Invalid_client oauth2 error after authorizing my rails app
I am trying to authenticate with an Oauth2 provider using Rails 4.1. After redirecting to the authorize / deny prompt and clicking authorize, I was redirected to my callback url and encountered the following error:
Started GET "/auth/</callback?code=<code>&state=<state>" for 127.0.0.1 at 2014-08-25 12:47:57 +0200
I, [2014-08-25T12:47:57.981471 #12769] INFO -- omniauth: (<provider>) Callback phase initiated.
E, [2014-08-25T12:47:58.697527 #12769] ERROR -- omniauth: (<provider>) Authentication failure! invalid_credentials: OAuth2::Error, invalid_client: Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.
{"error":"invalid_client","error_description":"Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."}
OAuth2::Error (invalid_client: Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.
{"error":"invalid_client","error_description":"Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."}):
oauth2 (0.9.4) lib/oauth2/client.rb:113:in `request'
oauth2 (0.9.4) lib/oauth2/client.rb:138:in `get_token'
oauth2 (0.9.4) lib/oauth2/strategy/auth_code.rb:29:in `get_token'
omniauth-oauth2 (1.1.2) lib/omniauth/strategies/oauth2.rb:93:in `build_access_token'
omniauth-oauth2 (1.1.2) lib/omniauth/strategies/oauth2.rb:75:in `callback_phase'
omniauth (1.2.2) lib/omniauth/strategy.rb:227:in `callback_call'
omniauth (1.2.2) lib/omniauth/strategy.rb:184:in `call!'
omniauth (1.2.2) lib/omniauth/strategy.rb:164:in `call'
omniauth (1.2.2) lib/omniauth/builder.rb:59:in `call'
rack (1.5.2) lib/rack/etag.rb:23:in `call'
rack (1.5.2) lib/rack/conditionalget.rb:25:in `call'
The error is thrown by the oauth2 gem and it never reaches the my / auth / failure endpoint during development. My .rb routes look like this
Rails.application.routes.draw do
root 'static_pages#home'
# Auth routes
get '/auth/:provider/callback', to: 'sessions#create'
get '/signin', to: 'sessions#new', as: :signin
get '/signout', to: 'sessions#destroy', as: :signout
get '/auth/failure', to: 'sessions#failure'
end
My session controller is just a skeleton, but it never gets there like I said before:
class SessionsController < ApplicationController
def new
redirect_to '/auth/<provider>'
end
def create
redirect_to root_url, notice: 'Signed in'
end
def destroy
redirect_to root_url, notice: 'Signed out'
end
def failure
redirect_to root_url, alert: "Oops: #{params[:messsage].humanize}"
end
end
I'm pretty sure the ID and private keys I'm using are working (they work with this tool https://www.runscope.com/oauth2_tool ). I am using the following strategy implemented by the Oauth provider:
module OmniAuth
module Strategies
class <Provider> < OmniAuth::Strategies::OAuth2
# Give your strategy a name.
option :name, '<provider_name>'
option :provider_ignores_state, true
# This is where you pass the options you would pass when
# initializing your consumer from the OAuth gem.
option :client_options, {
site: 'https://<provider>/api/3',
authorize_url: 'https://<provider>/oauth2/authorize',
token_url: 'https://<provider>/oauth2/token'
}
option :authorize_params, {
response_type: 'code'
}
# These are called after authentication has succeeded. If
# possible, you should try to set the UID without making
# additional calls (if the user id is returned with the token
# or as a URI parameter). This may not be possible with all
# providers.
uid{ raw_info['id'] }
info do
{
:name => [ raw_info['first_name'], raw_info['last_name'] ].join(' '),
:email => raw_info['email']
}
end
extra do
{
'raw_info' => raw_info
}
end
def raw_info
@raw_info ||= access_token.get("#{options[:client_options][:site]}/me").parsed
end
end
end
end
I suspect it is not sending the correct request for the access_token, but I have not been able to diagnose it yet. Any help would be appreciated.
source to share
No one has answered this question yet
Check out similar questions: