Clever Geek Handbook

Invalid_client oauth2 error after authorizing my rails app

I am trying to authenticate with an Oauth2 provider using Rails 4.1. After redirecting to the authorize / deny prompt and clicking authorize, I was redirected to my callback url and encountered the following error:

Started GET "/auth/</callback?code=<code>&state=<state>" for 127.0.0.1 at 2014-08-25 12:47:57 +0200
I, [2014-08-25T12:47:57.981471 #12769]  INFO -- omniauth: (<provider>) Callback phase initiated.
E, [2014-08-25T12:47:58.697527 #12769] ERROR -- omniauth: (<provider>) Authentication failure! invalid_credentials: OAuth2::Error,  invalid_client: Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.
{"error":"invalid_client","error_description":"Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."}

OAuth2::Error (invalid_client: Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.
{"error":"invalid_client","error_description":"Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."}):
  oauth2 (0.9.4) lib/oauth2/client.rb:113:in `request'
  oauth2 (0.9.4) lib/oauth2/client.rb:138:in `get_token'
  oauth2 (0.9.4) lib/oauth2/strategy/auth_code.rb:29:in `get_token'
  omniauth-oauth2 (1.1.2) lib/omniauth/strategies/oauth2.rb:93:in `build_access_token'
  omniauth-oauth2 (1.1.2) lib/omniauth/strategies/oauth2.rb:75:in `callback_phase'
  omniauth (1.2.2) lib/omniauth/strategy.rb:227:in `callback_call'
  omniauth (1.2.2) lib/omniauth/strategy.rb:184:in `call!'
  omniauth (1.2.2) lib/omniauth/strategy.rb:164:in `call'
  omniauth (1.2.2) lib/omniauth/builder.rb:59:in `call'
  rack (1.5.2) lib/rack/etag.rb:23:in `call'
  rack (1.5.2) lib/rack/conditionalget.rb:25:in `call'

The error is thrown by the oauth2 gem and it never reaches the my / auth / failure endpoint during development. My .rb routes look like this

Rails.application.routes.draw do
  root 'static_pages#home'
  # Auth routes
  get '/auth/:provider/callback', to: 'sessions#create'
  get '/signin', to: 'sessions#new', as: :signin
  get '/signout', to: 'sessions#destroy', as: :signout
  get '/auth/failure', to: 'sessions#failure'
end

My session controller is just a skeleton, but it never gets there like I said before:

class SessionsController < ApplicationController
  def new
    redirect_to '/auth/<provider>'
  end
  def create
    redirect_to root_url, notice: 'Signed in'
  end
  def destroy
    redirect_to root_url, notice: 'Signed out'
  end
  def failure
    redirect_to root_url, alert: "Oops: #{params[:messsage].humanize}"
  end
end

I'm pretty sure the ID and private keys I'm using are working (they work with this tool https://www.runscope.com/oauth2_tool ). I am using the following strategy implemented by the Oauth provider:

module OmniAuth
  module Strategies
    class <Provider> < OmniAuth::Strategies::OAuth2
      # Give your strategy a name.
      option :name, '<provider_name>'

      option :provider_ignores_state, true

      # This is where you pass the options you would pass when
      # initializing your consumer from the OAuth gem.
      option :client_options, {
        site: 'https://<provider>/api/3',
        authorize_url: 'https://<provider>/oauth2/authorize',
        token_url: 'https://<provider>/oauth2/token'
      }

      option :authorize_params, {
        response_type: 'code'
      }

      # These are called after authentication has succeeded. If
      # possible, you should try to set the UID without making
      # additional calls (if the user id is returned with the token
      # or as a URI parameter). This may not be possible with all
      # providers.
      uid{ raw_info['id'] }

      info do
        {
          :name => [ raw_info['first_name'], raw_info['last_name'] ].join(' '),
          :email => raw_info['email']
        }
      end

      extra do
        {
          'raw_info' => raw_info
        }
      end

      def raw_info
        @raw_info ||= access_token.get("#{options[:client_options][:site]}/me").parsed
      end
    end
  end
end

I suspect it is not sending the correct request for the access_token, but I have not been able to diagnose it yet. Any help would be appreciated.

+3


source to share


No one has answered this question yet

Check out similar questions:



More articles:


All Articles