All threads / Rails for Beginners Part 24: OmniAuth 2.0 URLs Discussion
Ask A Question

Notifications

You’re not receiving notifications from this thread.

Rails for Beginners Part 24: OmniAuth 2.0 URLs Discussion

I get an error No route matches [GET] "/auth/twitter" -- feels like some rails magic I missed :/

It seems there was a change with the omniauth gem that defaults to only POST requests (https://stackoverflow.com/a/65785932)

Those having this issue should skip to Part 40 of this tutorial where Chris fixes this.

It's not mentioned here because when this was recorded, the OmniAuth gem allowed GET requests. The gem has since been updated to v2 where only POST requests are allowed by default. This is fixed with the OmniAuth CSRF Protection gem, which is explained in Part 40.

Chris, if you see this, it might be good to add a note or annotation to this video explaining that the latest version of OmniAuth now prevents GET requests by default, so an error will occur without adding OmniAuth CSRF Protection or enabling GET requests in the OmniAuth initializer.

As Dana said, this is fixed in part 40.

What I did after watching part 40 (if you want to save time):

  • run "bundle add omniauth-rails_csrf_protection" in your terminal
  • temporarily add "<%= button_to 'twitter', '/auth/twitter' %>" in your application.html.erb (or where you find it convenient)
  • click the button, which will lead you to the desired authorization page

I just updated this lesson for Omniauth 2.0. 👍

Reply

I keep getting the OAuth::Unauthorized error, not sure what is going on here but it's keeping me from progressing sadly.

        self.token_request(http_method, uri.path, token, request_options, arguments)
      when (400..499)
        raise OAuth::Unauthorized, response
      else
        response.error!
      end

There's a question from someone who I believe following this course getting the same error:
https://stackoverflow.com/questions/66009147/no-route-matches-get-auth-twitter-omnia

The issue for me was that I created an app that was using the v2 of the Twitter API and this tutorial makes use of v1.1, I have answered a question on StackOverflow with a more detailed answer: https://stackoverflow.com/a/66060794/4032810

Good luck everyone!

I don't even think it's possible to create a standalone app anymore meaning I don't know how to proceed with this tutorial.

You need to set up OAuth in Twitter Developer dashboard. Go to Project & Apps -> Project Name -> App Name. Then:
OAuth Version: OAuth 1.0a
App permissions: Read and write
Callback URI / Redirect URL: http://localhost:3000/auth/twitter/callback
Website URL: e.g. https://gorails.com

Reply

Once again great tutorial - keep up the good work. I have a question, how do we or how can we handle this call back URL if we have a multi-tenant app? will the wild card in the callback in twitter work? https://*.example.com/auth/twitter

Reply

Hello Chris,
Thanks for this tutorial! when pushing the connect to Twitter button, I receive this error
OAuth::Unauthorized
400 Bad Request
Extracted source (around line #254):

self.token_request(http_method, uri.path, token, request_options, arguments)
when (400..499)
raise OAuth::Unauthorized, response
else
response.error!
end
I adjusted to using a post method in the views/main/index file
to match the new requirements for omniauth.
'<%=button_to "Connect Twitter", "/auth/twitter", method: :post, class: "btn btn-primary" %>

An error occurs when I run Rails C and then run Rails.application.credentials.twitter I receive nil as my response, but when run 'EDITOR="atom --wait" rails credentials: edit I can see the saved Twitter api_key

Thank you

Try generating a standalone twitter app with v1.1 access (note from Twitter: Standalone Apps live outside of Projects. This means that they can’t use the the most current v2 Twitter API endpoints.). Generate the new api key and secret for the v1.1 app and use those in your credentials:edit step. See cristiano's answer.

Reply

It might make sense to remove the old version([OLD] Rails for Beginners Part 24: OmniAuth URLs) from the playlist on YouTube, I got bogged down thinking I had a problem with my setup, stopping at this video and trying a number of things to debug before finding this thread. Playing in full screen mode, I don't notice the titles, but they are there. Next time I'll read the title and try the forums :)

To make this work I had to also create a standalone app, that only has v1.1 access, as described in cristiano's post above. To verify that things work outside of twitter you can use the "developer" strategy: provider :developer unless Rails.env.production? (see omniauth docs) then perform a post request to /auth/developer

Reply

I've tried every suggestion above and it is still saying it's unauthorized.

Reply

For anyone that's still having issues, make sure that you're accessing your application in the browser at the same URL that you put in the callback. If you put 127.0.0.1 as the host in the Twitter callback URL, make sure your own browser is at that URL (and not something else, like localhost, or 0.0.0.0).

Reply

I'm having the OAuth::Unauthorized 400 Bad Request. None of the suggestions here work.

I do notice that the omniauth-twitter gem has a dependency of omniauth-oauth 1.1 but when using omniauth 2.0, the omniauth-oauth version is bumped to 1.2

I wonder if this version mismatch causes issues with how the omniauth-twitter gem makes calls.

Looking for help from anybody who has gotten the request to work.

I'm an idiot. I was putting my credentials in the production file and not using the --environment development flag. So I was trying to authenticate w/ the twitter api with no credentials.

Reply

/Users/thebrainiac/.rbenv/versions/3.0.2/lib/ruby/gems/3.0.0/gems/activesupport-6.1.4.1/lib/active_support/core_ext/module/delegation.rb:310:in `dig': String does not have #dig method (TypeError)

Forgot to add a space for api_key: in the vim file.

Reply

Ok now I'm getting Session expired (OmniAuth NoSession Error). If you are making a beginner level tutorial at least have the decency to keep it up to date.
I'm going back to good old PHP.

Reply

In case useful for anyone, I had the same OAuth::Unauthorized 400 Bad Request TWICE and was struggling to diagnose the issue.

First time it was as simple as a typo within the omniauth.rb file - so check that first if you get 400. I was second-guessing that it was to do with the change to Oauth2.0 or something else.

Also, as it isn't shown explicitly in the tutorial and seems like Twitter have updated the interface within their developer section. When setting up the app select Oauth 1.0a, request email, Read and write. The 0auth 2.0 options did not work for me and gave me the '400 Bad Request' error but when I switched to 1.0a it went through fine

Reply

Unfortunately for me, having wired everything up, when I hit the 'Connect Twitter' button, the browser console displays Fetch API cannot loadapi.twitter.com/oauth/authenticate?oauth_token=... due to access control checks.`

Seems like there's some CORS issues going on. Does anyone have any idea how to get around this?

Just had that issue, hope this helps

add this :data => {turbo: "false"}

<%= button_to 'twitter', '/auth/twitter', method: :post, :data => {turbo: "false"}%>

https://dev.to/rbazinet/hotwire-fix-for-cors-error-when-using-omniauth-3k36

Hi @Andrew, I had a similar issue and your solution fixed the CORS error I was facing.

Reply

Hi
I get this error: OAuth::Unauthorized

OAuth::Unauthorized
        self.token_request(http_method, uri.path, token, request_options, arguments)
      when (400..499)
        raise OAuth::Unauthorized, response
      else
        response.error!
      end

Please your help

Reply

I'm getting this when I click the "Connect Twitter" button, I guess the credentials are not working but I don't know how can I solve this.
"Started POST "/auth/twitter" for ::1 at 2022-05-04 11:59:23 -0500
D, [2022-05-04T11:59:23.666160 #33794] DEBUG -- omniauth: (twitter) Request phase initiated."

I already check and I'm using the correct keys, is there any suggestion to solve this? I have Elevated access to the Twitter API, can this affect the way I need to interact with it?

hey, did you manage to get past this? I'm stuck here

I had the same issue, I figurate the problem is with the app CORS, unfortunately, I tried a couple of different things and none worked for me. If you inspect your page and go to the console you should get the error with the authentication link. if you click on this it will then proceed to complete the request that's all I have been able to accomplish so far. Hopefully, this helps so someone can find the solution around CORS.

nevermind just found a way of fixing this without messing with CORDS. Try this as the button

<%= button_to "Connect Twitter", "/auth/twitter", method: :post, :data => {turbo: "false"}, class: "btn btn-primary"%>

hopefully this works for everyone.

It worked perfectly, thank you!

Reply
Join the discussion

Want to stay up-to-date with Ruby on Rails?

Join 62,791+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.

    logo Created with Sketch.

    Screencast tutorials to help you learn Ruby on Rails, Javascript, Hotwire, Turbo, Stimulus.js, PostgreSQL, MySQL, Ubuntu, and more. Icons by Icons8

    © 2022 GoRails, LLC. All rights reserved.