omniauth-oauth2: 1.4.0 makes my rails app unable to sign in with facebook
rails 4.1.13 devise 3.5.2 omniauth (1.2.2) omniauth-facebook (2.0.1)
1.3.1 was fine
Error:
(facebook) Authentication failure! invalid_credentials: OAuth2::Error, :
{"error":{"message":"Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request","type":"OAuthException","code":100,"fbtrace_id":"GjHr4Inn5Rq"}}
About this issue
- Original URL
- State: closed
- Created 9 years ago
- Comments: 41 (2 by maintainers)
Links to this issue
Commits related to this issue
- Lock omniauth-oauth2 to version 1.3.1 omniauth-oauth2 is the oauth library that omniauth plugins use under the hood. Version 1.4.0 introduced a bug causing most requests to fail, which can be found h... — committed to procore/registrar by mcasper 9 years ago
- get omniauth-google working requires downgrade (see https://github.com/intridea/omniauth-oauth2/issues/81) — committed to coeventer/ccf by libsys 9 years ago
- Lock omniauth to working version Known issue https://github.com/intridea/omniauth-oauth2/issues/81 — committed to jah2488/classroom by kurtisnelson 9 years ago
- Fix gem version of omniauth-oauth2 The version 1.4 of omniauth-oauth2 causes a problem in google oauth login. See https://github.com/intridea/omniauth-oauth2/issues/81#issuecomment-151038559 — committed to vfcosta/noosfero by vfcosta 9 years ago
- Workaround to fix issue with callback_url. See intridea/omniauth-oauth2#81 — committed to bamorim/omniauth-dropbox-oauth2 by bamorim 9 years ago
- Workaround to fix issue with callback_url. See intridea/omniauth-oauth2#81 — committed to bamorim/omniauth-dropbox-oauth2 by bamorim 9 years ago
- Update gem versions, locking to omniauth-oauth2 1.3.1. omniauth-oauth2 1.4.0 has a bug that will break apps using this gem. https://github.com/intridea/omniauth-oauth2/issues/81 — committed to teamsnap/omniauth-teamsnap by deleted user 9 years ago
- Update gem versions, locking to omniauth-oauth2 1.3.1. omniauth-oauth2 1.4.0 has a bug that will break apps using this gem. https://github.com/intridea/omniauth-oauth2/issues/81 — committed to teamsnap/omniauth-teamsnap by deleted user 9 years ago
- Fix invalid credentials error omniauth-oauth2 introduces bug which makes impossible to authenticate. Read more: https://github.com/intridea/omniauth-oauth2/issues/81 — committed to monterail/rails_sso by jandudulski 8 years ago
- Fix for 1.4.0 Mentioned here: https://github.com/intridea/omniauth-oauth2/issues/81 Fix from here: https://github.com/zmajstor/omniauth-google-oauth2/blob/1adf026369850e5b8895f95d0294965975958720/lib... — committed to GinBlades/stm_strategy by GinBlades 8 years ago
- Redifine callback_url to remove query strings Follow the change made in `omniauth-oauth2` gem v1.4.0, https://github.com/intridea/omniauth-oauth2/commit/26152673224aca5c3e918bcc83075dbb0659717f w... — committed to konk303/omniauth-mixi by konk303 8 years ago
- oauth_client: fix omniauth-oauth2 version See https://github.com/intridea/omniauth-oauth2/issues/81 — committed to noosfero/noosfero by vfcosta 8 years ago
- Merge branch 'fix_oauth_client' into 'master' Fix oauth client plugin Fix broken tests: https://travis-ci.org/vfcosta/noosfero/jobs/104698347#L1254 Downgrade to a working version of omniauth-oa... — committed to noosfero/noosfero by brauliobo 8 years ago
- oauth_client: fix omniauth-oauth2 version See https://github.com/intridea/omniauth-oauth2/issues/81 — committed to vfcosta/noosfero by vfcosta 8 years ago
- Redifine callback_url to remove query strings Follow the change made in `omniauth-oauth2` gem v1.4.0, https://github.com/intridea/omniauth-oauth2/commit/26152673224aca5c3e918bcc83075dbb0659717f w... — committed to konk303/omniauth-mixi by konk303 8 years ago
- Fix issue with upstream omniauth-oauth2 https://github.com/intridea/omniauth-oauth2/issues/81 — committed to coinbase/omniauth-coinbase by aianus 8 years ago
- Fix upstream omniauth-oauth2 issue https://github.com/intridea/omniauth-oauth2/issues/81 — committed to coinbase/omniauth-coinbase by aianus 8 years ago
- Loosen omniauth dependencies to allow Rack 2 Dependencies were locked as a work around for a breaking change in [omniauth-oauth2][breaking]. However, this was preventing the use of Rack 2 that Rails ... — committed to cronofy/omniauth-cronofy by gshutler 8 years ago
- bugfix for omniauth2 callback_url bug see: https://github.com/intridea/omniauth-oauth2/issues/81 — committed to beeminder/omniauth-shine by bsoule 8 years ago
- Lock omniauth-oauth2 to 1.3.x omniauth-oauth2 version 1.4.x breaks the OAuth2 dance. See https://github.com/intridea/omniauth-oauth2/issues/81 — committed to gertig/omniauth-greenhouse by gertig 8 years ago
I was able to fix the issue by restoring the
callback_urlmethod to my subclass of OAuth2see breaking change
It seems rediculous that this change occurred for ONE strategy and broke every other single strategy out there… IMHO it would have made more sense for the one strategy that needed the query parameters to override callback_url in it’s own strategy.
Wouldn’t it be better to have this change activated by some kind of flag? It has proved to be non backwards compatible and since there’s no changelog and the project does not follow semver it is pretty hard to detect something like that might happen.
Would a contribution in that path be welcome?
@sferik is there not a better solution for this yet? 6 months later and I’m still running into this problem in oAuth Strategies.
How is this acceptable to just ignore?
Is there a plan to actually fix this given the Rails 5.0.0 incompatibility?
@samuraraujo Thanks. That fixed my problem as well.
gem 'omniauth-oauth2', '~> 1.3.1'