Google oauth2与devise和omniauth处理失败 [英] Google oauth2 with devise and omniauth processed as failure

问题描述

我正在尝试配置一个新的rails4.2应用程序以对Google Oauth2进行身份验证。

I'm trying to configure a new rails4.2 app to authenticate against Google Oauth2.

我似乎正在顺利完成此过程，但正在被对待作为一个失败。

I seem to be successfully going through the process, but it's being treated as a failure.

最初的授权似乎很好，直到谷歌发送到回调。那么它似乎被错误地识别为失败。

The initial authorisations seems to go well until google sends to the callback. Then it seems to be incorrectly identified as a failure.

给出的错误消息是：
无法通过Google认证您，因为无效的凭证。

我已经搜索解决方案，但无济于事。

I've googled for a solution, but to no avail.

是否可以打开其他日志记录，以了解为什么选择通过故障方法进行处理？

Is it possible to turn on additional logging to understand why it's choosing to process via the failure method?

以下是请求的日志：

Started GET "/users/auth/google" for 127.0.0.1 at 2016-04-17 09:37:33 +0800
Started GET "/users/auth/google/callback?state=<<state>>&code=<<code>>" for 127.0.0.1 at 2016-04-17 09:37:45 +0800
Processing by Users::OmniauthCallbacksController#failure as HTML
  Parameters: {"state"=>"<<state>>", "code"=>"<<code>>"}
Redirected to http://test_app.dev/sign_in
Completed 302 Found in 1ms (ActiveRecord: 0.0ms)

当测试时，我点击允许谷歌提示我，网址看起来不错，所以为什么这是被处理好像失败了吗？

When testing, I clicked allow when google prompted me, and the url looks good, so why is this being processed as if it were a failure?

config / initializer / devise.rb

  config.omniauth :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ['GOOGLE_CLIENT_SECRET'],
         :strategy_class => OmniAuth::Strategies::GoogleOauth2,
         :name => 'google',
         :scope => 'email,profile,contacts',
         :access_type => 'offline',
         :image_aspect_ratio => 'square'

routes.rb

  devise_for :users, :controllers => { omniauth_callbacks: 'users/omniauth_callbacks' }
  resources :users

  devise_scope :user do
    get 'sign_in', :to => 'devise/sessions#new', :as => :new_user_session
    get 'sign_out', :to => 'devise/sessions#destroy', :as => :destroy_user_session
  end

controllers / users / omniauth_callbacks_controller.rb

class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
  def google
      logger.debug 'Omniauth callback called' # Never get's called
  end
end

application_controller.rb

class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception

  # Direct to user profile after sign in
  def after_sign_in_path_for(resource)
    user_path(current_user)
  end

  # Needed by Devise when using omniauth
  def new_session_path(scope)
    new_user_session_path
  end
end

我的宝石：

Using warden 1.2.6
Using devise 3.5.6
Using oauth2 1.0.0
Using omniauth 1.2.2
Using omniauth-oauth2 1.4.0
Using omniauth-google-oauth2 0.4.1

推荐答案

简短的答案是因为您的信用错误。你在第一个调用ENV，而不是你的配置哈希中的第二个参数。

The short answer is because your creds are wrong. You're calling ENV on the first but not on the second argument in your config hash.

更好的答案是使用更好的捕鼠器。

The better answer is.. use a better mousetrap.

有时使用ENV存储键可能是有问题的，您可能没有将密钥加载到您启动服务器的同一终端中，或者如果您正在生产中，则可能无法使用该密钥，请参阅ENV以了解密钥缺失。更容易使用秘密文件。没关系，rails提供了这个原因。

Sometimes using ENV for storing keys can be problematic, you might not have a key loaded in the same terminal that you launched your server in, or if you are in production you might not be able to use see the ENV to know that it's missing keys. It easier to use a secrets file. That's ok, rails provides it for just that reason.

config/secrets.yml

您可以以yml格式存储您想要的任何键。确保将文件添加到.gitignore，因为您绝对不想将某个文件与秘密密钥存储在某个位置。您将会手动将您的秘密文件复制到生产服务器。

You can store any key you want in there in yml format. MAKE SURE to add the file to your .gitignore because you absolutely don't want to store a file with secret keys in a repo somewhere. You'll ahve to manually copy your secrets file to your production server.

development:
  omniauth_provider_key: 13232423423242315
  omniauth_provider_secret: 2222222222228eff721a0322c
  domain_name: lvh.me
  secret_key_base: 6ec9ae65d4de59aa1a7ssxxsdifwn9392203905c53a264ffd8255a601d7417b1ed7d4cef67f359e373472f0160aeb9698fa69578a1497b5b99209afd0e

您还可以具有相同的结构生产 staging 或 test

You can also have the same structure for production staging or test

现在..一旦你完成了（创建文件并添加了你的密钥）现在你可以从初始化程序调用密钥

Now.. once you've done that (created the file and added your keys to it) now you can call the key from the initializer

  config.omniauth :google_oauth2, Rails.application.secrets.omniauth_provider_key, Rails.application.secrets.omniauth_provider_secret,
     :strategy_class => OmniAuth::Strategies::GoogleOauth2,
     :name => 'google',
     :scope => 'email,profile,contacts',
     :access_type => 'offline',
     :image_aspect_ratio => 'square'

这篇关于Google oauth2与devise和omniauth处理失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！