I have a tricky scenario here and I cannot find the solution by myself yet. This is perfectly working in production (no ngrok).
Here is the setup.
- Rails API (6.1.6)
- 2 engines mounted via subdomain
- Main API -
MainAPI
-> api.lvh.me:3003 - Temp front for users
TempFront
(will be removed in a couple of months). -> temp.lvh.me:3003
- Main API -
On the TempFront
, I've setup what's missing on a Rails API to be able to have a front available. Everything works fine except omniauth redirection. I've tracked down the error until WardenManager#call
After redirection, session is not stored. I've obviously skip the protect_from_forgery
on callback method based on FAQ but it is still not working.
Flash are not shared as well. I thought it might be linked to the same issue. I'm pretty sure it is coming from my custom configuration somewhere but I cannot find exactly where.
Locally I'm using ngrok to have the callback. Url is api.ngrok.my-domain.com
(which does not match *.lvh.me
but direct to the correct engine MainAPI
).
After manual sign_in(@user, event: :authentication)
, there is a correct session key warden.user.v1_user.key
with value [user_id]. This is the correct behaviour. This same key disappears after the redirect.
Here is the initializer I've set on temp_front/lib/temp_front/engine.rb
require 'webpacker'
module TempFront
##
# Engine initializers
class Engine < ::Rails::Engine
isolate_namespace TempFront
initializer 'webpacker.proxy' do |app|
insert_middleware =
begin
TempFront.webpacker.config.dev_server.present?
rescue StandardError
nil
end
next unless insert_middleware
app.middleware.insert_before(
0, Rails::VERSION::MAJOR >= 5 ?
Webpacker::DevServerProxy : 'Webpacker::DevServerProxy',
ssl_verify_none: true,
webpacker: TempFront.webpacker
)
end
initializer 'use action cookies and dispatch flash' do |app|
app.config.session_store :cookie_store, { key: '_my_app', domain: :all }
app.config.middleware.insert_before(Warden::Manager, ActionDispatch::Cookies)
app.config.middleware.insert_after(ActionDispatch::Cookies, ActionDispatch::Session::CookieStore,
opts)
app.config.middleware.insert_after(ActionDispatch::Session::CookieStore, ActionDispatch::Flash)
# https://guides.rubyonrails.org/configuring.html#configuring-middleware
# Rack::MethodOverride allows the method to be overridden
# if params[:_method] is set.
# This is the middleware which supports
# the PATCH, PUT, and DELETE HTTP method types.
app.config.middleware.use Rack::MethodOverride
end
end
end
Here is my callback controller:
module MainAPI
class OmniauthCallbacksController < Devise::OmniauthCallbacksController
before_action :some_callbacks_to_handle_data
def facebook
sign_in @user, event: :authentication
flash[:notice] = 'You have done it!'
redirect_to mod_temp_front_engine.profile_url(subdomain: 'temp')
end
end
end
Does anybody have another idea to fix that?