omniauth
using a post callback route as shown in the readme doesn't work
The Readme gives the example of how to configure your rails app by adding
post '/auth/:provider/callback', to: 'sessions#create'
But this is the route that is called back to after you've been authenticated with the provider. This will be a GET method from Google (and I assume most others).
Configuration
- Provider Gem:
omniauth-2.0.1 - Ruby Version:
2.6.6 - Framework:
rails - Platform:
macOS
Expected Behavior
When following the documentation in the README on how to configure your routes.rb, omniauth should work as expected.
Actual Behavior
Auth requests fail with No route matches [GET] "/auth/google_oauth2/callback"
Steps to Reproduce
Configure a new rails app with omniauth, omniauth-rails_csrf_protection, and omniauth-google-oauth2
add the following route: post '/auth/:provider/callback', to: 'sessions#create
attempt to auth via Google
Yes, this was a previously working provider. Google doesn't offer any option (that I can see) to set the method that should be used during callback in the redirect_uri. There is also nothing specified in their documentation.
If your provider issues a GET callback, then use the GET callback route. get '/auth/:provider/callback', to: 'sessions#create
The POST changes in OmniAuth 2.0 are for the request phase, and should not affect the callback phase.
Are there providers that have a POST callback? Google certainly doesn’t and unless Facebook has recently changed, that is a GET as well. My suggestion is that the readme should be updated to reflect the most common use cases.
Either that, or try this: match '/auth/:provider/callback', :to => 'sessions#create', :via => [:get, :post]
Worth noting as well that mock callback requests, as generated in integration tests when running in test mode, also use GET with no obvious way of changing to POST, so such tests fail when specifying a POST-only callback route. Is there a way to get POST callbacks in test mode?
I have a kinda stupid question on this topic. Where do I see which route is available?
There are several options to see what routes are available for a rails application. But in summary
- visit http://localhost:3000/rails/info/routes
- execute
bin/rails routeson the terminal in your project's root directory
Maybe I should have asked in a more descriptive way. rails routes shows me routes, but does not show me the routes for omniauth. When I plugin in omniauth-steam I am able to POST to /auth/steam but this route is not show when I am using rails route.
And the question is, how do I get the list of available routes?
Got it, hopefully this explains it a bit better
See the Integrating omniauth into your application. The route you're adding to your routes.rb is
post '/auth/:provider/callback', to: 'sessions#create'
In this case the :provider is a dynamic segment that makes whatever appears after the /auth/ and before the /callback available as a parameter to omniauth. Omniauth uses this parameter to lookup the provider you're trying to auth with.
This typically appears in an initializer with a line like
provider :steam, "app-id", "secret"
but you can customize it by adding an additional entry to the hash like
provider :steam, "app-id", "secret" , name: gamer
Which would then create an auth route for auth/gamer/callback. This comes in handy when you want to use the same provider in multiple ways.
Hey! Just an FYI, I don't think that commit actually changed the nature of the problem or changed the docs in a way that's necessarily indicative of what the problem is or how to handle it properly. The commit moved the docs around a bit but the docs still say "just add a post route", essentially. It's certainly true that providers may use a GET or a POST or some other thing, but explaining what actually happens there and that both routes could be valid (that they're just a reflection of the provider you're integrating with) and that it's not a bug or issue, may help. Thank you for this issue!
