All threads / Rails for Beginners Part 24: OmniAuth 2.0 URLs Discussion

Ask A Question


You’re not receiving notifications from this thread.

Rails for Beginners Part 24: OmniAuth 2.0 URLs Discussion

I get an error No route matches [GET] "/auth/twitter" -- feels like some rails magic I missed :/

It seems there was a change with the omniauth gem that defaults to only POST requests (

Those having this issue should skip to Part 40 of this tutorial where Chris fixes this.

It's not mentioned here because when this was recorded, the OmniAuth gem allowed GET requests. The gem has since been updated to v2 where only POST requests are allowed by default. This is fixed with the OmniAuth CSRF Protection gem, which is explained in Part 40.

Chris, if you see this, it might be good to add a note or annotation to this video explaining that the latest version of OmniAuth now prevents GET requests by default, so an error will occur without adding OmniAuth CSRF Protection or enabling GET requests in the OmniAuth initializer.

As Dana said, this is fixed in part 40.

What I did after watching part 40 (if you want to save time):

  • run "bundle add omniauth-rails_csrf_protection" in your terminal
  • temporarily add "<%= button_to 'twitter', '/auth/twitter' %>" in your application.html.erb (or where you find it convenient)
  • click the button, which will lead you to the desired authorization page

I just updated this lesson for Omniauth 2.0. 👍


I keep getting the OAuth::Unauthorized error, not sure what is going on here but it's keeping me from progressing sadly.

        self.token_request(http_method, uri.path, token, request_options, arguments)
      when (400..499)
        raise OAuth::Unauthorized, response

There's a question from someone who I believe following this course getting the same error:

The issue for me was that I created an app that was using the v2 of the Twitter API and this tutorial makes use of v1.1, I have answered a question on StackOverflow with a more detailed answer:

Good luck everyone!


Once again great tutorial - keep up the good work. I have a question, how do we or how can we handle this call back URL if we have a multi-tenant app? will the wild card in the callback in twitter work? https://*


Hello Chris,
Thanks for this tutorial! when pushing the connect to Twitter button, I receive this error
400 Bad Request
Extracted source (around line #254):

self.token_request(http_method, uri.path, token, request_options, arguments)
when (400..499)
raise OAuth::Unauthorized, response
I adjusted to using a post method in the views/main/index file
to match the new requirements for omniauth.
'<%=button_to "Connect Twitter", "/auth/twitter", method: :post, class: "btn btn-primary" %>

An error occurs when I run Rails C and then run Rails.application.credentials.twitter I receive nil as my response, but when run 'EDITOR="atom --wait" rails credentials: edit I can see the saved Twitter api_key

Thank you

Try generating a standalone twitter app with v1.1 access (note from Twitter: Standalone Apps live outside of Projects. This means that they can’t use the the most current v2 Twitter API endpoints.). Generate the new api key and secret for the v1.1 app and use those in your credentials:edit step. See cristiano's answer.


It might make sense to remove the old version([OLD] Rails for Beginners Part 24: OmniAuth URLs) from the playlist on YouTube, I got bogged down thinking I had a problem with my setup, stopping at this video and trying a number of things to debug before finding this thread. Playing in full screen mode, I don't notice the titles, but they are there. Next time I'll read the title and try the forums :)

To make this work I had to also create a standalone app, that only has v1.1 access, as described in cristiano's post above. To verify that things work outside of twitter you can use the "developer" strategy: provider :developer unless Rails.env.production? (see omniauth docs) then perform a post request to /auth/developer

Join the discussion

Want to stay up-to-date with Ruby on Rails?

Join 47,776+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.

    logo Created with Sketch.

    Ruby on Rails tutorials, guides, and screencasts for web developers learning Ruby, Rails, Javascript, Turbolinks, Stimulus.js, Vue.js, and more. Icons by Icons8

    © 2021 GoRails, LLC. All rights reserved.