full_messages.join("\n")
      end
  end
end

In my devise.rb file:

config.omniauth :google_oauth2, ENV["GOOGLE_CLIENT_ID"], ENV["GOOGLE_CLIENT_SECRET"], {
      name: 'my-project',
      scope: 'email',
      prompt: 'select_account',
      image_aspect_ratio: 'original',
      image_size: 100,
      ssl_verify: false
  }

And in my User.rb:

devise :rememberable, :validatable, :omniauthable, :omniauth_providers => [:google_oauth2]

   def self.from_omniauth(access_token)
         data = access_token.info
         user = User.where(:email => data["email"]).first

         # Uncomment the section below if you want users to be created if they don't exist
         # unless user
         #     user = User.create(name: data["name"],
         #        email: data["email"],
         #        password: Devise.friendly_token[0,20]
         #     )
         # end

         user
     end

Panarabism answered 24/3, 2017 at 2:46 Comment(3)

Have you considered posting an issue on the GitHub project? The author may be able to help you. – Baucom 24/3, 2017 at 8:5

I haven't. It's not an issue with the gem, seems like something minor I'm doing wrong. – Panarabism 24/3, 2017 at 14:40

are you shure your route user_google_oauth2_omniauth_authorize_path is OK? what you get with rake routes | grep omni ? – Sofiasofie 28/3, 2017 at 12:33

I solved the problem adding the following to config/initializers/omniauth.rb:

OmniAuth.config.allowed_request_methods = %i[get]

Explanation:

the above is the configuration shown in https://github.com/zquestz/omniauth-google-oauth2#usage :

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET']
end
OmniAuth.config.allowed_request_methods = %i[get]

but without

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET']
end

since that is already provided in your config/initializers/devise.rb:

  config.omniauth :google_oauth2, ENV["GOOGLE_CLIENT_ID"], ENV["GOOGLE_CLIENT_SECRET"], {
      name: 'my-project',
      scope: 'email',
      prompt: 'select_account',
      image_aspect_ratio: 'original',
      image_size: 100,
      ssl_verify: false
  }

Kinsley answered 23/5, 2021 at 3:51 Comment(0)

For anyone who still looking for the answer:

Make sure no file config/initializers/omniauth.rb in the initializer folder.
Use a blank hash at the last config.omniauth argument at config/initializers/devise.rb as follow:

config.omniauth :google_oauth2, ENV["GOOGLE_CLIENT_ID"], ENV["GOOGLE_CLIENT_SECRET"], {}

Or we can use email scope alone. Since it will tell google that we request user details by email { scope: "email" }

Brim answered 1/7, 2020 at 7:29 Comment(0)

I fixed this issue by adding the omniauth-rails_csrf_protection:

- gem "omniauth-rails_csrf_protection"

And then, the important part:

You will then need to verify that all links in your application that initiate the OAuth request phase are converted to HTTP POST forms containing an authenticity_token value. This can be achieved by changing all link_to methods to button_to, or by using link_to ..., method: :post.

Initially, I attempted:

<%= link_to 'Sign in with Google', user_google_oauth2_omniauth_authorize_path, method: :post %> <br />

However, what was required was:

<%= button_to 'Login with Google', user_google_oauth2_omniauth_authorize_path, method: :post, data: { turbo: 'false' } %> <br />

Adding the button_to resolved the problem.

Tarnish answered 9/2 at 18:45 Comment(0)

It's worth checking that your redirect URI for Google OAuth is correct, and includes /callback on the end.

Hagbut answered 27/3, 2017 at 19:31 Comment(2)

This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post. - From Review – Cimmerian 28/3, 2017 at 12:19

@Iceman - thanks for the feedback, but please do not confuse the questioning style of the answer as requesting clarification. The OP has clearly followed the instructions for the gem to the letter, and stated that the env vars have been checked. The redirect URI is one thing that is not included in the documentation, and is a possible cause of this error. So (at least in my mind) it is a potential answer... and I've edited it to be more clear that this is in fact, not a question :-) – Hagbut 28/3, 2017 at 15:28

I fixed this problem like this:

I added gem omniauth-rails_csrf_protection into Gemfile
In my view I added POST method

<%= link_to "Sign in with Google", 
    user_google_oauth2_omniauth_authorize_path,  method: :post %>

In my devise.rb:

Rails.application.config.middleware.use OmniAuth::Builder do
  OmniAuth.config.allowed_request_methods = [:post, :get]

  provider :google_oauth2, Rails.application.credentials[:GOOGLE_CLIENT_ID], 
      Rails.application.credentials[:GOOGLE_CLIENT_SECRET], {scope: "email"}
end

My routes:

devise_for :users, controllers: {
  omniauth_callbacks: "users/omniauth_callbacks"
}

More information check this issue: [enter link description here][1]

https://github.com/heartcombo/devise/issues/5236

Mattah answered 6/8, 2021 at 5:20 Comment(1)

Welcome to SO. When answering an old question that already has answers, please try to explain why yours is different or is an improvement on the previous answers. – Aquatic 6/8, 2021 at 20:47

Recommended topics

Hot tags