OmniAuth单点登录与设计，invalid_credentials [英] OmniAuth Single Sign On with Devise, invalid_credentials

问题描述

我有3个网络应用程序 - A，B和C应用程序包含一个用户数据库。如果访问应用程序B和附录C，我想用户被重定向到一个应用程序进行认证，然后将返回到他们试图访问任何应用。与此同时，他们应该被登录到所有的应用程序。除非有人有更好的解决方案，我已经与OmniAuth /设计组合解决方案在<一个描述href=\"http://blog.joshsoftware.com/2010/12/16/multiple-applications-with-devise-omniauth-and-single-sign-on/\"相对=nofollow>这个博客帖子。

I have 3 web apps - A, B and C. App A contains the user database. If accessing App B and App C, I would like the user to be redirected to App A to be authenticated, and then be returned back to whichever app they tried to access. At the same time, they should be logged in to all apps. Unless anyone has a better solution, I have gone with an OmniAuth/Devise combo solution as described in this blog post.

我已付出和更新，以赖斯3.1.2一个示例应用程序A和一个示例应用程序B / C。

I have forked and updated to Rais 3.1.2 a sample App A and a sample app B/C.

应用程序A - 供应商 - https://github.com/RobZolkos/sso-devise -omniauth提供商

App A - Provider - https://github.com/RobZolkos/sso-devise-omniauth-provider

应用B / C - 客户端 - https://github.com/RobZolkos/sso -devise-omniauth客户端

App B/C - Client - https://github.com/RobZolkos/sso-devise-omniauth-client

这些示例应用程序的工作，我得到重定向到供应商应用程序验证但它似乎并没有进行身份验证。我在这里连接日志。提供者似乎走走过场，但随后对日志的第26行，你可以看到，似乎是一个身份验证问题。

These sample apps work, and I am get redirected to the Provider App to authenticate however it doesn't seem to authenticate. I have attached the log here. The provider seems to go through the motions, but then on line 26 of the log you can see that there seems to be an authentication issue.

我失去了一些东西简单，使这些示例应用程序的工作？

Am I missing something simple to make these sample apps work?

推荐答案

我发现两个问题：

1. 由于0.2.1版本omniauth从的access_token 改变auth参数名称组oauth_token 而获取权限（POST /的OAuth /令牌请求）。


2. 由于版本0.3.0 omniauth已经改变了传递组oauth_token 在身份验证请求（GET /auth/josh_id/user.json）的方法。在此之前0.3.0令牌已经通过请求参数传递的oauth_token，但因为它0.3.0通过HTTP_AUTHORIZATION头成为过去了。

1. Since 0.2.1 version omniauth has changed auth parameter name from access_token to oauth_token while fetching access (POST /oauth/token request).
2. Since 0.3.0 version omniauth has changed method of passing oauth_token in auth request (GET /auth/josh_id/user.json). Prior 0.3.0 token have been passed through request parameter oauth_token, but since 0.3.0 it become passed through HTTP_AUTHORIZATION header.

我不知道如何很好地得到头（我认为它可以通过色器件可读取）的道理，所以我通过GET参数是这样发送的oauth_token（LIB中/ josh_id.rb）丑陋的黑客攻击客户端：

I don't know how to nicely get token from header (I think it can be fetched by devise), so I ugly hack client for sending oauth_token through GET parameter like this (in lib/josh_id.rb):

def raw_info
  @raw_info ||= access_token.get("/auth/josh_id/user.json?oauth_token=#{access_token.token}").parsed
end

您可以找到完全可行code在我们的github上回购：

You can find fully workable code in our github repos:

• https://github.com/openteam/sso-devise-omniauth-client


• https://github.com/openteam/sso-devise-omniauth-provider

• https://github.com/openteam/sso-devise-omniauth-client
• https://github.com/openteam/sso-devise-omniauth-provider

这篇关于OmniAuth单点登录与设计，invalid_credentials的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！