Louis

I've followed the updated instructions and I've run into some intermittent behavior where I get the

when (400..499)
  raise OAuth::Unauthorized, response

response myself. The best I can determine, if I start from the Connect Twitter button and get a Rails error partway through (say because I didn't call redirect_to root_path in OmniauthCallbacksController::twitter), then refreshing the page will lead to the above Unauthorized error.

So if you're getting this error, try fixing any underlying Rails errors and then reload the home page and click the button and see if it works!

Sorry -- the indentation didn't get saved in the above!

In app/controllers/password_resets_controller.rb, the update method doesn't have a rescue (like edit does), but it still uses @user = User.find_signed!. This means that if the user gets to the password reset page and is authed successfully, but doesn't submit the page before the token expires, they will get an exception.

So one solution would be to have it look like this:

def update
@user = User.find_signed!(params[:token], purpose: "password_reset")
rescue ActiveSupport::MessageVerifier::InvalidSignature
redirect_to sign_in_path, alert: "Your token has expired. Please try again."
else
if @user.update(password_params)
redirect_to sign_in_path, notice: "Your password was reset successfully. Please sign in."
else
render :edit
end
end