I'm working on a rails app that authenticates using Bungie OAuth using this gem. My configurations in initializers/devise.rb are as follows:
config.omniauth :bungie, ENV['CLIENT_ID'], ENV['CLIENT_SECRET'], ENV['X_API_KEY'], ENV['REDIRECT_URL'] Bungie's developer portal requires a redirect URL with HTTPS, so I've pushed my application to Heroku and used a redirect to force authentication back to localhost for testing. Using this method, everything works fine. However, when I push the app to production, the response back to my application from Bungie fails with OAuth2::Error, invalid_request: redirect_uri does not match application configuration. The redirect_url is the exact same thing in both my application's env variables and on Bungie's development portal.
Seeing as it's in production, I'm limited to the logs that I can see. I've tried tracking the requests in the network tab of the dev tools in my browser, but everything looks as it should.
I've tried working with the developer of the bungie-oauth2 gem, but we have not been able to come to a resolution (and his prod apps work fine with it).
Is there anything that might cause the redirect_url to differ once in Heroku?
As requested, here is my route for omniauth:
devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" } Output from rake routes:
users_sign_out GET /users/sign_out(.:format) devise/sessions#destroy new_user_session GET /users/sign_in(.:format) devise/sessions#new user_session POST /users/sign_in(.:format) devise/sessions#create destroy_user_session DELETE /users/sign_out(.:format) devise/sessions#destroy user_bungie_omniauth_authorize GET|POST /users/auth/bungie(.:format) users/omniauth_callbacks#passthru user_bungie_omniauth_callback GET|POST /users/auth/bungie/callback(.:format) users/omniauth_callbacks#bungie new_user_password GET /users/password/new(.:format) devise/passwords#new edit_user_password GET /users/password/edit(.:format) devise/passwords#edit user_password PATCH /users/password(.:format) devise/passwords#update PUT /users/password(.:format) devise/passwords#update POST /users/password(.:format) devise/passwords#create cancel_user_registration GET /users/cancel(.:format) devise/registrations#cancel new_user_registration GET /users/sign_up(.:format) devise/registrations#new edit_user_registration GET /users/edit(.:format) devise/registrations#edit user_registration PATCH /users(.:format) devise/registrations#update PUT /users(.:format) devise/registrations#update DELETE /users(.:format) devise/registrations#destroy POST /users(.:format) devise/registrations#create and my controller:
def bungie @user = User.from_omniauth(request.env["omniauth.auth"]) if @user.persisted? @user.remember_me = true sign_in_and_redirect @user, :event => :authentication else session["devise.bungie_data"] = request.env["omniauth.auth"] redirect_to root_path end end Full source can be found at https://github.com/destiny-aviato/destinder.
2 Answers
Answers 1
Encoding of redirect_uri param in your auth request to bungie jumps out:
https%25253A%25252F%25252Fdestinder.herokuapp.com%25252Fusers%25252Fauth%25252Fbungie%25252Fcallback To read it in plain, I had to decode it thrice. Normally params are encoded just once
URI.decode(URI.decode(URI.decode("https%25253A%25252F%25252Fdestinder.herokuapp.com%25252Fusers%25252Fauth%25252Fbungie%25252Fcallback"))) Not sure if this is what causing the issue. Can you check how many times request_uri gets encoded when you hit it from local. If it's less than 3, then during heroku deployment your request_uri gets encoded one extra time.
To get request_uri for local, logout from bungie, click on "Sign in with bungie" on your local. The url in browser would have request_uri.
Answers 2
replace redirect url of your Heroku application in credential
0 comments:
Post a Comment