Skip to main content

Sign In With Twitter using Omniauth and the Twitter gem Discussion

General • Asked by Chris Oliver

Excellent episode Chris! 2 off-episode questions: why does your version of Chrome have a "People" menu and any chance you'll post this to github?

I think it came in Chrome beta a month or two ago. It's so useful to separate out your Google accounts between windows.

And I've uploaded the repo for this app to Github for you. :) It's the last link in the resources list.


Nice episode Chris. A small note that might help people new to adding initializers is that you need to restart your app after you add the omniauth initializer so that localhost:3000/auth/twitter works as expected. Might throw a few people off if they follow your steps along and forget to restart the app.

Good catch! At a point, it becomes second nature and I forget to mention things like that being required. :)

Rutul, you saved my bacon with that. I was using a RailsCast tutorial for ages and completely forgot that tip. This one is much more current and useful though. Thanks all!

Agree with Tim. This tut is awesome and way better than the railscast video about twitter. Rutul, you saved my life too.


The Omniauth auth hash actually uses a gem called Hashie to allow method access for keys, not HashWithIndifferentAccess which only allows you to use symbols/strings keys interchangeably.

The main annoyance of Omniauth I find is when using it with Devise. The Devise user model requires an email to work 'out of the box' and Twitter's API does not give you the users email.

Yeah my mistake there. Hashie is great.

Agreed with Twitter's API. They want to control that information which is unfortunate. In that case, you can generate a fake email if you don't want to ask the user for it, or you can send them to a form to fill out that information. Neither is ideal, but it gets the job done.

I found this post useful:

http://sourcey.com/rails-4-...

It works on the basis that a user might want to login with different OAuth providers but for them to link to the same account. It fixes the Twitter problem by basically asking for an email addresses after logging in.


Good one nicely explained


Super helpful episode! I was in the middle of connecting my app to Stripe Connect (which also uses OmniAuth) and the steps are pretty much identical. Just wondering if anyone has come up with a good strategy for testing this kind of behaviour?

This looks like a reasonable approach to testing your user creation and lookups but it isn't a full example: http://stackoverflow.com/qu...

Brilliant! Got it working. More info here too if anyone's interested: https://github.com/intridea...


How it to realize in database Mongoid? Mistake $oil... "id" mongo "_id" error current_user.name, name no safe in database... help


Chris, I keep trying to take a version of this into the production environment but have had no luck. Keep getting "OAuth::Unauthorized 401 Authorization Required" errors. Any idea why?

I believe that can happen with the callback url on Twitter. You might try http://127.0.0.1:3000/ instead of localhost.

I figured it out. I had forgotten to move my twitter api key and secret to the production area of secrets.yml. Thanks mate!

Awesome, glad you got it figured out!


Any thoughts to why my variables declared in secrets.yml file would not be loading correctly when I restart my app? My Rails.applications.secrets.twitter_xxxx isn't pulling correctly to the point where the omniauth.rb initializer crashes rails when I restart the server.


Great episode Chris, I'm currently trying to integrate this gem with devise but not very successful, any chance you could run through this in the near future?

That's the plan. Twitter is a bit frustrating because it doesn't give you an email so you can't create Devise users easily with it. Need to store the OAuth hash in the session so you can ask for an email first. I'll be doing an episode on that soon.

Thanks again Chris, it's also nice to see your rapid reply to a newbie like me 😃

did you ever manage to get this going? Can't login users because of @user.email

I haven't done an episode on it, but for now, check out this tutorial. It should do the trick for you! http://sourcey.com/rails-4-...

Recently twitter started to white-list applications to provide developers with more access to user data; such as, email. Check out this link https://dev.twitter.com/res... and fill the application to get white listed.

Awesome, didn't realize they started offering that. This is going to help a lot with Twitter integrations. Thanks for sharing!


Just on the gitignore for secrets.yml. You can't do this after you have already commit secrets.yml. I followed the instructions but had already commited it so gitignore would always see it even if I deleted it etc.

The answer I am now looking for is how to generate a new secrets.yml secret_key_base

from the command line `rake secret` and copy into your secrets.yml file for develop and test environments (if you are choosing to gitignore the new file).


Please note that if you follow this guide and you are also using devise omniauthable you will not need to create the omniauth.rb file. You can go to devise.rb and find the omniauth configuration lines there (just uncomment the config.omniauth lines and set it like Chris does (I think initially Devise had ENV instead of Rails.application.secrets...

# ==> OmniAuth
# Add a new OmniAuth provider. Check the wiki for more information on setting
# up on your models and hooks.
# config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'
config.omniauth :yammer, Rails.application.secrets.yammer_api_key, Rails.application.secrets.yammer_api_secret

If you did what I did and set the devise.rb as well as the omniauth.rb then you will get two callback requests and trigger a CSRF error. (note I am using Yammer and yammer-omniauth gem instead of Twitter but pretty much all worked the same.

Started GET "/users/auth/yammer/callback?code=keyQ&state=secret" for 127.0.0.1 at 2015-02-05 16:31:15 +1000
I, [2015-02-05T16:31:15.558087 #3900] INFO -- omniauth: (yammer) Callback phase initiated.
I, [2015-02-05T16:31:42.574957 #3900] INFO -- omniauth: (yammer) Callback phase initiated.
E, [2015-02-05T16:31:42.575381 #3900] ERROR -- omniauth: (yammer) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected
Processing by Users::OmniauthCallbacksController#failure as HTML
Parameters: {"code"=>"key", "state"=>"secret"}
Redirected to http://localhost:3000/sign_in
Completed 302 Found in 2ms (ActiveRecord: 0.0ms)


Really good walkthrough, I was able to use this for Facebook as well with some elbow grease. Thank you. And you make me want to learn VIM!

Learning Vim proved to be super useful for me over the years! :)


Fabián Francisco Leiva

Really good tutorial, i tried this for facebook as well and works great! but now im having issues when i try to obtain user's data such as the email. Some say that i have to edit the "scope" parameter on omniatuh.rb, plz can anybody help me?

You can update your config when you setup Omniauth, you can specify your scope there. There are a lot of options for this, so just look up the available scopes for facebook to get the full list.

config.omniauth :facebook, "APP_ID", "APP_SECRET", scope: 'email', info_fields: 'email, name'


Is there a previous video that I'm missing? This was a great video until the part about the actual tweets-- it seems to be missing the part where used rails to create the Tweet and TweetsController scaffolding and routes.


Very helpful Chris! Learnt a lot in this 20 minutes session.. Thank you!


Shawn Nigel Rebello

Very helpful tutorial Chris! Got it working for facebook as well


I got this type of error please give me a way to solve it. https://uploads.disquscdn.c...


Login or Create An Account to join the conversation.

Subscribe to the newsletter

Join 22,346+ developers who get early access to new screencasts, articles, guides, updates, and more.

    By clicking this button, you agree to the GoRails Terms of Service and Privacy Policy.

    More of a social being? We're also on Twitter and YouTube.