Rails Authentication with OAuth 2.0 and OmniAuth

I was just wondering, what would I have to change in this to allow the users in my app to be able to sign in sign in/link all of the social networks to my app? This is so that when they press the share button on a post they will be able to share it to all of their social networks at one time

Well, that would be a bit more complex setup and unfortunately you’ll have to experiment yourself. The idea is to allow multiple authentications per user and just check that if he already logged in and logging in via another social network, just update his data in the appropriate field.

Hey, thank you for this nice tutorial. Now I’ve completed only up-to Twitter integration, and struck with a problem.

I run rails server inside Virtual Box with Ubuntu server guest. Hence to access rails app from host, I force rails server with this command “rails s -p 80 -b 192.168.x.xx”, So that in host browser entering just IP address will open my rails app and its working fine.
The problem is
In my Twitter app (https://apps.twitter.com/) I have given Website as “http://192.168.x.xx” and Callback URL as “http://192.168.x.xx/auth/twitter/callback”, but when I click twitter link from my app, Its showing error “OAuth::Unauthorized”. After I googled this issue, I found from StackOverflow that it happens when callback URL is wrongly specified. In this tutorial it is suggested to use “http://localhost:3000” which is not possible in my situation.

Any ideas?
Thank you.

Hi! What do these “x” stand for?

Hello bodrovis, I meant to show it was a dynamic IP and it keeps changing. “x” is a variable. Some times its 192.168.1.15, 192.168.1.18, 192.168.1.14 etc and it keeps changing each time I start Virtualbox. But I made sure that the current generated IP is same as the IP I have given in the twitter. And today I’ve to change the IP in twitter according to newly generated IP inside Ubuntu guest. What else I am missing?

Thank you.

Wait, if you are developing on your Ubuntu machine and interacting with your app from the same machine, you’ll have to provide 127.0.0.1 as an address.

Hey sorry, the problem was with this line “provider :twitter, ENV[‘TWITTER_KEY’], ENV[‘TWITTER_SECRET’]”.

As you have stated to copy paste Twitter key and secret, I did exactly same. But later found out that ENV[…] will search for environment variable set in the system. I found the solution after integrating Facebook login, with the error fb_id is not found. The solution was to either set environment variable for TWITTER_KEY and “T…_SECRET” or remove them and copy paste the key and secret as a string, withing double quotes (“sdfjk23424…”). I choose string method.

How ever now I have new problems now.

  1. Using Twitter I can login but I can’t logout. For some reason delete request is not being processed. I’m sure of integrating all code to app controller and user controller. Still working on it.

  2. And Facebook authentication happened up-to accepting app permissions. But soon after I accept it is showing me the error " :
    {“error”:{“message”:“Error validating client secret.”,“type”:“OAuthException”,“code”:1,“fbtrace_id”:“FNsnm7HwnE3”}}".
    Still digging on it.

  3. Google+ requires some thing other than basic IP addresses (192.168…) like http://localhost. So its not going to happen anytime soon. I have to map my rails server to no-ip free domain name.

  4. LinkedIn yet have to check. Anyways thank you for your support. I’m glad if you know solution to any of the above.

Yeah, I used ENV to hide my keys.

  1. If you use HTTP DELETE, then your link should be something like <%= link_to 'logout', '/logout', method: :delete %>. jquery_ujs adapter should be present on the page for this work, JS should be enabled in the browser.
  2. Have no idea what this means, maybe google can help :smile:
  3. Hrm, that’s interesting, I believe there should be away to test things our using private IP
  4. LinkedIn is the most painful I believe, so good luck :smile:

I have seen discussions pf problems with Facebook not sending an email address unless the account had permissions set to allow it.

Might that be the issue here?

No Mittineageue the problem was, while pasting I had left an inverted comma. So rails treated the app id as wrong. Now I can login with both FB and Twitter.

Hey bodrovis, are you sure the logout does work exactly as expected? Because these, people, have same problem. But I’m one step near to solving it. I changed the code to

`if current_user
   session.delete(:user_id) if session[:user_id]
   # flash[:success] = 'See you!'
   redirect_to root_url
 end`

by putting redirect_to root_url inside if condition. It showed missing template and I created destroy.html.erb. And I was actually logged out. But when I visit the root_path again (not by clicking back button), I was auto logged in. Whats happening?

I’ve pasted my code here.

Actually I’d love to see the full app to test it out :smile:

Hey Ilya! Nice tut as always. I read/watched all the tuts I could find (including yours, railscats, etc.), but I’m still confused a bit. Pls help me out here. I have a rails app with devise authentication. What I’d like to do is keeping the only devise authentication, but when a user is already signed in w/ devise he/she could connect his social media profiles (twitter, linkedin, angellist) to his basic app profile. Example pic from another app attached: 1. On profile edit page user can connect his/her social media profiles. 2. Once those are connected to the in-app profile the logo will appear on user’s show page, so when some other user clicks on his/her profile can go the given user’s linkedin/twitter page (on twitter/ on linkedin). 3. If there is no profile pic for the user in my app yet then it will be fetched from twitter and integrated.

My questions:

  • What kinda gems are necessary? I will use twitter gem and linkedin gem to make the code shorter, but do I need omniauth gems in this case?
  • What kinda api should I use here? I guess which one I need for updating the profile pic based on twitter (GET account/verify_credentials), but I don’t know what to use for redirecting the other users to the user’s twitter page.
  • I know I need to authenticate the user by twitter/linkedin to access their twitter/linkedin info, but in my case does it have to do anything w/ devise or can be totally separated? For instance I use :authenticate_user! in twitter’s controller so if a user is logged in to my app then can authorize his/her twitter. So do I need omniauth gem here?

Sry if my questions are not crsytal clear, I couldn’t create a mental picture yet how this will come together.

Good day!

  1. You don’t need any gems apart from omniauth-twitter, omniauth-linkedin and similar. OAuth providers always return a pretty nice hash of various info, including user’s name and avatar. Therefore, you can fetch it from there. Twitter gem is used to perform more advanced stuff like fetching friends, posting tweets on user’s behalf etc.
  2. No API is needed, since authentication hash returned by the OAuth provider has all the necessary data
  3. Devise does support other omniauth, but I am not really sure if it is needed here. On the first iteration I’d write everything myself.

Hopefully this helps.

Thanks Ilya! I will try it and will let you know the result!

Ilya, could you tell me, how I can avoid create a session here? All the tuts I found created a new session for twitter, but I guess I don’t have to create any. I have to do something with the callback though, but I am not sure what.

Could you contact me directly so that we discuss this issue? http://www.radiant-wind.com/ some channels are listed here.

Sure Ilya. I’ve just sent a mail.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.