0

I'm having difficult implementing the full flow for Omniauth Google and Rails API. I've got the "authorization code" from my front end app from Google and have sent it to the callback URL for omniauth on the backend API server.

That process completes and I get a successful response with access / refresh tokens from Google.

However, when I then do a subsequent request I get an unauthorized response after "authenticate_user!". If I override and debug session / request in this method before "super" it says "#<ActionDispatch::Request::Session:0x197a8 not yet loaded>"

I'm pretty sure the problem is that I'm not passing the access tokens / refresh tokens or whatever omniauth /devise requires to authenticate the user properly, but I can't find any docs whatsoever indicating what format this should be in for the request to be successful. I'm also slightly confused about the flow inside Rails - when the subsequent request comes in with an access token does Omniauth again call Google to verify or does it happen internally?

Any help would be much appreciated, I don't have any more links on Google that haven't been read :( At this point I might just switch to another language haha.

gem "rails", "~> 7.0.4"
gem "devise", "~> 4.8"
gem "omniauth-google-oauth2", "~> 1.1"
jasonwaiting
  • 33
  • 1
  • 3
  • Please show your controller / model code for handling the tokens. – Chiperific Nov 25 '22 at 19:37
  • You need the key and the secret from your Google developer console [as directed](https://github.com/zquestz/omniauth-google-oauth2) and then you need to setup your OmniAuth with those [creds and the scopes you need](https://github.com/zquestz/omniauth-google-oauth2/blob/master/examples/omni_auth.rb) – Chiperific Nov 25 '22 at 19:40
  • Use the [Oauth playground](https://developers.google.com/oauthplayground/) to test out / learn about how to use your creds. – Chiperific Nov 25 '22 at 19:45

0 Answers0