Google Open ID and Invalid Credentials

Question

For the past week or two we've had issues signing users via Google Oauth. The user when redirected to Google if already logged in via Gmail is redirected back to our site with the following url.

https://mywinningtrade.com/auth/failure?message=invalid_credentials&origin=https%3A%2F%2Fmywinningtrade.com%2Fauth%2Ffailure%3Fmessage%3Dinvalid_credentials%26origin%3Dhttps%253A%252F%252Fmywinningtrade.com%252Flogin%26strategy%3Dgoogle&strategy=google

Normally I would expect this to be because the account credentials are wrong, but like I said before I was already signed into Gmail.

Added on top of that is that there are times when it does work but only intermittently. I am unable to localize the event of when it happens. I've tried several different emails. The current gems we use are...

gem "oauth", "~> 0.4.7"

gem "omniauth-openid", "~> 1.0.1" # Google

Has anyone else experienced this issue or could know why this is causing it. I would post code but there has been zero change from the time the google OAuth was working till now.

Answer 1

This question is technically about Google OpenID solution, as opposed to OAuth.

As for the answer, it appears to me that the Google IDP issued a successful authentication statement that was not accepted by MyWinningTrade. There could be a configuration issue w/ your library, related to issue https://groups.google.com/forum/#!msg/google-federated-login-api/qXZDD7_K7jU/LfIp5JhFLAoJ

Unfortunately, from the time since last update, I am not sure if omniauth-openid is being actively maintained, so if this issue is affecting you, I hope you know how to rebuild your gem with the proper fixes. Let me know if I can help you sort out the change.