Geek Answers Handbook

OAuth2 :: Error, invalid_request: redirect_uri does not match application configuration

I am working on a rails application that authenticates with Bungie OAuth using this stone . My configurations in the /devise.rb initializers are as follows:

config.omniauth :bungie, ENV['CLIENT_ID'], ENV['CLIENT_SECRET'], ENV['X_API_KEY'], ENV['REDIRECT_URL']

The Bungie Developer Portal requires an HTTPS redirect URL, so I clicked my application on Heroku and used the redirect to force localhost authentication to be tested. Using this method, everything works fine. However, when I push the application to production, the response back to my application from Bungie fails with OAuth2::Error, invalid_request: redirect_uri does not match application configuration . Redirect_url is the same as in my application env variables and on the Bungie development portal.

Seeing how this happens in production, I limit myself to the magazines that I see. I tried to track requests on the dev tools network tab in my browser, but everything looks as it should.

I tried to work with the developer of the bungie-oauth2 pearl, but we could not reach a resolution (and its prod applications work fine with it).

Is there something that could cause redirect_url to differ once in Heroku?

As requested, here is my route for omniauth:

 devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }

Exiting rake routes :

  users_sign_out GET /users/sign_out(.:format) devise/sessions#destroy new_user_session GET /users/sign_in(.:format) devise/sessions#new user_session POST /users/sign_in(.:format) devise/sessions#create destroy_user_session DELETE /users/sign_out(.:format) devise/sessions#destroy user_bungie_omniauth_authorize GET|POST /users/auth/bungie(.:format) users/omniauth_callbacks#passthru user_bungie_omniauth_callback GET|POST /users/auth/bungie/callback(.:format) users/omniauth_callbacks#bungie new_user_password GET /users/password/new(.:format) devise/passwords#new edit_user_password GET /users/password/edit(.:format) devise/passwords#edit user_password PATCH /users/password(.:format) devise/passwords#update PUT /users/password(.:format) devise/passwords#update POST /users/password(.:format) devise/passwords#create cancel_user_registration GET /users/cancel(.:format) devise/registrations#cancel new_user_registration GET /users/sign_up(.:format) devise/registrations#new edit_user_registration GET /users/edit(.:format) devise/registrations#edit user_registration PATCH /users(.:format) devise/registrations#update PUT /users(.:format) devise/registrations#update DELETE /users(.:format) devise/registrations#destroy POST /users(.:format) devise/registrations#create

and my controller:

 def bungie @user = User.from_omniauth(request.env["omniauth.auth"]) if @user.persisted? @user.remember_me = true sign_in_and_redirect @user, :event => :authentication else session["devise.bungie_data"] = request.env["omniauth.auth"] redirect_to root_path end end

The full source can be found at https://github.com/destiny-aviato/destinder .

+8
ruby ruby-on-rails oauth heroku omniauth
source share
2 answers

The encoding of the redirect_uri parameter in your auth request for bungie jumps out:

 https%25253A%25252F%25252Fdestinder.herokuapp.com%25252Fusers%25252Fauth%25252Fbungie%25252Fcallback

To read it simply, I had to decrypt it three times. Parameters are usually encoded only once.

 URI.decode(URI.decode(URI.decode("https%25253A%25252F%25252Fdestinder.herokuapp.com%25252Fusers%25252Fauth%25252Fbungie%25252Fcallback")))

Not sure if this is causing the problem. Can you check how many times request_uri gets the encoding when you hit it from local. If it is less than 3, then when deploying to Heroku, your request_uri gets encrypted extra time.

To get request_uri for a local exit from bungie, click "Login with bungie" to your local one. The URL in the browser would have request_uri .

+4
source share

replace the redirect url of your Heroku app with credentials

-one
source share

More articles:


All Articles