Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

I get the response that I need but its considered as authentication Failure #159

Open
laptopmutia opened this issue Jul 21, 2022 · 7 comments
Open

I get the response that I need but its considered as authentication Failure #159

laptopmutia opened this issue Jul 21, 2022 · 7 comments

Comments

@laptopmutia
Copy link

laptopmutia commented Jul 21, 2022
edited
Loading

here are my code is it because the server returning a JSON? because the token request is just work ok when I manually request it with CURL or postman/insomnia with Content-Type and Accept application/json

require 'omniauth-oauth2'

module OmniAuth
  module Strategies
    class Ocan < OmniAuth::Strategies::OAuth2
      option :name, "ocan

      option :client_options, {
        :site => "https://account.autogaming.web/",
        :authorize_url => "https://account.autogaming.web/auth",
        :token_url => "https://account.autogaming.web/api/v1/tokens"
      }
      
      option :token_params, {
        client_id: "my-client-id",
        client_secret: "my-secret",
        grant_type: "authorization_code"
      }
      
    end
  end 
end

here are my heroku logs

right after this line Authentication failure! invalid_credentials: OAuth2::Error is all the data that I need to get user info

at=info method=POST path="/users/auth/ocan" host=soripto.herokuapp.com request_id=ec586e52-66a2-4461-a2e6-afbce9276d0f fwd="180.242.165.119" dyno=web.1 connect=8ms service=9ms status=302 bytes=1390 protocol=https
2022-07-21T17:51:26.847218+00:00 app[web.1]: I, [2022-07-21T17:51:26.847128 #4]  INFO -- : [ec586e52-66a2-4461-a2e6-afbce9276d0f] Started POST "/users/auth/ocan" for 180.242.165.119 at 2022-07-21 17:51:26 +0000
2022-07-21T17:51:26.847516+00:00 app[web.1]: D, [2022-07-21T17:51:26.847485 #4] DEBUG -- omniauth: (ocan) Request phase initiated.
2022-07-21T17:51:27.642260+00:00 app[web.1]: I, [2022-07-21T17:51:27.642157 #4]  INFO -- : [78c93fe3-4be6-45fa-adc3-22dc4933f6e7] Started GET "/users/auth/ocan/callback?code=def50200045d660f2350f370d73dc1e1e436344aef88cd48cfa3d9709ecabc47a6da37b9c2d741a562122ac1e4a7a6f8e2bdf8b9d2797a07eb4641fcffdb2993aff47d0752c56f2784fce49de584eb0f2d03030601bfacff215f3372b3181fd346ba723997fbd7f7588c4dd883f3b36588aac747287e527badca42dad7554b90bc13ddcf9900dfad213933d0f2ccfa87e8636d3416ea37ca72a41f9be6c6088c15092c4a77c4f5041558e28b&state=71a1561a9fb9ae836a4225c26b6cf5392aad80334b6e66b3" for 180.242.165.119 at 2022-07-21 17:51:27 +0000
2022-07-21T17:51:27.642545+00:00 app[web.1]: D, [2022-07-21T17:51:27.642506 #4] DEBUG -- omniauth: (ocan) Callback phase initiated.
2022-07-21T17:51:29.440139+00:00 heroku[router]: at=info method=GET path="/users/auth/ocan/callback?code=def50200045d660f2350f370d73dc1e1e436344aef88cd48cfa3d9709ecabc47a6da37b9c2d741a562122ac1e4a7a6f8e2bdf8b9d2797a07eb4641fcffdb2993aff47d0752c56f2784fce49de584eb0f2d03030601bfacff215f3372b3181fd346ba723997fbd7f7588c4dd883f3b36588aac747287e527badca42dad7554b90bc13ddcf9900dfad213933d0f2ccfa87e8636d3416ea37ca72a41f9be6c6088c15092c4a77c4f5041558e28b&state=71a1561a9fb9ae836a4225c26b6cf5392aad80334b6e66b3" host=soripto.herokuapp.com request_id=78c93fe3-4be6-45fa-adc3-22dc4933f6e7 fwd="180.242.165.119" dyno=web.1 connect=0ms service=1798ms status=302 bytes=1220 protocol=https
2022-07-21T17:51:29.436121+00:00 app[web.1]: E, [2022-07-21T17:51:29.436040 #4] ERROR -- omniauth: (ocan) Authentication failure! invalid_credentials: OAuth2::Error, #<OAuth2::SnakyHash data=#<OAuth2::SnakyHash access_token="eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJjbGllbnQiOiIyYTNhNzU0Mi05OTY2LTQ5ZDctYTljOC0wOGNmYmJiNzZlMzkiLCJ1c2VyIjoiODk4MjY4OGYtNjY3YS00NjBiLWI3ZDAtMmNjZmMzMTQzMTYyIiwidHRsIjoyMTYwMCwic3ViIjoiZmUwMzNmOWItNjc2ZS00MzNhLWJkOWYtNTFhM2VkMmM0MzE0IiwiYXVkIjoiMmEzYTc1NDItOTk2Ni00OWQ3LWE5YzgtMDhjZmJiYjc2ZTM5IiwiZmluZ2VycHJpbnQiOiI4MTY0YzU5MTM4ZDllNmRkODU0MDQ1NGIzYWRhYmMxNDdmZTRjYTNiIn0.Q3q3dgQkHanzDzsaIobgzSeZFtks-uhVXOSe7LuGsejrcL4YTbWHSQRn439qCdT-jv5IF4r3-cTEr7DX1MWQPwCA4-pWgJf8DPMdF54HgE3VkX_x3Kd_vVfrZXjFuo7YJTi8dIC8sIxwWLKq7mPd8_FFJdR2nDyfT7qpWKITL1Y-1GdU35lOjf9ajHDpxXkel5rtB1R5TMuxIA4qtm41mlh8_Ohx0OMdbIJdbcIv4oxO6bqCX4CzfqEM2Sp-PJm5khLkAbeVoPK-1Dxq-3trv4YgdCY63DWyvBUb2zaN7-ol2rvFooyTDcamDfe0j8JB2CevZeRDCrun8_36OB3r1-CN-eh-d_efOt6YmMqNJOCEX8OfA9Nw9M12RTKQgMEHjKR3gfqpMF419Y_7D39OFa8_eWpnkwt_1q02MjTT05ts1cDy6Kv5wdiODsHfo81GXZut422_agUFOd48TTpSbise8cpC7zHNpUJIixZ88vlLzdALgHqv9cOexc409axuWKeld518lg4WFoKgPz0WzxlmTT0AZlRJQ8Zf3W6m45sJ8SsJrChHwh59YN-iy4-V_p-RmlPlzRZmtviJySzpPjenyqy3oKy5_WJ0M4AkZnOjDaNoQ6_40RwWg3gWjv7lFJK4bmY2ZGvPyzJ4B5G5QNpVX8ENUOa4cj89-bCZVVA" expires_in=21600 refresh_token="eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJjbGllbnQiOiIyYTNhNzU0Mi05OTY2LTQ5ZDctYTljOC0wOGNmYmJiNzZlMzkiLCJ1c2VyIjoiODk4MjY4OGYtNjY3YS00NjBiLWI3ZDAtMmNjZmMzMTQzMTYyIiwidHRsIjoyNTkyMDAwLCJzdWIiOiI3MjZlMjgxMS02MzA0LTQyZTgtOTFiMi03MTk3ZTk1ZGY1MzciLCJhdWQiOiIyYTNhNzU0Mi05OTY2LTQ5ZDctYTljOC0wOGNmYmJiNzZlMzkiLCJmaW5nZXJwcmludCI6IjgxNjRjNTkxMzhkOWU2ZGQ4NTQwNDU0YjNhZGFiYzE0N2ZlNGNhM2IifQ.V0wMudCv2MbB7SxkrsJQi8u05zvHeEsKjJCYzneB0kLf9S4di-jdFY-JMaT8lYM6BXrXPjTBSSlHP6aP7gKc-1UcpPv89y7KAdDzrUSmGQ4AxWU2av4GVQze7dLm0dgzgJysu3H_Yb04VyCMbZUWg0rjgcFvctFLeLhCPCLJQmHk9bAeiRBU1RCqhv5rfyRzEEafvAwHBGck3RlnQmd3DxzkyrWEIX3sLuaZChx9506iMw7-pzE_m3D8_aEhw3hZ-nOu_gH4ODjbY0HkveXtfMu0QYRtT2NVaKWOdA3XjLHIAXbHqOLvQIghoHD4ZpSm3uD7j36WrhY6oVeCXaf-nn7Ji3TvmZAAwAkbbnD4WVIpPkKpE-cB7JvvcR9imcLeHo7Gzv9wbFSesDeNo0uwZjNWk_Qdo-t19zgL9qEdGqe7GjVHSp1VCyO0LNN0FXTm074I7ZVJhQr9Yjl35Q_-gGV96EjGOC_-CrlvPc1c7fBZAVmQyMfKFw8TfD7Aekgdp9YFNqa-x8YLN99bzkjoWuRoCEAyPwQMslKGAKY1AiRRctpFV7cj_FLxCDiQo93ArsVrO8UGIR3fP4g1ZWlVJRq1gRNGOaMZUFznbX0hmeGcysp_QZu-V_jYoJcQ_7FkCNC15p6oUWoTGUUaX7w71O3Qj0OaQWySqrz3KmgReao" scopes="basic email" token_type="Bearer"> meta=#<OAuth2::SnakyHash client_ip="3.85.167.58" hostname="ocan-api-f9b689698-gdfb2" version="1">>
2022-07-21T17:51:29.436823+00:00 app[web.1]: I, [2022-07-21T17:51:29.436773 #4]  INFO -- : [78c93fe3-4be6-45fa-adc3-22dc4933f6e7] Processing by OmniauthCallbacksController#failure as HTML
2022-07-21T17:51:29.436874+00:00 app[web.1]: I, [2022-07-21T17:51:29.436850 #4]  INFO -- : [78c93fe3-4be6-45fa-adc3-22dc4933f6e7]   Parameters: {"code"=>"def50200045d660f2350f370d73dc1e1e436344aef88cd48cfa3d9709ecabc47a6da37b9c2d741a562122ac1e4a7a6f8e2bdf8b9d2797a07eb4641fcffdb2993aff47d0752c56f2784fce49de584eb0f2d03030601bfacff215f3372b3181fd346ba723997fbd7f7588c4dd883f3b36588aac747287e527badca42dad7554b90bc13ddcf9900dfad213933d0f2ccfa87e8636d3416ea37ca72a41f9be6c6088c15092c4a77c4f5041558e28b", "state"=>"71a1561a9fb9ae836a4225c26b6cf5392aad80334b6e66b3"}
2022-07-21T17:51:29.437906+00:00 app[web.1]: I, [2022-07-21T17:51:29.437867 #4]  INFO -- : [78c93fe3-4be6-45fa-adc3-22dc4933f6e7] Redirected to https://soripto.herokuapp.com/users/sign_in
2022-07-21T17:51:29.438031+00:00 app[web.1]: I, [2022-07-21T17:51:29.438007 #4]  INFO -- : [78c93fe3-4be6-45fa-adc3-22dc4933f6e7] Completed 302 Found in 1ms (ActiveRecord: 0.0ms | Allocations: 544)
2022-07-21T17:51:29.721960+00:00 heroku[router]: at=info method=GET path="/users/sign_in" host=soripto.herokuapp.com request_id=8011c6a7-8342-461b-aa31-76b1aca8a268 fwd="180.242.165.119" dyno=web.1 connect=0ms service=8ms status=200 bytes=5439 protocol=https
2022-07-21T17:51:29.714271+00:00 app[web.1]: I, [2022-07-21T17:51:29.714210 #4]  INFO -- : [8011c6a7-8342-461b-aa31-76b1aca8a268] Started GET "/users/sign_in" for 180.242.165.119 at 2022-07-21 17:51:29 +0000

in insomnia/postman the response are like this, is this because the response wrapped in data?

{
	"data": {
		"token_type": "Bearer",
		"expires_in": 21600,
		"scopes": "basic email",
		"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJjbGllbnQiOiIyYTNhNzU0Mi05OTY2LTQ5ZDctYTljOC0wOGNmYmJiNzZlMzkiLCJ1c2VyIjoiNDEwNmE4NWEtZmUyZS00OTQ2LTlmMWYtZjIwMTIxZDFkYTZiIiwidHRsIjoyMTYwMCwic3ViIjoiMmZjYWY5YWEtYjcwNS00ODY5LWExN2QtZTNhYWNmNTgwZjU3IiwiYXVkIjoiMmEzYTc1NDItOTk2Ni00OWQ3LWE5YzgtMDhjZmJiYjc2ZTM5IiwiZmluZ2VycHJpbnQiOiJhZmViMDMyYmIzNTg4NDNiMzVjZjgzOTRjMGU2NTE4MDdkMTg3NjQxIn0.G73Uza18ywtcR4DwOc6GuH10de2j6QdXnTNwTAcHNXTTduYHMgDcn7PBnPCBD8T8N-iogpvUEnwQH8bm3F5gq2cRhFYAK34ti2YRTF1VICt0W4hAra3tv9InsD9riGJ58FkcDJf_QanL3HhAYfo5gfDVeHzrNzaj0WOXl_dEFQT37Ce-lYkQ3BnFVpCJTDakM_F1aJ3Rs8XOT33FGrEtUUC06KxYwPb3G_W8qBsd3EA0sXH5aJhdl_2rI1Sn1-rMrEgHTWQ9-6CznJh16otDywATKNynBY1D3FSLzlpaAoOfdkmIHJqnzazeWMdpMcT2-6OR0nhbeiGFyC3gAU9CHdQ8qCUBfNyCSn4ViJBMpwVEaLr40UxQlVOtqCNvOpg67hHGK5x9bk-ATj2c9GqJHEYC-ktVlgHX88JPao7KUcIdM_EYExs-q06mi0hYzU0JrUcgFg5TNKmgMNPhmVN7GnxhEL0JdMnMMe-ychlEbLK5g_MN4vyl1A1QtMFAOwWL_oWhGO4xjiKOgRE9iFZRNAr1d4kbaYykOIBkFkNopmvmPCYRkdWhZ5W-BgqUk1uMHfzRzVbUplZz2tbpbd13rrpiKpmMzzxmQgXCgPi0uWxdV3-hT9ja2SyaGsWtH9eSyt_0rOhDx5ZL2mCpBhTo-1kONl-Yn-GZloQsKiOeSgc",
		"refresh_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJjbGllbnQiOiIyYTNhNzU0Mi05OTY2LTQ5ZDctYTljOC0wOGNmYmJiNzZlMzkiLCJ1c2VyIjoiNDEwNmE4NWEtZmUyZS00OTQ2LTlmMWYtZjIwMTIxZDFkYTZiIiwidHRsIjoyNTkyMDAwLCJzdWIiOiJlM2U3Mzg4ZS0xMGIzLTQyY2ItOWIwZC1lNDY5NzVjZTBlZjciLCJhdWQiOiIyYTNhNzU0Mi05OTY2LTQ5ZDctYTljOC0wOGNmYmJiNzZlMzkiLCJmaW5nZXJwcmludCI6ImFmZWIwMzJiYjM1ODg0M2IzNWNmODM5NGMwZTY1MTgwN2QxODc2NDEifQ.h844lllUOCNE118tYUGpqwFL0iNlGkQt6HwAFUBGcHxGJaKwEYo4vjpfWhd8a6wRr4JKMv4agysmWf7kjiriDZgvn7xWlFyG3ETI6dmqphVZK6lF7X8H_E8ka2uWlB40JD5yGriWA8w-U62yW-YDX8dsnamgIDYNiFqTk5IOF24m5TcIDCXkvsV13GCs2rFwhDUhkRyNlTYmSq4AoqoIprvjAUin2kBQYIEFIOdoRD-gr47hK2G18xEOylpnA9WyMeJ2Q5mTc_PVyrXrFoaxc5xX1gYSXFKtSfhcckTXIN1ooE4YgNCGojzoPMlLFtxu6Hjvk8FiXFmZngO24C8aCi6aDypghuxfShT8QjQyqbac6C3DLrfww-uYuxHixdglSgxfDigDgdmkfMM8KR6xZteC5MmMTuD3igc-9bIF73BI-LmmAxDXPtjXI2N1LbY0PmufWQi0vMpkJNjTClBcR1F74BKsAyxpmw44NkKVMqp5AEJddNHcvaQ2vrKlbVO5ULLJiIyh23qzX3Qjsp4Ru48XHzqzXuMlKbOuaTtBctENc7kp4NiAoNAm7tGFLxv7x3N83AZkfsG-PPh2pgtYTfeFwws1BuJNU8LTkPTnje0_XLrqUaCW-xlZcspOQgiDj5FpY3Z3QtYhxTwhWZBysz7lor6jjbqb3Jg7DtalW9I"
	},
	"meta": {
		"version": "1",
		"hostname": "ocan-api-xxxxxxxxx-xxxxx",
		"client_ip": "xx.xxx.xxx.xxx"
	}
}

so I use this PR branch #147 then I got this full messages

Could not authenticate you from Ocan because "Undefined method `to sym' for nil:nilclass env['omniauth.error.type'] = message key.to sym ^^^^^^^".
@BobbyMcWho
Copy link
Member

I don't have time to look into this fully at the moment, but you should make sure not to post secrets publicly

@laptopmutia
Copy link
Author

what is your guess about this then? if I want to debug it where I should start ?

@BobbyMcWho
Copy link
Member

What version of omniauth-oauth2 and regular oauth2 gem are you using

@laptopmutia
Copy link
Author

laptopmutia commented Jul 22, 2022
edited
Loading

here are my omniauth and oauth2 gemfile lock

    oauth2 (2.0.6)
      faraday (>= 0.17.3, < 3.0)
      jwt (>= 1.0, < 3.0)
      multi_xml (~> 0.5)
      rack (>= 1.2, < 3)
      rash_alt (>= 0.4, < 1)
      version_gem (~> 1.1)
    omniauth (2.1.0)
      hashie (>= 3.4.6)
      rack (>= 2.2.3)
      rack-protection
    omniauth-oauth2 (1.8.0)
      oauth2 (>= 1.4, < 3)
      omniauth (~> 2.0)
    omniauth-rails_csrf_protection (1.0.1)
      actionpack (>= 4.2)
      omniauth (~> 2.0)

I use it with devise (4.8.1)

is it related with the auth token response that I get from the server? because the response is wrapped in
"data": { "access_token": "mytoken"}}

@laptopmutia
Copy link
Author

I think its because oauth2 I open this issue here https://github.com/oauth-xx/oauth2/issues/627

@pboling
Copy link
Member

pboling commented Aug 1, 2022

It looks like the issue was caused by the oauth keys being nested inside a data top level object in the response. OP was able to override, and use a hash#dig to fix it. Is this a wider issue we should collaborate on @BobbyMcWho ? Perhaps a config option to specify where nested oauth keys should be pulled from?

@BobbyMcWho
Copy link
Member

This could probably be solved with a custom strategy in the short term, we could add a feature like that in omniauth, but I'm currently out of town with little time, so it wouldn't be a priority anytime soon @pboling

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pboling @BobbyMcWho @laptopmutia