omniauth_openid_connect icon indicating copy to clipboard operation
omniauth_openid_connect copied to clipboard
verified publisher icon omniauth

Sign In With Slack | nil request.env['omniauth.auth']

Open kwent opened this issue 4 years ago • 11 comments

Hi thank you for this library super helpful!

So i'm trying to setup sign in with slack per their doc: https://api.slack.com/authentication/sign-in-with-slack

  Rails.application.config.middleware.use OmniAuth::Strategies::OpenIDConnect, {
    name: :sign_in_slack,
    issuer: 'https://slack.com',
    discovery: true,
    scope: [:openid, :email, :profile],
    response_type: :code,
    client_options: {
      port: 443,
      scheme: "https",
      host: "slack.com",
      identifier: "redacted",
      secret: "redacted",
      redirect_uri: "#{ENV['BASE_URL']}/auth/slack/callback/sign_in",
    },
  }

But my callback controller is seeing request.env['omniauth.auth'] nil.

The callback_phase method is never called.

What am i doing wrong ?

Regards

kwent avatar Sep 03 '21 16:09 kwent

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Nov 04 '21 01:11 stale[bot]

Not stale. Still waiting for an answer :)

kwent avatar Nov 04 '21 02:11 kwent

I am not sure but, try removing the redirect_uri param and let the gem generate one automatically . maybe the endpoint that should trigger the callback_phase is not being called because of that.

formigarafa avatar Nov 12 '21 02:11 formigarafa

@kwent did this resolve your problem?

formigarafa avatar Dec 06 '21 00:12 formigarafa

Don't have capacity to try this again right now but i'll let you know when i do

kwent avatar Dec 07 '21 21:12 kwent

Your redirect uri needs to be /auth/name_of_provider/callback

So #{ENV['BASE_URL']}/auth/sign_in_slack/callback

danjay avatar Jan 25 '22 11:01 danjay

Is this a requirement ? We have this in our routes.rb so shouldn't matter

get "/auth/slack/callback/sign_in" => "omniauth_callbacks#sign_in_slack"

kwent avatar Jun 23 '23 12:06 kwent

I had the same issue and apparently it is a requirement:

When I had my redirect URL set to just /auth/slack/callback, I also got request.env['omniauth.auth'] nil. But changing it to /auth/slack/callback (where name: :slack in the OmniAuth::Builder config) I get a CSRF error from the callback phase (which is at least progress).

dgmstuart avatar Oct 17 '23 19:10 dgmstuart

(Ok for reference, my CSRF issue was dumb: I have ngrok pointing at localhost:3000, but I was starting the authorization from localhost:3000, so the "omniauth.state" cookie (which is used for CSRF protection) was set on localhost and so wasn't available in the callback phase, since that used the ngrok url)

dgmstuart avatar Oct 17 '23 19:10 dgmstuart

I am not sure but, try removing the redirect_uri param and let the gem generate one automatically

This didn't work for me: this gem doesn't seem to try to construct a redirect_uri? I had a look at the dependent gems as well and they don't seem to either.

Here's the result from Slack of passing it as nil:

Screenshot 2023-10-17 at 23 45 44

dgmstuart avatar Oct 17 '23 22:10 dgmstuart

I eventually got this working by overwriting the redirect_url method to match what Slack wanted: https://github.com/sunchaserio/omniauth-sign-in-with-slack/blob/main/lib/omniauth/strategies/slack.rb

indirect avatar Mar 15 '24 02:03 indirect