OmniAuth using google oauth 2 strategy scope failure

Question

I'm working on getting calendar data from google using OmniAuth and the google-oauth-2 strategy.

If I put nothing into the scope field it works fine and I get the default info without the auth/failure message and I can use the app normally.

However the moment I add a scope, as in the example below, I get an "auth/failure?message=invalid_credentials".

Rails.application.config.middleware.use OmniAuth::Builder do
    provider :google_oauth2, ENV['TEST_KEY'], ENV['TEST_SECRET'], { :scope => 'https://www.google.com/calendar/feeds/' }
end

Is there something I'm missing or something I should change?

Omniauth is just for authentication. How do you get Calendar data after you get authentication tokens? — Sharjeel, Mar 20 '12 at 08:30

score 23 · Accepted Answer · edited Dec 19 '11 at 23:31

23

A quick e-mail from the google-oauth-2 strategy author pointed out the following:

If you don't include the profile scopes, it fails to authenticate.

By adding userinfo.email and userinfo.profile (along with the calendar scope) to the comma separated :scope list I was able to fix the problem.

Example:

Rails.application.config.middleware.use OmniAuth::Builder do
    provider :google_oauth2, ENV['TEST_KEY'], ENV['TEST_SECRET'], 
           { :scope => 'userinfo.email, userinfo.profile, https://www.googleapis.com/auth/calendar' }
end

edited Dec 19 '11 at 23:31

James Allman

40,573
11
57
70

answered Dec 19 '11 at 23:07

y4ku

513
4
9

Odd, I keep getting this error: `Some requested scopes were invalid. {valid=[https://www.googleapis.com/auth/calendar, https://www.googleapis.com/auth/userinfo.email], invalid=[https://www.googleapis.com/auth/]}` Did you run into it? – sent-hil Dec 20 '11 at 20:47
Can you paste your :scope field? – y4ku Dec 27 '11 at 21:10
7

Ugh. Finally got this working as well, except I still used commas but no spaces after the commas. If you take a look at the source (https://github.com/zquestz/omniauth-google-oauth2/blob/master/lib/omniauth/strategies/google_oauth2.rb#L22), it splits the string by commas. Sample that worked: `provider :google_oauth2, google_key, google_secret, {scope: "https://www.googleapis.com/auth/userinfo.email,https://www.googleapis.com/auth/userinfo.profile,https://www.googleapis.com/auth/analytics.readonly", access_type: 'offline', approval_prompt: ''} ` – fholgado Jun 08 '12 at 20:07
1

you sure are a GENIUS It might be nice to add this for devise people ;) config.omniauth :google_oauth2, GOOGLE_KEY, GOOGLE_SECRET, :name => 'google', :scope => 'userinfo.email,userinfo.profile,calendar,calendar.readonly' – Mike Silvis Jun 21 '12 at 21:13
Hopefully the [readme will be updated](https://github.com/zquestz/omniauth-google-oauth2/issues/42) – davetapley Jan 27 '13 at 03:06
@fholgado thank you sir, that is some spot. They really need to fix their docs. – Niall Paterson Apr 15 '13 at 22:11

score 11 · Answer 2 · answered Dec 28 '11 at 17:17

11

Funny, this didn't work for me. I was able to make it work, removing the comma from the scope:

Rails.application.config.middleware.use OmniAuth::Builder do
    provider :google_oauth2, ENV['TEST_KEY'], ENV['TEST_SECRET'], 
    { :scope => 'https://www.googleapis.com/auth/docs https://www.googleapis.com/auth/userinfo.profile' }
end

answered Dec 28 '11 at 17:17

Andre Goncalves

3,840
2
21
15

This is what worked for me as well. Remove commas and use full urls. Thanks. – rmw Jan 13 '12 at 20:37

OmniAuth using google oauth 2 strategy scope failure

2 Answers2