search

imhta / rails_6_devise_example

rails 6 with devise + bootstrap + github oauth
68 stars 28 forks source link

404 when trying GitHub Auth #6

Open DouglasUrner opened 4 years ago

DouglasUrner commented 4 years ago

I naively tried the "sign in with GitHub" button and got a 404 error.

If there are configuration steps, it might be nice to mention them.

horaciovelvetine commented 3 years ago

Running into this same issue, on redirect it seems to go back to GH instead of back to the callback URL

horaciovelvetine commented 3 years ago

After a day or so of problem solving, I found a potential solution I wanted to leave here for anyone else stuck! (Forgive the lack of clarity, I'm still fairly new to OAuth, and so there will be more information then any person could ever need!!).

What was happening:

After clicking the Login with Github link, it correctly redirected to Github and even allowed signing in, but on a successful sign in it failed to redirect back to the callback link (even though, when examining the URL the callback link was correct). HOWEVER the Client ID was not being included in the original request, and so Github didn't have any idea which actual OAuth app it was being pointed towards. This is 100% due to my lack of understanding of how to utilize the new Credentials system, and not an error in the application code itself.

I stumbled onto the solution by checking the value of the Secrets in the included console.

Relevant Information:

This particular example of OAuth is implemented using Rails "new" Credentials system to store both the ID secret and KEY secret. Both of which are required per Gh's Oauth documentation.

Some Fixes:

This article, is a great explainer of how to implement the new built in credentials part of Rails. The credentials.yml file inside the config folder CANNOT just be modified.

Gems like Figaro, or DotEnv were built to allow storing keys as environment variables which can be accessed anywhere easily, while also being ignored by GH so that you arent uploading your keys to the WWW.

Relevant Links:

Rails Docs: https://guides.rubyonrails.org/security.html#custom-credentials OAuth Docs: https://docs.github.com/en/developers/apps/building-oauth-apps/authorizing-oauth-apps Tutorial on Rails Credentials: https://blog.corsego.com/ruby-on-rails-6-credentials-full Add'l Credentials Help: https://www.codewithjason.com/understanding-rails-secrets-credentials/ Figaro Gem: https://github.com/laserlemon/figaro DotEnv Gem: https://github.com/bkeepers/dotenv

Hoping this saves someone else a frustrating afternoon, but I learned a ton, and big thanks Imhta for providing a working example!