Google OpenID strategy is not working in Rails

StackOverflow https://stackoverflow.com/questions/13966115

Question

I want to let users sign in to my Rails application using Google OpenID. So I have these gems

gem 'omniauth'
gem 'omniauth-openid'
gem 'devise'

config/initializers/omniauth.rb

require 'openid/store/filesystem'
Rails.application.config.middleware.use OmniAuth::Builder do
  provider :open_id, :store => OpenID::Store::Filesystem.new('/tmp'), :name => 'google', 
    :identifier => 'https://www.google.com/accounts/o8/id', :require => 'omniauth-openid'
end

OmniAuth.config.on_failure = Proc.new do |env|
    OmniAuth::FailureEndpoint.new(env).redirect_to_failure

end

There is also a link on a page

<% if current_user %>
  Welcome <%= current_user.name %>!
  <%= link_to "Sign Out", signout_path %>
<% else %>
  <%= link_to "Sign in with Google", "/auth/google" %>

<% end %>

When I'm being redirected to Google login page, I click "Allow" and I'm being redirected back to ... /auth/failure?message=invalid_credentials&strategy=google for some reason despite the fact that I logged in correctly.

here is the log from Webrick:

Started GET "/auth/google" for 127.0.0.1 at 2012-12-20 12:45:13 +0700
(google) Callback phase initiated.
Error attempting to use stored discovery information: OpenID::TypeURIMismatch
Attempting discovery to verify endpoint
Performing discovery on https://www.google.com/accounts/o8/id?id=323221212143243243
WARNING: making https request to https://www.google.com/accounts/o8/id?id=2121212143243243243243 without verifying server certificate; no CA path was specified.
(google) Callback phase initiated.
(google) Authentication failure! invalid_credentials encountered.


Started GET "/auth/google/callback?_method=post&openid.ns= .... very long string" for 127.0.0.1 at 2012-12-20 12:45:18 +0700


Started GET "/auth/failure?message=invalid_credentials&strategy=google" for 127.0.0.1 at 2012-12-20 12:45:18 +0700

What did I do wrong?

Was it helpful?

Solution

You're not doing anything wrong per say. Unfortunately Google's response from OpenID is a VERY long URL. So long that it's more than the 256 chars which webrick can handle.

If you add another server to your gemfile, such as:

gem 'thin'

and then start the server like this:

rails s thin

then you should discover that logging in via google is just fine.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top