Omniauth Integration inside Rails Engine

[abhinavmsra]

• Continuing discussion on this issue, as its closed and this issue is related.

Environment

• Ruby [2.4.2]
• Rails [5.1.4]
• Devise [4.4.0]

Setup

I am trying to integrate Devise inside a Rails Engine. Devise is configured to provide Omniauth authentication.

Configuration

• Engine Mounted at /auth

• Devise is configured to support two omniauth providers, facebook and instagram.

Devise.omniauth_providers => [:facebook, :instagram]

• Engine Routes look as follows:

devise_for :users, module: :devise, path: '/'

rake routes generates following routes:

...
vcliq_auth      /auth                 VcliqAuth::Engine
...

Routes for VcliqAuth::Engine:

user_facebook_omniauth_authorize GET|POST /auth/facebook(.:format)        vcliq_auth/omniauth_callbacks#passthru
user_facebook_omniauth_callback GET|POST /auth/facebook/callback(.:format)  vcliq_auth/omniauth_callbacks#facebook
user_instagram_omniauth_authorize GET|POST /auth/instagram(.:format)         vcliq_auth/omniauth_callbacks#passthru
user_instagram_omniauth_callback GET|POST /auth/instagram/callback(.:format) vcliq_auth/omniauth_callbacks#instagram

Its pretty standard.

Current Behavior

An interesting behavior that took quite a bit of time to debug is:

• Engine Routes are namespaced under the route the engine is mounted at. However, routes pointing to Omniauth are scoped under root.

I was expecting to access vcliq_auth/omniauth_callbacks#passthru via

/ENGINE_MOUNT_PATH/auth/:provider => /auth/auth/:provider

But it turns out its still /auth/:provider.

• Accessing /auth/auth/:provider hits Devise::OmniauthCallbacksController#passthru generating following response

render status: 404, plain: "Not found. Authentication passthru."

My understanding for that is:

• Devise configures Omniauth and related strategies as a Middleware and so the routes take a root scope rather than that of Engine.

rake middleware =>
...
use OmniAuth::Strategies::Facebook
use OmniAuth::Strategies::Instagram
... 

Expected Behavior

If the routing behavior is intentional or expected, then the routes helper should correspond that. However, route helpers still return routes namespaced under the engine mount path.

In my case,

user_facebook_omniauth_authorize_path
  => /auth/auth/facebook

user_instagram_omniauth_authorize_path
  => /auth/auth/instagram

which makes me wonder either the routes are mismatched or the path helpers are returning wrong routes.

[tegon]

Hello @abhinavmsra, thanks for the detailed explanation.

Can you provide us a sample application that reproduces this issue or maybe use our bug report template? This seems like a lot of setup, so if you can provide us an executable sample that would help us find the issue faster.

Thank you!

[abhinavmsra]

Sorry @tegon I totally forgot about the issue. I will prepare a sample application over the weekend

[tegon]

I'm closing this issue because it has not had recent activity. If you're still facing this on the latest version, please open a new one with all the information requested in the template.

Thank you!

[mightymatth]

This issue still presents in the latest version.

Great explanation by @abhinavmsra . I have the same issue with Spree application (which is mounted on custom route) while using spree_social extension.

[robplan]

you can configure the path prefix as an option on each omniauth provider inside devise.rb

config.omniauth :google_oauth2, 'your apps id', 'your apps secret', path_prefix: '/auth'

change /auth for whatever your engine is mounted on. the only problem is that if you change the mount poit you will have to update these configs bye hand as well.