7

I am getting (twitter) Authentication failure! invalid_credentials: OAuth::Unauthorized, 401 Unauthorized error after successfully loin to twitter and page is redirected to sign in page

Here is the application configuration

routes.rb

devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }

devise.rb

config.omniauth :twitter, "KEY", "SECRET"

omniauth_callbacks_controller.rb

class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController  
  def twitter
    auth = env["omniauth.auth"]
    Rails.logger.info("auth is **************** #{auth.to_yaml}")
    @user = user = User.find_by_provider_and_uid(auth["provider"], auth["uid"]) || User.new
    if @user.persisted?
      flash[:notice] = I18n.t "devise.omniauth_callbacks.success"
      sign_in_and_redirect @user, :event => :authentication
    else
      session["devise.twitter_uid"] = auth["uid"]
      redirect_to new_user_registration_url
    end
  end
end

user.rb

class User < ActiveRecord::Base
  # Include default devise modules. Others available are:
  # :token_authenticatable, :confirmable,
  # :lockable, :timeoutable and :omniauthable
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable, :omniauthable

  # Setup accessible (or protected) attributes for your model
  attr_accessible :email, :password, :password_confirmation, :remember_me, :provider, :uid
  # attr_accessible :title, :body
end

index.html.erb

<h3>Home</h3>

<%if user_signed_in? %>
  <div><%="Welcome #{current_user.email}"%></div>

<div><%=link_to "Logout", destroy_user_session_path, method: :delete%></div>

<%else%>
<div><%=link_to "Sign in twitter", user_omniauth_authorize_path(:twitter)%></div>
<%end%>

Console log

Started GET "/users/auth/twitter" for 127.0.0.1 at 2012-07-09 18:58:16 +0530
(twitter) Callback phase initiated.
(twitter) Callback phase initiated.
(twitter) Authentication failure! invalid_credentials: OAuth::Unauthorized, 401 Unauthorized

Started GET "/users/auth/twitter/callback?oauth_token=rLCEqgAWPtoIzce475sacKwoqU5baEdz0JnmldXE&oauth_verifier=xYPoz2LZGHQlmz4akoVGkarPtZTebCOmeWzPUqLcPA" for 127.0.0.1 at 2012-07-09 18:58:48 +0530
Processing by Users::OmniauthCallbacksController#failure as HTML
  Parameters: {"oauth_token"=>"rLCEqgAWPtoIzce475sacKwoqU5baEdz0JnmldXE", "oauth_verifier"=>"xYPoz2LZGHQlmz4akoVGkarPtZTebCOmeWzPUqLcPA"}
Redirected to http://localhost:3000/users/sign_in

Callback URL in dev.twitter.com Earlier it was http://127.0.0.1:3000. From Devise, Omniauth and Twitter I changed it to http://127.0.0.1:3000/auth/twitter/callback but still getting error

Would anyone please help here to rectify the issue?

Thanks, Amit Patel

Community
  • 1
  • 1
Amit Patel
  • 15,609
  • 18
  • 68
  • 106
  • Do you have the correct key & secret in `devise.rb`? – Dean Brundage Jul 09 '12 at 13:47
  • Yes. I have configured it properly. Today I identified the issue. I have also configured rake as suggested in below answer. I simply removed omniauth.rb and restarted server and it started working. – Amit Patel Jul 10 '12 at 05:00

2 Answers2

22

I found the issue. I have configured providers in both devise.rb and omniauth.rb. I simply removed omniauth.rb and it started working.

Amit Patel
  • 15,609
  • 18
  • 68
  • 106
  • 3
    Wow how am a mortal supposed to know that? There should be a new Olympics sport, xtreme debugging. – Victor Pudeyev Jul 19 '12 at 02:57
  • Wow; interesting bug, if it is? Why is this so? Why is there a complication if you have both `devise.rb` and `omniauth.rb` config files? – Con Antonakos Jun 12 '13 at 15:33
  • Wow! Thanks for your auto-response :D – Pablo Torrecilla Apr 03 '14 at 09:16
  • devise documentation says you should not have omniauth credentials. it basically replaces it. Devise is designed to work with omniauth, so the call `config.omniauth :twitter, ENV["TWITTER_CONSUMER_KEY"], ENV["TWITTER_CONSUMER_SECRET"]` in the `devise.rb` file is designed to mimic calling the equivalent from omniauth.rb – ahnbizcad Sep 26 '14 at 07:11
2

Try putting your twitter KEY code in an omniauth.rb file in your initilizers folder. Like this:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :twitter, 'KEY', 'SECRET'
end

per: https://github.com/intridea/omniauth The authentication with twitter, after all, comes through omniauth, not devise.

Good Luck! @thatdankent

thatdankent
  • 950
  • 8
  • 15
  • thanks @thatdanketnt. I figured out issue. I have also configured omniauth rake middleware as just like you suggested. I simply removed omniauth.rb and it worked form me. – Amit Patel Jul 10 '12 at 05:06