socialcast / devise_oauth2_providable Goto Github PK
View Code? Open in Web Editor NEWRails3 engine integrating OAuth2 authentication with Devise
License: MIT License
Rails3 engine integrating OAuth2 authentication with Devise
License: MIT License
I've been using cyu/rack-cors to provide access my API through XHR requests. This returns the following headers:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Methods:GET, PUT, CREATE, DELETE
Access-Control-Allow-Origin:http://app.mydomain.dev
Access-Control-Expose-Headers:
Access-Control-Max-Age:1728000
However, as soon as I start authenticating the backend using devise_oauth2_providable
with :authenticate_user!
, the CORS headers are lost and I can no longer access my API:
XMLHttpRequest cannot load http://api.mydomain.dev/projects.
Origin http://app.mydomain.dev is not allowed by Access-Control-Allow-Origin.
(no response-header is returned and the request simply stops with Status showing as canceled)
Could it be that devise_oauth2_providable
overrides all previous set headers and therefor the cors headers are no longer sent back? And if so, I couldn't find anything doing this in the gem source, so should I be looking at nov/rack-oauth2 for the problem?
app/views/layouts/_navigation.html.erb where line #11 raised:
undefined local variable or method `destroy_user_session_path' for #<#:0x37e60d8>
Hello,
I have an issue, and this could be my own issue but looking for an answer. Each time the user logs in it's asking to "Approve" or "Deny", should this only take place once or until the refresh token expires or the user removes the app from the approved list?
Am i missing something?
Request in order:
/oauth2/authorize
"Approve" or "Deny" (every time)
/oauth2/ token (Grant type Authorization code)
Is there a way for the user to ONLY "Approve" or "Deny" once?
Thanks in advance!
I'm getting an undefined_method error when I try to grant access to a Backbone app using a token.
Here's the log:
NoMethodError (undefined method `uid=' for #<Rack::OAuth2::Server::Authorize::Token::Response:0x007fa4a0183818>):
/Users/Jean/.rbenv/versions/1.9.3-p125/lib/ruby/gems/1.9.1/bundler/gems/devise_oauth2_providable-e329bc1afbd6/app/controllers/devise/oauth2_providable/authorizations_controller.rb:46:in `block in authorize_endpoint'
rack-oauth2 (0.11.0) lib/rack/oauth2/server/abstract/handler.rb:13:in `call'
rack-oauth2 (0.11.0) lib/rack/oauth2/server/abstract/handler.rb:13:in `call'
rack-oauth2 (0.11.0) lib/rack/oauth2/server/authorize/token.rb:9:in `call'
rack-oauth2 (0.11.0) lib/rack/oauth2/server/authorize.rb:7:in `call'
If I look at the code causing the error at authorizations_controller.rb#L46 and compare that with Rack::Oauth2's token.rb#L59 then it seems Rack::Oauth2 doesn't accept the uid attribute.
Am I doing something wrong? Or has something changed in Rack::Oauth2 that is incompatible with this gem? I looked at their commits in the last few days, but couldn't find anything related to this issue.
Removing the provided line in devise_oauth2_providable
"fixes" the issue, but since I don't see the uid being used anywhere I am not sure if this causes a security issue or not.
Hello there,
I'm having an issue when trying to getting an access token from an iOS client (from an in-house SDK) with my rails-3.1.1 APIs.
The /authorize looks ok, and when I'm getting my authorization code and trying to post on /token, I'm experiencing some:
undefined method `refresh_tokens' for nil:NilClass (development mode).
It comes from tokens#create, and it looks like my env[Devise::Oauth2Providable::CLIENT_ENV_REF] is empty/nil.
I do have an ugly workaround, which consist in subclassing tokens_controller and overriding the method oauth2_current_client, authenticate_user! & cie and bypassing the calls on env[xxx].
Any idea?
Regards,
After a fresh boot of the server:
$> curl -d client_id\=cf975811cbbcfc1ff3fc8afa04c8d8ac\&client_secret\=a4fff2a5a4557ac57f8953b2b8c79f46\&grant_type\=password\&username\=admin\&password\=test http://localhost:3002/oauth/token
<html><body>You are being <a href="http://localhost:3002/users/sign_in">redirected</a>.</body></html>
$> curl -d client_id\=cf975811cbbcfc1ff3fc8afa04c8d8ac\&client_secret\=a4fff2a5a4557ac57f8953b2b8c79f46\&grant_type\=password\&username\=admin\&password\=test http://localhost:3002/oauth/token
{"access_token":"f437ba79dacf57b23e70ef7c2475bc20","token_type":"bearer","expires_in":899,"refresh_token":"0cd05cdeadf642a8ed0b9677cf4e15ce"}
Can also reproduce by booting it then going to the authorize URL (in rails s
output) will see:
Started GET "/oauth/authorize?response_type=code&client_id=cf975811cbbcfc1ff3fc8afa04c8d8ac&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fusers%2Fauth%2Fngin%2Fcallback" for 127.0.0.1 at 2012-08-29 16:18:21 -0500
Processing by Devise::Oauth2Providable::AuthorizationsController#new as HTML
Parameters: {"response_type"=>"code", "client_id"=>"cf975811cbbcfc1ff3fc8afa04c8d8ac", "redirect_uri"=>"http://localhost:3000/users/auth/ngin/callback"}
Completed 401 Unauthorized in 6ms
Which will eventually succeed in loading the sign_in URL fine (no extra calls or anything)
are you thinking to provide mongoid functionality?
if yes I can help with that
This is more of an initial question - but would anyone be interested in getting this conform with newer versions of the standard? I'd be up for involving myself in that.
I am putting together a web service for a mobile app and am getting the error message after authenticating. My client is an iOS app and it is able to pass the authorization part and I see records being created in the oauth2_authorization_codes table. The problem is that it fails when attempting to set the refresh token. Any help would be appreciated.
I put some print statements in the devise/oauth2_providable/tokens_controller.rb to see what was going on. Below is the terminal output with my debug statements:
Started POST "/oauth2/authorizations" for 127.0.0.1 at 2012-12-11 17:07:17 -1000
Processing by Devise::Oauth2Providable::AuthorizationsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"INzYLPAAzzVTH7bDKuVItFkDzAmfMrJWNvkMQGbbAoE=", "client_id"=>"dd58eef1c489c744742546
abe08ca6b9", "response_type"=>"code", "redirect_uri"=>"http://127.0.0.1", "commit"=>"Approve", "approve"=>"true"}
User Load (0.3ms) SELECT 'users'.* FROM 'users' WHERE 'users'.'id' = 2 LIMIT 1
Devise::Oauth2Providable::Client Load (0.4ms) SELECT 'oauth2_clients'.* FROM 'oauth2_clients' WHERE 'oauth2_clients'.'identifier' =
'dd58eef1c489c744742546abe08ca6b9' LIMIT 1
(0.1ms) BEGIN
Devise::Oauth2Providable::AuthorizationCode Exists (0.4ms) SELECT 1 AS one FROM 'oauth2_authorization_codes' WHERE 'oauth2_authorization_codes'.'token' = BINARY '19422126acf59290e4a77bd7338e19e1' LIMIT 1
SQL (0.4ms) INSERT INTO 'oauth2_authorization_codes' ('client_id', 'created_at', 'expires_at', 'token', 'updated_at', 'user_id') VALUES (1, '2012-12-12 03:07:17', '2012-12-12 03:08:17', '19422126acf59290e4a77bd7338e19e1', '2012-12-12 03:07:17', 2)
(0.9ms) COMMIT
Redirected to http://127.0.0.1?code=19422126acf59290e4a77bd7338e19e1
Completed 302 Found in 12ms (ActiveRecord: 2.6ms)
========== current_user
--- !ruby/object:User
attributes:
id: 2
email: [email protected]
encrypted_password: $2a$10$IyV3ZQY1OQawLx2Y0VJe7OlmWH28poe6j94C8f9XTn9sAKQLH2DaO
reset_password_token: !!null
reset_password_sent_at: !!null
remember_created_at: !!null
sign_in_count: 11
current_sign_in_at: 2012-12-12 02:29:31.000000000Z
last_sign_in_at: 2012-12-11 22:35:02.000000000Z
current_sign_in_ip: 127.0.0.1
last_sign_in_ip: 127.0.0.1
authentication_token: !!null
created_at: 2012-12-03 19:55:18.000000000Z
updated_at: 2012-12-12 02:29:31.000000000Z
provider: !!null
uid: !!null
role: developer
========== oauth2_current_refresh_token
========== env[Devise::Oauth2Providable::REFRESH_TOKEN_ENV_REF]
========== oauth2_current_client
========== env[Devise::Oauth2Providable::CLIENT_ENV_REF]
--- !!null
...
========== env[Devise::Oauth2Providable::REFRESH_TOKEN_ENV_REF]
========== env[Devise::Oauth2Providable::CLIENT_ENV_REF]
Started POST "/oauth2/token?grant_type=authorization_code&client_secret=[FILTERED]&code=19422126acf59290e4a77bd7338e19e1&redirect_uri=
http://127.0.0.1&client_id=dd58eef1c489c744742546abe08ca6b9" for 127.0.0.1 at 2012-12-11 17:07:17 -1000
Processing by Devise::Oauth2Providable::TokensController#create as */*
Parameters: {"grant_type"=>"authorization_code", "client_secret"=>"[FILTERED]", "code"=>"19422126acf59290e4a77bd7338e19e1", "redirec
t_uri"=>"http://127.0.0.1", "client_id"=>"dd58eef1c489c744742546abe08ca6b9"}
User Load (0.3ms) SELECT 'users'.* FROM `users` WHERE 'users'.'id' = 2 LIMIT 1
Completed 500 Internal Server Error in 4ms
NoMethodError (undefined method `refresh_tokens' for nil:NilClass):
Thanks,
David
I'm trying to use it but I've run into some issues. Out of the box, when I grant access to a client app, oauth2/token does not see the current user (but there is one):
Started POST "/oauth2/token" for 127.0.0.1 at 2011-08-17 16:02:30 -0300
Processing by Oauth2::TokensController#create as
Parameters: {"grant_type"=>"authorization_code", "code"=>"09e3b07c2a2ebb692a961c01afecebd3", "client_id"=>"120094574673767", "client_secret"=>"[FILTERED]", "redirect_uri"=>"http://localhost:9393/oauth/callback"}
Completed in 16ms
Started POST "/users/sign_in" for 127.0.0.1 at 2011-08-17 16:02:31 -0300
Processing by Devise::SessionsController#create as
Parameters: {"grant_type"=>"authorization_code", "code"=>"09e3b07c2a2ebb692a961c01afecebd3", "client_id"=>"120094574673767", "client_secret"=>"[FILTERED]", "redirect_uri"=>"http://localhost:9393/oauth/callback"}
Completed in 61ms
Processing by Devise::SessionsController#new as
Parameters: {"grant_type"=>"authorization_code", "code"=>"09e3b07c2a2ebb692a961c01afecebd3", "client_id"=>"120094574673767", "client_secret"=>"[FILTERED]", "redirect_uri"=>"http://localhost:9393/oauth/callback"}
Rendered /Users/tute/.rvm/gems/ruby-1.9.2-p290/gems/devise-1.4.2/app/views/devise/shared/_links.erb (2.2ms)
Rendered /Users/tute/.rvm/gems/ruby-1.9.2-p290/gems/devise-1.4.2/app/views/devise/sessions/new.html.erb within layouts/application (13.4ms)
Completed 200 OK in 37ms (Views: 24.6ms | ActiveRecord: 0.0ms)
If I comment the before filters from the gem controllers, I get:
Started POST "/oauth2/token" for 127.0.0.1 at 2011-08-17 16:04:53 -0300
Processing by Oauth2::TokensController#create as
Parameters: {"grant_type"=>"authorization_code", "code"=>"5a76d626ab5a1d2e7e334e8c95a90d0f", "client_id"=>"120094574673767", "client_secret"=>"[FILTERED]", "redirect_uri"=>"http://localhost:9393/oauth/callback"}
Completed 500 Internal Server Error in 1ms
NoMethodError (undefined method `refresh_tokens' for nil:NilClass):
The nil object comes from Oauth2::TokensController#oauth2_current_client
, which returns env['oauth2.client']
.
Why is this happening? Thanks in advance,
TuteC.
I've noticed that in the production environment, or specifically, with "config.cache_classes = true" set, tokens are not expired properly. I've tested this with Rails 3.1.3 and devise_oauth2_providable 1.0.5.
This seems to be a problem in Devise::Oauth2Providable::ExpirableToken#expires_according_to, where the use of a named scope with a lambda that's then applied using default_scope causes the lambda to be evaulated only once, at server start. That then means that tokens are checked for expiry against the server start time, not against the current time, which means they'll never expire - at least until the server is restarted.
The simplest fix appears to be to pass the lambda directly to default_scope, which does then cause it to be re-evaluated for each load. I couldn't find anywhere that appears to depend on the existence of the named scope itself.
I encountered some namespace conflicts when using the client class. I think it's desirable to specify the namespace for all the Client constant appearing in the code. Thanks.
At the moment the controllers reference current_user
and authenticate_user!
but our application uses a model called Member
instead of User
.
The Devise registration controller has a small helper that handles this nicely
Hi,
A few days ago, a security update has been made to omniauth-oauth2
, this one uses the :state parameter to mitigate CSRF. omniauth/omniauth-oauth2#18
However, it seem that devise_oauth2_providable
doesn't handle this parameter as expected as it doesn't send it back in the callback.
A similar issue seems to be faced at omniauth/omniauth-oauth2#20
Hi, sorry to file this under issues, but I thought this might be a common enough question.
I'm attempting to do an auto-login after password-reset within devise's passwords controller.
I can't figure out how to do this, and thought perhaps you could suggest an approach.
The snippet looks a lot like the standard passwords controller, but I'm returning a JSON only response.
# PUT /reset
def update
self.resource = resource_class.reset_password_by_token(resource_params)
if resource.errors.empty?
resource.unlock_access! if unlockable?(resource)
message = resource.active_for_authentication? ? :updated : :updated_not_active
sign_in(resource_name, resource)
# ***TODO: Do an OAuth2 login here***
render :json => { success: true, message: message, auth: @access_tokens }
else
render :json => { success: false, errors: resource.errors }, :status => :bad_request
end
end
Any help would be much appreciated
This gem is not compatible with rails3.2 (for running the specs) and it took a lot of digging to figure that out. It would be nice to have a Gemfile.lock file for contributors.
I am trying to obtain access token according to Section 4.3.2 Of OAuth 2.0 RFC.
When I send client_id and client_secret together with username and password everything works fine. But I need to obtain the access token without sending client_id and client_secret as my client is not confidential, say. Here is the HTTP flow between client and authorization server.
POST http://localhost:3000/oauth2/token HTTP/1.1
User-Agent: Fiddler
Host: localhost:3000
Content-Type: application/x-www-form-urlencoded
Content-Length: 59
grant_type=password&username=[email protected]&password=test
The server responds with 400 Bad request
HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 71
X-Ua-Compatible: IE=Edge
X-Runtime: 0.009000
Server: WEBrick/1.3.1 (Ruby/1.9.3/2013-02-22)
Date: Thu, 04 Apr 2013 11:56:27 GMT
Connection: Keep-Alive
{"error":"invalid_request","error_description":"'client_id' required."}
How can I force the server not to bother about client's credentials?
Hey,
I am having a small issue with my layout and using Devise/oauth2_providable. I have Devise 100% up and working, the oauth2 has been tested from a client and is working to a point.
This issue i am getting is:
undefined local variable or method `settings_path' for #<#Class:0x007fd465b29378:0x007fd465aca328>
This issue shows it self when the user try's to login (oauth2/authorize) from oauth2. So the user is coming from the client to the provider to approve the client.
Here is whats in the view:
<%=link_to "Settings", settings_path%>
Here is the route to back it up:
match 'settings' => 'dashboard#settings', :as => :settings
What am i doing wrong here? I can remove the link from the view and it works just fine. Any help would be great, thanks!!
Rails 3.1.1
Ruby 1.9.2-p290
Is there a reason why devise_oauth2_providable depends on such an old version of rack-oauth2?
The current version of rack-oauth2 is 0.8.4 and the ~> 0.6.0 dependecy is causing a dependency conflict for me in a project I'm working on (fb_graph requires rack-oauth2 ~> 0.8.0).
Bundler could not find compatible versions for gem "rack-oauth2":
In Gemfile:
devise_oauth2_providable depends on
rack-oauth2 (~> 0.6.3)
fb_graph depends on
rack-oauth2 (0.8.1)
Followed instructions in README. Added to gemfile, then ran bundle install, then rake task and got error:
rake devise_oauth2_providable:install:migrations
rake aborted!
Don't know how to build task 'devise_oauth2_providable:install:migrations'
Using bundle exec rake ... doesn't make a difference. Neither does installing the gem using sudo gem install ...
Happy to post whatever you need and help work out what the issue is, but not sure where to start looking.
Running devise 1.4.8 and devise_oauth2_providable 0.3.8.
I keep getting this error and rake routes does not have a route for it either:
Started POST "/oauth2/access_token" for 127.0.0.1 at 2011-05-09 13:47:07 -0400
ActionController::RoutingError (No route matches "/oauth2/access_token"):
I know I can just add one, but your documentation said it should be accepted somehow... Where can i look to see what I'm doing wrong?
Since we are validating uniqueness of name
in Devise::Oauth2Providable::Client
(oauth2_clients (name)
) perhaps is a good idea to put a unique index also on name
in migrations.
I know it may be outside of what you want to offer here, but actually i think it fits nicely.
similar to authenticate_user, there should be a method to protect a Controller resource where you need an access token to trigger it.
I can create it in a fork, but what do you call your request.env[".....????..."] I'll dig around, but if you know off the top of your head, cool.
From rails guides:
> Rails 4.0 requires that routes using match must specify the request method. For example:
> # Rails 3.x
> match "/" => "root#index"
>
># becomes
>match "/" => "root#index", via: :get
>
># or
>get "/" => "root#index"
Issue:
https://github.com/socialcast/devise_oauth2_providable/blob/master/config/routes.rb#L5
'match' method used without request method, application crashes on start-up.
Started POST "/oauth2/authorizations" for 127.0.0.1 at 2013-06-23 08:48:00 +0200
Processing by Devise::Oauth2Providable::AuthorizationsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"BJD0TTWQiZTbijI/4FkjrZ4lKVSswMar0ePWSO++V/A=", "client_id"=>"6bdd98b192c59ee3cfea7852f3cc459c", "response_type"=>"code", "redirect_uri"=>"urn:ietf:wg:oauth:2.0:oob", "approve"=>"true", "commit"=>"Allow access"}
User Load (0.7ms) SELECT "accounts".* FROM "accounts" WHERE "accounts"."deleted_at" IS NULL AND "accounts"."type" IN ('User') AND "accounts"."id" = 1 LIMIT 1
Devise::Oauth2Providable::Client Load (0.4ms) SELECT "oauth2_clients".* FROM "oauth2_clients" WHERE "oauth2_clients"."identifier" = '6bdd98b192c59ee3cfea7852f3cc459c' LIMIT 1
(0.1ms) BEGIN
Devise::Oauth2Providable::AuthorizationCode Exists (0.2ms) SELECT 1 AS one FROM "oauth2_authorization_codes" WHERE "oauth2_authorization_codes"."token" = '908d3e4cd4cbacbd370d7997ef560bbd' LIMIT 1
SQL (0.4ms) INSERT INTO "oauth2_authorization_codes" ("client_id", "created_at", "expires_at", "token", "updated_at", "user_id") VALUES ($1, $2, $3, $4, $5, $6) RETURNING "id" [["client_id", 13], ["created_at", Sun, 23 Jun 2013 06:48:00 UTC +00:00], ["expires_at", Sun, 23 Jun 2013 06:49:00 UTC +00:00], ["token", "908d3e4cd4cbacbd370d7997ef560bbd"], ["updated_at", Sun, 23 Jun 2013 06:48:00 UTC +00:00], ["user_id", 1]]
(0.1ms) COMMIT
Completed 500 Internal Server Error in 17ms
URI::InvalidURIError - query conflicts with opaque:
/Users/kain/.rvm/rubies/ruby-2.0.0-p195/lib/ruby/2.0.0/uri/generic.rb:890:in `check_query'
/Users/kain/.rvm/rubies/ruby-2.0.0-p195/lib/ruby/2.0.0/uri/generic.rb:936:in `query='
rack-oauth2 (0.11.0) lib/rack/oauth2/util.rb:36:in `redirect_uri'
rack-oauth2 (0.11.0) lib/rack/oauth2/server/authorize.rb:98:in `redirect_uri_with_credentials'
rack-oauth2 (0.11.0) lib/rack/oauth2/server/authorize.rb:104:in `finish'
rack-oauth2 (0.11.0) lib/rack/oauth2/server/authorize.rb:7:in `call'
devise_oauth2_providable (1.1.2) app/controllers/devise/oauth2_providable/authorizations_controller.rb:16:in `create'
Rails 3.2.2 with config.active_record.whitelist_attributes = true
, this happens when approving the request:
Can't mass-assign protected attributes: client
activemodel (3.2.2) lib/active_model/mass_assignment_security/sanitizer.rb:48:in `process_removed_attributes'
activemodel (3.2.2) lib/active_model/mass_assignment_security/sanitizer.rb:20:in `debug_protected_attribute_removal'
activemodel (3.2.2) lib/active_model/mass_assignment_security/sanitizer.rb:12:in `sanitize'
activemodel (3.2.2) lib/active_model/mass_assignment_security.rb:228:in `sanitize_for_mass_assignment'
activerecord (3.2.2) lib/active_record/attribute_assignment.rb:75:in `assign_attributes'
activerecord (3.2.2) lib/active_record/base.rb:495:in `initialize'
activerecord (3.2.2) lib/active_record/reflection.rb:183:in `new'
activerecord (3.2.2) lib/active_record/reflection.rb:183:in `build_association'
activerecord (3.2.2) lib/active_record/associations/association.rb:233:in `build_record'
activerecord (3.2.2) lib/active_record/associations/collection_association.rb:432:in `block in create_record'
activerecord (3.2.2) lib/active_record/associations/collection_association.rb:149:in `block in transaction'
activerecord (3.2.2) lib/active_record/connection_adapters/abstract/database_statements.rb:192:in `transaction'
activerecord (3.2.2) lib/active_record/transactions.rb:208:in `transaction'
/Users/kain/.rvm/gems/ruby-1.9.3-p125/bundler/gems/deadlock_retry-874c80de92d9/lib/deadlock_retry.rb:31:in `transaction_with_deadlock_handling'
activerecord (3.2.2) lib/active_record/associations/collection_association.rb:148:in `transaction'
activerecord (3.2.2) lib/active_record/associations/collection_association.rb:431:in `create_record'
activerecord (3.2.2) lib/active_record/associations/collection_association.rb:123:in `create!'
activerecord (3.2.2) lib/active_record/associations/collection_proxy.rb:46:in `create!'
devise_oauth2_providable (1.1.0) app/controllers/devise/oauth2_providable/authorizations_controller.rb:40:in `block in authorize_endpoint'
rack-oauth2 (0.11.0) lib/rack/oauth2/server/abstract/handler.rb:13:in `call'
rack-oauth2 (0.11.0) lib/rack/oauth2/server/abstract/handler.rb:13:in `call'
rack-oauth2 (0.11.0) lib/rack/oauth2/server/authorize/code.rb:9:in `call'
rack-oauth2 (0.11.0) lib/rack/oauth2/server/authorize.rb:7:in `call'
devise_oauth2_providable (1.1.0) app/controllers/devise/oauth2_providable/authorizations_controller.rb:16:in `create'
actionpack (3.2.2) lib/action_controller/metal/implicit_render.rb:4:in `send_action'
actionpack (3.2.2) lib/abstract_controller/base.rb:167:in `process_action'
actionpack (3.2.2) lib/action_controller/metal/rendering.rb:10:in `process_action'
actionpack (3.2.2) lib/abstract_controller/callbacks.rb:18:in `block in process_action'
activesupport (3.2.2) lib/active_support/callbacks.rb:458:in `_run__2117497397318556011__process_action__3349921856018633445__callbacks'
activesupport (3.2.2) lib/active_support/callbacks.rb:405:in `__run_callback'
activesupport (3.2.2) lib/active_support/callbacks.rb:385:in `_run_process_action_callbacks'
activesupport (3.2.2) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (3.2.2) lib/abstract_controller/callbacks.rb:17:in `process_action'
actionpack (3.2.2) lib/action_controller/metal/rescue.rb:29:in `process_action'
actionpack (3.2.2) lib/action_controller/metal/instrumentation.rb:30:in `block in process_action'
activesupport (3.2.2) lib/active_support/notifications.rb:123:in `block in instrument'
activesupport (3.2.2) lib/active_support/notifications/instrumenter.rb:20:in `instrument'
activesupport (3.2.2) lib/active_support/notifications.rb:123:in `instrument'
actionpack (3.2.2) lib/action_controller/metal/instrumentation.rb:29:in `process_action'
actionpack (3.2.2) lib/action_controller/metal/params_wrapper.rb:205:in `process_action'
activerecord (3.2.2) lib/active_record/railties/controller_runtime.rb:18:in `process_action'
actionpack (3.2.2) lib/abstract_controller/base.rb:121:in `process'
actionpack (3.2.2) lib/abstract_controller/rendering.rb:45:in `process'
actionpack (3.2.2) lib/action_controller/metal.rb:203:in `dispatch'
actionpack (3.2.2) lib/action_controller/metal/rack_delegation.rb:14:in `dispatch'
actionpack (3.2.2) lib/action_controller/metal.rb:246:in `block in action'
actionpack (3.2.2) lib/action_dispatch/routing/route_set.rb:67:in `call'
actionpack (3.2.2) lib/action_dispatch/routing/route_set.rb:67:in `dispatch'
actionpack (3.2.2) lib/action_dispatch/routing/route_set.rb:30:in `call'
journey (1.0.3) lib/journey/router.rb:68:in `block in call'
journey (1.0.3) lib/journey/router.rb:56:in `each'
journey (1.0.3) lib/journey/router.rb:56:in `call'
actionpack (3.2.2) lib/action_dispatch/routing/route_set.rb:594:in `call'
railties (3.2.2) lib/rails/engine.rb:479:in `call'
railties (3.2.2) lib/rails/railtie/configurable.rb:30:in `method_missing'
journey (1.0.3) lib/journey/router.rb:68:in `block in call'
journey (1.0.3) lib/journey/router.rb:56:in `each'
journey (1.0.3) lib/journey/router.rb:56:in `call'
actionpack (3.2.2) lib/action_dispatch/routing/route_set.rb:594:in `call'
omniauth (1.0.3) lib/omniauth/strategy.rb:168:in `call!'
omniauth (1.0.3) lib/omniauth/strategy.rb:148:in `call'
omniauth (1.0.3) lib/omniauth/strategy.rb:168:in `call!'
omniauth (1.0.3) lib/omniauth/strategy.rb:148:in `call'
omniauth (1.0.3) lib/omniauth/strategy.rb:168:in `call!'
omniauth (1.0.3) lib/omniauth/strategy.rb:148:in `call'
omniauth (1.0.3) lib/omniauth/strategy.rb:168:in `call!'
omniauth (1.0.3) lib/omniauth/strategy.rb:148:in `call'
omniauth (1.0.3) lib/omniauth/strategy.rb:168:in `call!'
omniauth (1.0.3) lib/omniauth/strategy.rb:148:in `call'
sass (3.1.15) lib/sass/plugin/rack.rb:54:in `call'
/Users/kain/.rvm/gems/ruby-1.9.3-p125/bundler/gems/exception_notification-63d9d483fab0/lib/exception_notifier.rb:34:in `call'
warden (1.1.1) lib/warden/manager.rb:35:in `block in call'
warden (1.1.1) lib/warden/manager.rb:34:in `catch'
warden (1.1.1) lib/warden/manager.rb:34:in `call'
actionpack (3.2.2) lib/action_dispatch/middleware/best_standards_support.rb:17:in `call'
rack (1.4.1) lib/rack/etag.rb:23:in `call'
rack (1.4.1) lib/rack/conditionalget.rb:35:in `call'
actionpack (3.2.2) lib/action_dispatch/middleware/head.rb:14:in `call'
actionpack (3.2.2) lib/action_dispatch/middleware/params_parser.rb:21:in `call'
actionpack (3.2.2) lib/action_dispatch/middleware/flash.rb:242:in `call'
rack (1.4.1) lib/rack/session/abstract/id.rb:205:in `context'
rack (1.4.1) lib/rack/session/abstract/id.rb:200:in `call'
actionpack (3.2.2) lib/action_dispatch/middleware/cookies.rb:338:in `call'
activerecord (3.2.2) lib/active_record/query_cache.rb:64:in `call'
activerecord (3.2.2) lib/active_record/connection_adapters/abstract/connection_pool.rb:443:in `call'
actionpack (3.2.2) lib/action_dispatch/middleware/callbacks.rb:28:in `block in call'
activesupport (3.2.2) lib/active_support/callbacks.rb:405:in `_run__940905103500068343__call__2192606004823890971__callbacks'
activesupport (3.2.2) lib/active_support/callbacks.rb:405:in `__run_callback'
activesupport (3.2.2) lib/active_support/callbacks.rb:385:in `_run_call_callbacks'
activesupport (3.2.2) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (3.2.2) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
actionpack (3.2.2) lib/action_dispatch/middleware/reloader.rb:65:in `call'
actionpack (3.2.2) lib/action_dispatch/middleware/remote_ip.rb:31:in `call'
actionpack (3.2.2) lib/action_dispatch/middleware/debug_exceptions.rb:16:in `call'
actionpack (3.2.2) lib/action_dispatch/middleware/show_exceptions.rb:56:in `call'
railties (3.2.2) lib/rails/rack/logger.rb:26:in `call_app'
railties (3.2.2) lib/rails/rack/logger.rb:16:in `call'
config/initializers/quiet_assets.rb:18:in `call_with_quiet_assets'
actionpack (3.2.2) lib/action_dispatch/middleware/request_id.rb:22:in `call'
rack (1.4.1) lib/rack/methodoverride.rb:21:in `call'
/Users/kain/.rvm/gems/ruby-1.9.3-p125/bundler/gems/rack-contrib-95a895fb57e8/lib/rack/contrib/runtime.rb:18:in `call'
activesupport (3.2.2) lib/active_support/cache/strategy/local_cache.rb:72:in `call'
rack (1.4.1) lib/rack/lock.rb:15:in `call'
actionpack (3.2.2) lib/action_dispatch/middleware/static.rb:61:in `call'
railties (3.2.2) lib/rails/engine.rb:479:in `call'
railties (3.2.2) lib/rails/application.rb:220:in `call'
railties (3.2.2) lib/rails/railtie/configurable.rb:30:in `method_missing'
thin (1.3.1) lib/thin/stats.rb:24:in `block in call'
thin (1.3.1) lib/thin/stats.rb:33:in `log'
thin (1.3.1) lib/thin/stats.rb:24:in `call'
thin (1.3.1) lib/thin/connection.rb:80:in `block in pre_process'
thin (1.3.1) lib/thin/connection.rb:78:in `catch'
thin (1.3.1) lib/thin/connection.rb:78:in `pre_process'
thin (1.3.1) lib/thin/connection.rb:53:in `process'
thin (1.3.1) lib/thin/connection.rb:38:in `receive_data'
eventmachine (0.12.10) lib/eventmachine.rb:256:in `run_machine'
eventmachine (0.12.10) lib/eventmachine.rb:256:in `run'
thin (1.3.1) lib/thin/backends/base.rb:61:in `start'
thin (1.3.1) lib/thin/server.rb:159:in `start'
thin (1.3.1) lib/thin/controllers/controller.rb:86:in `start'
thin (1.3.1) lib/thin/runner.rb:185:in `run_command'
thin (1.3.1) lib/thin/runner.rb:151:in `run!'
thin (1.3.1) bin/thin:6:in `<top (required)>'
/Users/kain/.rvm/gems/ruby-1.9.3-p125/bin/thin:19:in `load'
/Users/kain/.rvm/gems/ruby-1.9.3-p125/bin/thin:19:in `<main>'
I see the Client model , but not a CRUD for creating a Client.
Is this a ToDo. I will be happy to create it and contribute to the project.
Just wanna check that I'm on the right page.
According to the latest OAuth 2.0 spec the client_secret
parameter is required when authenticating the client for access tokens.
Currently the secret is created in the model, but the authorization_code
strategy only checks for the client_id
and ignores the client_secret
.
As of now, it seems that the provider will not save the access permission, therefore, on each "Sign In" the user will have to accept or deny access.
How to save such authorization in case of acceptance ? Is that a bug or a feature that need to be implemented on top of it ?
Thanks in advance for your enlightenment,
Best regards,
This gem ranks pretty highly in Google searches for 'OAuth2 + Devise', and there are bunch of tutorials for using it etc. Any chance you could link to an alternative in the README for people coming across it but not being so familiar with the OAuth2 ecosystem? Looks like Doorkeeper is a good alternative?
Sorry that this is a little spammy, but could you guys take a look at this StackOverflow post?
http://stackoverflow.com/q/7663339/124378
It's hard for me to tell if this is bug or implementation fail, but I am pretty sure its a conflict with omniauth stuff, database not saving or oauth2 expecting this to be following a newer draft of the spec than actually is.
after I send GET
http://server/oauth2/authorize?response_type=code&client_id=someid&redirect_uri=callbackuri
to server, which use devise_oauth2_providable, I got
approve/deny page in my browser
I click 'approve'
and got
Invalid Authorization Request
Invalid redirect_uri is given
I found (with debugger) that
I'm not sure that it's an issue, but in any case I really need a help:)
thanx
rails 3.1.3
ruby 1.8.7
According to http://tools.ietf.org/html/draft-ietf-oauth-v2-15#section-4.1.3 the authorization server must validate that the redirection URI matches the redirection URI used by the authorization server to deliver the authorization code. It currently ignores it. (This is in addition to ignoring the client_secret as describe in issue 25)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.