search

WebTheoryLLC / omniauth-twitch

OmniAuth Strategy for Twitch
MIT License
32 stars 22 forks source link

Missing Client Id on Rails 7.0.3.1 #20

Closed sdkilbo closed 2 years ago

sdkilbo commented 2 years ago

Makes get response fine but will return back with 400 missing client_id on the post. Tried this with an empty project to no avail. I also tried with devise, figured that was the issue so I ran with just middleware with same issue.

Steps to reproduce:

rails new twitchomniauth -d mysql

#GemFile:
gem 'byebug'

gem "hotwire-livereload", "~> 1.2"

gem "bootstrap", "~> 4.6.1"

gem 'omniauth'
gem "omniauth-rails_csrf_protection"
gem 'omniauth-twitch'
#omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
    provider :twitch, 'clientidinplaintext', 'secretinplaintext'
end

I was using plain text for keys while testing to get it to work.

#routes.rb
root to: 'sessions#new'
get 'auth/:provider/callback', to: 'sessions#create'
get '/login', to: 'sessions#new'
#sessions_controller.rb
def new
    render :new
  end

  def create
    user_info = request.env['omniauth.auth']
    raise user_info # Your own session management should be placed here.
  end
#new.html.erb
<%= form_tag('/auth/twitch', method: 'post', data: {turbo: false}) do %>
  <button type='submit'>Login with Developer</button>
<% end %>
Debug log: 
Started POST "/auth/twitch" for ::1 at 2022-07-13 22:52:05 -0700
D, [2022-07-13T22:52:05.095476 #45839] DEBUG -- omniauth: (twitch) Request phase initiated.
Started GET "/auth/twitch/callback?code=vlm6rchl7adnvc9aehshe17mou9gbu&scope=user%3Aread%3Aemail&state=66a4347d63ee5196ec6ffc9b17bba13e7f0f8100744f817b" for ::1 at 2022-07-13 22:52:06 -0700
D, [2022-07-13T22:52:06.515480 #45839] DEBUG -- omniauth: (twitch) Callback phase initiated.
I, [2022-07-13T22:52:06.517225 #45839]  INFO -- request: POST https://id.twitch.tv/oauth2/token
I, [2022-07-13T22:52:06.517287 #45839]  INFO -- request: User-Agent: "Faraday v2.3.0"
Content-Type: "application/x-www-form-urlencoded"
Authorization: "Basic bmlpNmN0YmhiODEzdDRmOWx0aDg4eTFkdmdqd2w4OnBiOXV3M2NoczlvNThyOXBzeXlxYW5pc2czZzg2ZQ=="
I, [2022-07-13T22:52:06.517850 #45839]  INFO -- request: {"grant_type"=>"authorization_code",
 "code"=>"vlm6rchl7adnvc9aehshe17mou9gbu",
 "redirect_uri"=>"http://localhost:3000/auth/twitch/callback"}

I, [2022-07-13T22:52:06.763818 #45839]  INFO -- response: Status 400
I, [2022-07-13T22:52:06.763881 #45839]  INFO -- response: date: "Thu, 14 Jul 2022 05:52:06 GMT"
content-type: "application/json"
content-length: "45"
connection: "keep-alive"
server: "nginx/1.18.0"
access-control-allow-origin: "*"
x-ctxlog-logid: "1-62cfaf06-7af87d3f5fcada83762f6687"
I, [2022-07-13T22:52:06.763916 #45839]  INFO -- response: {"status":400,"message":"missing client id"}

E, [2022-07-13T22:52:06.764437 #45839] ERROR -- omniauth: (twitch) Authentication failure! invalid_credentials: OAuth2::Error, {"status":400,"message":"missing client id"}

E, [2022-07-13T22:52:06.764559 #45839] ERROR -- omniauth: (twitch) Authentication failure! {"status":400,"message":"missing client id"}
: OAuth2::Error, {"status":400,"message":"missing client id"}
oauth2 (2.0.6) lib/oauth2/client.rb:139:in `request'
oauth2 (2.0.6) lib/oauth2/client.rb:188:in `get_token'
oauth2 (2.0.6) lib/oauth2/strategy/auth_code.rb:37:in `get_token'
omniauth-oauth2 (1.8.0) lib/omniauth/strategies/oauth2.rb:126:in `build_access_token'
omniauth-twitch (1.1.0) lib/omniauth/strategies/twitch.rb:60:in `build_access_token'
omniauth-oauth2 (1.8.0) lib/omniauth/strategies/oauth2.rb:91:in `callback_phase'

Screen Shot 2022-07-13 at 9 36 30 PM

sdkilbo commented 2 years ago

I was able to resolve it with very specific gems. Dont know which one was the solution, all of these depended on each other.

gem "hashie", "3.6.0"
gem 'omniauth', "1.9"
gem "omniauth-rails_csrf_protection", "0.1.2"
gem 'omniauth-oauth2', "1.6"
gem "oauth2", "1.1"
gem "faraday", "0.8"
gem "jwt", "1.5.1"
deanpcmad commented 2 years ago

I've also run into this issue and it appears to be an issue with either the omniauth-oauth2 or oauth2 gems. When fixing omniauth-oauth2 to 1.7.2, it works as expected.

jawny-utah commented 2 years ago

run into the same issue, that's helped me @deanpcmad thanks a lot

deanpcmad commented 2 years ago

After looking into it some more, I believe it's to do with the upgrade to oauth2 v2

https://github.com/oauth-xx/oauth2/blob/master/CHANGELOG.md#200---2022-06-21

deanpcmad commented 2 years ago

Have found the issue and have created a PR.

In the mean time, you can use my fixed branch.

gem 'omniauth-twitch', github: "deanpcmad/omniauth-twitch", branch: "fix-auth"