6

Can anyone help me get to the bottom of this problem?

I'm using Devise + Omniauth in a Rails 3.2 app. What I want to know is, what's happening behind the scenes with Devise's user_omniauth_authorize_path(provider) method.

I've had a dig through rake routes and the gem's source, but I can't see anything obvious that would cause the issue I'm having.

I assume this method simply calls the provider's signin url (e.g. Twitter) and then returns to the callback path defined in routes.rb.

In my routes.rb I have 

devise_for :users, :controllers => { :omniauth_callbacks => 'users/omniauth_callbacks'}

devise_scope :user do
    get '/users/auth/:provider' => 'users/omniauth_callbacks#passthru'
end

In users/omniauth_callbacks_controller.rb I have

def twitter
    render :text => "This works" 
end

def passthru
    render :text => "This doesn't work"
end

In a view I have <%= link_to "Twitter", user_omniauth_authorize_path(:twitter) %>. Clicking this link goes to Twitter where I can log in, but upon return to my app I get an error "You are already signed in".

I can't work out how or why this error is being generated. I should only be seeing "This works" or "This doesn't work".

I also have a Facebook provider set up in exactly the same way, and this works as expected.

If I replace Devise's omniauth link with <a href="/users/auth/twitter">Twitter</a> then I get "This works".

So this solves my issue, but its not ideal and I'd like to know why.

Can anyone shed any light?

EDIT

Rake routes looks like this:

user_omniauth_callback        /users/auth/:action/callback(.:format)                       users/omniauth_callbacks#(?-mix:twitter|facebook)
Andy Harvey
  • 12,333
  • 17
  • 93
  • 185

1 Answers1

1

Well, it is working for me, so it is definitely something on your end. First of all, have you compared in the console the GET calls /users/auth/twitter and /users/auth/twitter?callback obtained by the 2 different methods? They should look exactly the same (except for the token and the verifier, of course).

Now, I'm not sure if this is related, but with devise you don't use a passthru route, so you can remove that route. Instead, in your callbacks controller, you should implement an action called failure that handles a bad request. See here for devise's implementation.

I'm grasping at straws here, but you should also have this at the end of your callbacks controller:

# This is necessary since Rails 3.0.4
# See https://github.com/intridea/omniauth/issues/185
# and http://www.arailsdemo.com/posts/44
protected
def handle_unverified_request
  true
end
Ashitaka
  • 19,028
  • 6
  • 54
  • 69
  • hi askitaka, thanks for these suggestions. I'm using `passthru` based on recommendations https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview and http://stackoverflow.com/questions/5531263/omniauth-doesnt-work-with-route-globbing-in-rails3 wrt route globbing. Is this no longer advisable? Anyways, you've given me some new things to think about. Thanks! I will try this out and report back. – Andy Harvey May 05 '12 at 06:38
  • hi ashitaka, could you explain what you mean by comparing the GET calls. I've run `app.get '/users/auth/twitter'` in the console. Both calls return `302`, which is to be expected. Is there a way to examine these calls in more details? Or to follow the 302 redirect? – Andy Harvey May 05 '12 at 06:54
  • Doh! Having thought about this a little more, you are correct. It was the passthru function. I'm using passthru because I have a catch all in routes.rb. While working on something else, I'd edited this function to render text as per my question. But the purpose of this controller is to return a 404 on omniauth requests. Without the passthru function, omniauth simply doesn't work. Feel a bit stupid now :) Thanks for pointing this out ashitaka! – Andy Harvey May 05 '12 at 07:05
  • What I meant when I told you to compare the GET calls, was to click on the link with ` – Ashitaka May 05 '12 at 12:39
  • oh ok, in the logs. Thanks for the clarification. And thanks once again for finding the problem! – Andy Harvey May 05 '12 at 12:41