search

zquestz / omniauth-google-oauth2

Oauth2 strategy for Google
1.45k stars 413 forks source link

v1.1.0 problem #430

Closed alec-c4 closed 2 years ago

alec-c4 commented 2 years ago

Hey! I have a strange behaviour of the gem v1.1.0 (1.0.1 works fine with the same code):

21:40:15 web.1      | D, [2022-09-04T21:40:15.075161 #89262] DEBUG -- omniauth: (google) Callback phase initiated.
21:40:15 web.1      | OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key (["access_token", "id_token"]); using "access_token".
21:40:15 web.1      | E, [2022-09-04T21:40:15.348641 #89262] ERROR -- omniauth: (google) Authentication failure! Invalid segment encoding: JWT::DecodeError, Invalid segment encoding
21:40:15 web.1      | 2022-09-04 21:40:15.354212 D [89262:puma srv tp 004] Users::OmniauthCallbacksController -- Processing #failure
21:40:15 web.1      | 2022-09-04 21:40:15.363531 I [89262:puma srv tp 004] (9.235ms) Users::OmniauthCallbacksController -- Completed #failure -- { :controller => "Users::OmniauthCallbacksController", :action => "failure", :params => { "state" => "97439f26d5ed08cb9994c5b72ce8811875749191fcb22daf", "code" => "4/0AdQt8qgtHVtA69r4_DexeuUukx0rkPP2ugST57JNew12Zsyb0jcaAkgiNI_LyAiDDH90Cg", "scope" => "email profile https://www.googleapis.com/auth/userinfo.profile openid https://www.googleapis.com/auth/userinfo.email", "authuser" => "0", "prompt" => "none" }, :format => "HTML", :method => "GET", :path => "/users/auth/google/callback", :status => 500, :view_runtime => 0.0, :db_runtime => 0.0, :user_id => "guest", :exception_object => #<NoMethodError: undefined method `provider' for nil:NilClass
21:40:15 web.1      |
21:40:15 web.1      |     @identity = Identity.where(provider: auth.provider, uid: auth.uid).first
21:40:15 web.1      |                                              ^^^^^^^^^>, :allocations => 4185, :status_message => "Internal Server Error" }
21:40:15 web.1      | 2022-09-04 21:40:15.366268 F [89262:puma srv tp 004 abstract_thread_local_var.rb:43] Rails -- Exception: NoMethodError: undefined method `provider' for nil:NilClass
21:40:15 web.1      |
21:40:15 web.1      |     @identity = Identity.where(provider: auth.provider, uid: auth.uid).first
21:40:15 web.1      |                                              ^^^^^^^^^
21:40:15 web.1      | /Users/alec/Code/Internal/cosmozoo/app/controllers/users/omniauth_callbacks_controller.rb:35:in `set_identity'
21:40:15 web.1      | /Users/alec/.rbenv/versions/3.1.2/lib/ruby/gems/3.1.0/gems/activesupport-7.0.3.1/lib/active_support/callbacks.rb:400:in `block in make_lambda'
21:40:15 web.1      | /Users/alec/.rbenv/versions/3.1.2/lib/ruby/gems/3.1.0/gems/activesupport-7.0.3.1/lib/active_support/callbacks.rb:199:in `block (2 levels) in halting'
21:40:15 web.1      | /Users/alec/.rbenv/versions/3.1.2/lib/ruby/gems/3.1.0/gems/actionpack-7.0.3.1/lib/abstract_controller/callbacks.rb:34:in `block (2 levels) in <module:Callbacks>'
21:40:15 web.1      | /Users/alec/.rbenv/versions/3.1.2/lib/ruby/gems/3.1.0/gems/activesupport-7.0.3.1/lib/active_support/callbacks.rb:200:in `block in halting'
21:40:15 web.1      | /Users/alec/.rbenv/versions/3.1.2/lib/ruby/gems/3.1.0/gems/activesupport-7.0.3.1/lib/active_support/callbacks.rb:595:in `block in invoke_before'
21:40:15 web.1      | /Users/alec/.rbenv/versions/3.1.2/lib/ruby/gems/3.1.0/gems/activesupport-7.0.3.1/lib/active_support/callbacks.rb:595:in `each'
21:40:15 web.1      | /Users/alec/.rbenv/versions/3.1.2/lib/ruby/gems/3.1.0/gems/activesupport-7.0.3.1/lib/active_support/callbacks.rb:595:in `invoke_before'
21:40:15 web.1      | /Users/alec/.rbenv/versions/3.1.2/lib/ruby/gems/3.1.0/gems/activesupport-7.0.3.1/lib/active_support/callbacks.rb:116:in `block in run_callbacks'

to reproduce - just create an test app with my template https://github.com/alec-c4/ks-rails-bootstrap and try to login using google.If you downgrade to 1.0.1 - it will work fine

alec-c4 commented 2 years ago
image
alec-c4 commented 2 years ago

I've used a debugger and as i see

[9] pry(#<Users::OmniauthCallbacksController>)> request.env['omniauth.auth']
=> nil
zquestz commented 2 years ago

I haven't seen this. @JacobMarq any ideas?

For some reason it looks like auth is not defined. Where are you defining that? Is that merely reading request.env['omniauth.auth']?

The error seems to be the JWT processing...

21:40:15 web.1      | D, [2022-09-04T21:40:15.075161 #89262] DEBUG -- omniauth: (google) Callback phase initiated.
21:40:15 web.1      | OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key (["access_token", "id_token"]); using "access_token".
21:40:15 web.1      | E, [2022-09-04T21:40:15.348641 #89262] ERROR -- omniauth: (google) Authentication failure! Invalid segment encoding: JWT::DecodeError, Invalid segment encoding
21:40:15 web.1      | 2022-09-04 21:40:15.354212 D [89262:puma srv tp 004] Users::OmniauthCallbacksController -- Processing #failure

Looks like OAuth2 chose the access_token, and then blew up. Perhaps it should have selected the id_token?

miharekar commented 2 years ago

I have a different problem, where JWT decoding fails:

CleanShot 2022-09-05 at 10 29 04

But is also fixed by your PR #431 👌