Custom redirect_uri prevents callback phase from starting

[Saoma1]

I would like to reopen an old issue

This still seams to be an problem, running rails 7.0.4 & omniauth-google-oauth2 1.1.1 I am also not using devise but a custom solution for handling login etc.

when i configure omniauth.rb without a custom redirect

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET']
end

this my output

10:13:12 web.1 | Started POST "/auth/google_oauth2" for 127.0.0.1 at 2023-05-22 10:13:12 +0200
10:13:12 web.1 | D, [2023-05-22T10:13:12.600675 #13041] DEBUG -- omniauth: (google_oauth2) Request phase initiated.
10:13:12 web.1 | Started GET "/auth/google_oauth2/callback?state=***&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&authuser=0&prompt=none" for 127.0.0.1 at 2023-05-22 10:13:12 +0200
10:13:13 web.1 | D, [2023-05-22T10:13:13.036594 #13041] DEBUG -- omniauth: (google_oauth2) Callback phase initiated.
10:13:13 web.1 | OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key (["access_token", "id_token"]); using "access_token".
10:13:13 web.1 | Processing by OmniauthCallbacksController#google_oauth2 as HTML

however, with a custom redirect

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :google_oauth2, ENV["GOOGLE_CLIENT_ID"], ENV["GOOGLE_CLIENT_SECRET"],
  {
    redirect_uri: 'http://localhost:3000/u/auth/google_oauth2/callback'
  }
end

my output shows that the callback phase is skipped which leads to request.env["omniauth.auth"] being nil

10:21:33 web.1 | Started POST "/auth/google_oauth2" for 127.0.0.1 at 2023-05-22 10:21:33 +0200
10:21:33 web.1 | D, [2023-05-22T10:21:33.090180 #14299] DEBUG -- omniauth: (google_oauth2) Request phase initiated.
10:21:33 web.1 | Started GET "/u/auth/google_oauth2/callback?state=***&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&authuser=0&prompt=none" for 127.0.0.1 at 2023-05-22 10:21:33 +0200
10:21:33 web.1 | Processing by U::OmniauthCallbacksController#google_oauth2 as HTML
10:21:33 web.1 |   Parameters: {"state"=>"***", "code"=>"***", "scope"=>"email profile https://www.googleapis.com/auth/userinfo.profile openid https://www.googleapis.com/auth/userinfo.email", "authuser"=>"0", "prompt"=>"none"}
10:21:33 web.1 | Completed 500  in 4ms (ActiveRecord: 0.0ms | Allocations: 2951)
10:21:33 web.1 | NoMethodError (undefined method `info' for nil:NilClass):

[karquelf]

Hello @Saoma1 I just came across the same issue, and to get the callback phase being executed and having request.env["omniauth.auth"] not nil, you can use the option callback_path instead of redirect_uri like so:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :google_oauth2, ENV["GOOGLE_CLIENT_ID"], ENV["GOOGLE_CLIENT_SECRET"],
  {
    callback_path: '/u/auth/google_oauth2/callback'
  }
end

It comes from the gem omniauth, they check the current_path against a couple of strings including the callback_path option, see: https://github.com/omniauth/omniauth/blob/a13cd110beb9538ea51be6c614bf43351c3f4e95/lib/omniauth/strategy.rb#L194C4-L194C4

[Saoma1]

@karquelf thank you for the hint, I will check it out!

[hari-sysvine]

@karquelf thank you for the hint, I will check it out!

Did that solved, @Saoma1 ? I am using devise gem in combination with omniauth_google gem for auth purposes and having replaced the redirect_uri with callback_path did not worked for me

[hari-sysvine]

@karquelf thank you for the hint, I will check it out!

Did that solved, @Saoma1 ? I am using devise gem in combination with omniauth_google gem for auth purposes and having replaced the redirect_uri with callback_path did not worked for me

It is working now, I was providing the absolute_url instead of relative_url which I've now changed and it did the trick ! Thank you @karquelf , you saved my time