Devise/Google OAuth 2: Not found. Authentication passthru

Question

I followed the tutorial in the readme of the omniauth-google-oauth2 gem and when I click the link on my root (@ pages#home), <%= link_to "Sign up with Google", user_google_oauth2_omniauth_authorize_path %>, I get the error:

Not found. Authentication passthru.

I've confirmed the ENV vars are there. I've been looking at similar topics with no luck. Any idea what I'm doing incorrectly?

In routes:

Rails.application.routes.draw do
      devise_for :users, controllers: { :omniauth_callbacks => "users/omniauth_callbacks" }

My omniauth_callbacks_controller is located at /controllers/users/omniauth_callbacks_controller.rb

class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
  def google_oauth2
      # You need to implement the method below in your model (e.g. app/models/user.rb)
      @user = User.from_omniauth(request.env["omniauth.auth"])

      if @user.persisted?
        flash[:notice] = I18n.t "devise.omniauth_callbacks.success", :kind => "Google"
        sign_in_and_redirect @user, :event => :authentication
      else
        session["devise.google_data"] = request.env["omniauth.auth"].except(:extra) #Removing extra as it can overflow some session stores
        redirect_to new_user_registration_url, alert: @user.errors.full_messages.join("\n")
      end
  end
end

In my devise.rb file:

config.omniauth :google_oauth2, ENV["GOOGLE_CLIENT_ID"], ENV["GOOGLE_CLIENT_SECRET"], {
      name: 'my-project',
      scope: 'email',
      prompt: 'select_account',
      image_aspect_ratio: 'original',
      image_size: 100,
      ssl_verify: false
  }

And in my User.rb:

devise :rememberable, :validatable, :omniauthable, :omniauth_providers => [:google_oauth2]

   def self.from_omniauth(access_token)
         data = access_token.info
         user = User.where(:email => data["email"]).first

         # Uncomment the section below if you want users to be created if they don't exist
         # unless user
         #     user = User.create(name: data["name"],
         #        email: data["email"],
         #        password: Devise.friendly_token[0,20]
         #     )
         # end

         user
     end

Have you considered posting an issue on the GitHub project? The author may be able to help you. — DaImTo, Mar 24 '17 at 08:05
I haven't. It's not an issue with the gem, seems like something minor I'm doing wrong. — Zack Shapiro, Mar 24 '17 at 14:40
are you shure your route `user_google_oauth2_omniauth_authorize_path` is OK? what you get with `rake routes | grep omni` ? — inye, Mar 28 '17 at 12:33

gwcodes · Answer 1 · 2017-03-28T15:23:23.530

0

It's worth checking that your redirect URI for Google OAuth is correct, and includes /callback on the end.

edited Mar 28 '17 at 15:23

answered Mar 27 '17 at 19:31

gwcodes

5,402
1
9
19

This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post. - [From Review](/review/low-quality-posts/15665920) – Eyeslandic Mar 28 '17 at 12:19
1

@Iceman - thanks for the feedback, but please do not confuse the _questioning style of the answer_ as _requesting clarification_. The OP has clearly followed the instructions for the gem to the letter, and stated that the env vars have been checked. The redirect URI is one thing that is not included in the documentation, and is a possible cause of this error. So (at least in my mind) it *is* a potential answer... and I've edited it to be more clear that this is in fact, not a question :-) – gwcodes Mar 28 '17 at 15:28

yohanes · Answer 2 · 2020-07-01T07:44:30.940

For anyone who still looking for the answer:

Make sure no file config/initializers/omniauth.rb in the initializer folder.
Use a blank hash at the last config.omniauth argument at config/initializers/devise.rb as follow:

config.omniauth :google_oauth2, ENV["GOOGLE_CLIENT_ID"], ENV["GOOGLE_CLIENT_SECRET"], {}

Or we can use email scope alone. Since it will tell google that we request user details by email { scope: "email" }

score 0 · Answer 3 · answered May 23 '21 at 03:51

I solved the problem adding the following to config/initializers/omniauth.rb:

OmniAuth.config.allowed_request_methods = %i[get]

Explanation:

the above is the configuration shown in https://github.com/zquestz/omniauth-google-oauth2#usage :

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET']
end
OmniAuth.config.allowed_request_methods = %i[get]

but without

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET']
end

since that is already provided in your config/initializers/devise.rb:

  config.omniauth :google_oauth2, ENV["GOOGLE_CLIENT_ID"], ENV["GOOGLE_CLIENT_SECRET"], {
      name: 'my-project',
      scope: 'email',
      prompt: 'select_account',
      image_aspect_ratio: 'original',
      image_size: 100,
      ssl_verify: false
  }

Devise/Google OAuth 2: Not found. Authentication passthru

3 Answers3