Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No longer works with oauth2 gem v2.0+ #68

Closed
pjg opened this issue Sep 14, 2022 · 7 comments
Closed

No longer works with oauth2 gem v2.0+ #68

pjg opened this issue Sep 14, 2022 · 7 comments

Comments

@pjg
Copy link
Contributor

pjg commented Sep 14, 2022

Looks like the latest oauth2 changes broke this gem. After upgrading I'm seeing the following error in the callback phase:

Request phase initiated.
Started GET "/users/auth/linkedin/callback?code=...&state=..." for 127.0.0.1 at 2022-09-14 20:50:20 +0200
D, [2022-09-14T20:50:20.537126 #37240] DEBUG -- omniauth: (linkedin) Callback phase initiated.
E, [2022-09-14T20:50:21.021252 #37240] ERROR -- omniauth: (linkedin) Authentication failure! invalid_credentials: OAuth2::Error, invalid_request: A required parameter "client_secret" is missing
{"error":"invalid_request","error_description":"A required parameter \"client_secret\" is missing"}
Processing by Users::OmniauthCallbacksController#failure as HTML

I have omniauth configured at Devise as:

  config.omniauth :linkedin, ENV.fetch('LINKEDIN_KEY'), ENV.fetch('LINKEDIN_SECRET')

(both ENV keys are present).

And my omniauth initializer looks like this:

OmniAuth.config.full_host = Settings.protocol + Settings.host
OmniAuth.config.allowed_request_methods = %i[get post]
OmniAuth.config.silence_get_warning = true

It works if I downgrade back to oauth2 v1.4.10.
@bolinkd
Copy link

bolinkd commented Sep 20, 2022

@pjg

I had the same issue and spent some time digging, it looks like we need to add

      def token_params
        super.tap do |params|
          params.client_secret = options.client_secret
        end
      end

I just created a local oauth2 strategy for now, but if this fix works for you (creating a local strategy or editing your bundled gem to test this fix) then I can create a PR to update this.

harshalbhakta added a commit to harshalbhakta/omniauth-linkedin-oauth2 that referenced this issue Sep 28, 2022
@harshalbhakta
Try fix from decioferreira#68 (comment)
f7f3479
parterburn added a commit to unreasonable/omniauth-linkedin-oauth2 that referenced this issue Oct 12, 2022
@parterburn
Fix for oauth2 upgrade breaking change
1c6a541 
decioferreira#68
@pjg
Copy link
Contributor Author

pjg commented Oct 25, 2022

@bolinkd I can confirm that your fix does indeed work. Thank you! I'm adding it to my app to the config/initializers.rb as

module OmniAuth
  module Strategies
    class LinkedIn < OmniAuth::Strategies::OAuth2
      def token_params
        super.tap do |params|
          params.client_secret = options.client_secret
        end
      end
    end
  end
end

I've also noticed the following warning (?) in the Rails logs while logging in using LinkedIn OmniAuth:

You are setting a key that conflicts with a built-in method SnakyHash::StringKeyed#count defined in Enumerable. This can cause unexpected behavior when accessing the key as a property. You can still access the key via the #[] method.

jaurand added a commit to CardTapp/omniauth-linkedin-oauth2 that referenced this issue Nov 8, 2022
@jaurand
v2.0 fix decioferreira#68 (comment)
2650083
jaurand added a commit to CardTapp/omniauth-linkedin-oauth2 that referenced this issue Nov 8, 2022
@jaurand
v2.0 fix decioferreira#68 (comment)
8774b09
@SLegrez
Copy link

SLegrez commented Dec 2, 2022
edited
Loading

Thank you @bolinkd & @pjg you saved my day !
For those who whant maybe more details to know with which folder/file we need to play, here is what i did :

# lib/strategies/linkedin.rb

module OmniAuth
  module Strategies
    class LinkedIn < OmniAuth::Strategies::OAuth2
      def token_params
        super.tap do |params|
          params.client_secret = options.client_secret
        end
      end
    end
  end
end
# config/initializers/devise.rb

require "strategies/linkedin"
...
...

@wilsoncelyCUC
Copy link

wilsoncelyCUC commented Apr 27, 2023
edited
Loading

Thanks for the answer, it solves my issue with my local application.
(Im new dev, so bear with me)

for the context:

I am developing a Ruby on Rails 7 web application that uses the omniauth-linkedin-oauth2 gem for LinkedIn authentication. The app works fine locally with the LinkedIn credentials defined in config/credentials.yml.enc. However, when I try to deploy the app to Heroku, I get the following error during asset precompilation:
vbnet

NoMethodError: undefined method []' for nil:NilClass config.omniauth :linkedin, Rails.application.credentials[:linkedin][:client_id], Rails.application.credentials[:linkedin][:client_secret] I have checked that the LinkedIn credentials are correctly set up in both config/credentials.yml.enc and on the Heroku app’s config vars. Fetching sassc-rails 2.1.2 Installing sassc-rails 2.1.2 Installing font-awesome-sass 6.4.0 Bundle complete! 24 Gemfile dependencies, 81 gems now installed. Gems in the groups 'development' and 'test' were not installed. Bundled gems are installed into ./vendor/bundle`
Post-install message from devise:

   [DEVISE] Please review the [changelog] and [upgrade guide] for more info on Hotwire / Turbo integration.
   
     [changelog] https://github.com/heartcombo/devise/blob/main/CHANGELOG.md
     [upgrade guide] https://github.com/heartcombo/devise/wiki/How-To:-Upgrade-to-Devise-4.9.0-%5BHotwire-Turbo-integration%5D
     Post-install message from oauth2:
   
   You have installed oauth2 version 2.0.9, congratulations!
   
   There are BREAKING changes if you are upgrading from < v2, but most will not encounter them, and updating your code should be easy!
   
   We have made two other major migrations:
   1. master branch renamed to main
   2. Github has been replaced with Gitlab
   
   Please see:
   • https://gitlab.com/oauth-xx/oauth2#what-is-new-for-v20
   • https://gitlab.com/oauth-xx/oauth2/-/blob/main/CHANGELOG.md
   • https://groups.google.com/g/oauth-ruby/c/QA_dtrXWXaE
   
   Please report issues, and support the project! Thanks, |7eter l-|. l3oling
   
   Bundle completed (86.58s)
   Cleaning up the bundler cache.

-----> Installing node-v16.18.1-linux-x64
-----> Installing yarn-v1.22.19
-----> Detecting rake tasks
-----> Preparing app for Rails asset pipeline
Running: rake assets:precompile
rake aborted!
NoMethodError: undefined method `[]' for nil:NilClass

     config.omniauth :linkedin, Rails.application.credentials[:linkedin][:client_id], Rails.application.credentials[:linkedin][:client_secret]
                                                                        ^^^^^^^^^^^^
   /tmp/build_22da9b42/config/initializers/devise.rb:14:in `block in <main>'
   /tmp/build_22da9b42/vendor/bundle/ruby/3.1.0/gems/devise-4.9.2/lib/devise.rb:314:in `setup'
   /tmp/build_22da9b42/config/initializers/devise.rb:11:in `<main>'
   /tmp/build_22da9b42/vendor/bundle/ruby/3.1.0/gems/railties-7.0.4.3/lib/rails/engine.rb:667:in `load'
   /tmp/build_22da9b42/vendor/bundle/ruby/3.1.0/gems/railties-7.0.4.3/lib/rails/engine.rb:667:in `block in load_config_initializer'
   /tmp/build_22da9b42/vendor/bundle/ruby/3.1.0/gems/activesupport-7.0.4.3/lib/active_support/notifications.rb:208:in `instrument'
   /tmp/build_22da9b42/vendor/bundle/ruby/3.1.0/gems/railties-7.0.4.3/lib/rails/engine.rb:666:in `load_config_initializer'
   /tmp/build_22da9b42/vendor/bundle/ruby/3.1.0/gems/railties-7.0.4.3/lib/rails/engine.rb:620:in `block (2 levels) in <class:Engine>'

@bolinkd
Copy link

bolinkd commented Apr 27, 2023

This error looks like you have not set up your credentials in your production.rb file

@wilsoncelyCUC
Copy link

Thanks, indeed it was that.

@dominikklein dominikklein mentioned this issue Jul 12, 2023
Closed
@pjg
Copy link
Contributor Author

pjg commented Aug 28, 2023

Since #71 has been merged and released as v1.0.1 I'm closing this issue.

@pjg pjg closed this as completed Aug 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@pjg @bolinkd @SLegrez @wilsoncelyCUC