Oauth2 Login for Facebook, Linkedin and Google Stopped Working with Devise and Omniauth, But Still Works for LinkedIn and Twitter

Question

I have a site that is configured to work with multiple Oauth2 API's using Devise with Omniauth and has been functioning normally until last week. Currently login with Twitter and Github still function normally; however, Facebook, LinkedIn and Google are giving me an error stating that the Redirect URI doesn't match. The Error Messages read:

Facebook:

ERROR -- omniauth: (facebook) Authentication failure! invalid_credentials: >OAuth2::Error, : {"error":{"message":"Error validating verification code. Please make sure your >redirect_uri is identical to the one you used in the OAuth dialog request","type":"OAuthException","code":100,"fbtrace_id":"XXXXXXXXXX"}}

LinkedIn:

ERROR -- omniauth: (linkedin) Authentication failure! invalid_credentials: >OAuth2::Error, invalid_request: missing required parameters, includes an invalid parameter value, parameter more than once. : Unable to retrieve access token : appId or redirect uri does not match authorization code or authorization code expired {"error_description":"missing required parameters, includes an invalid parameter value, parameter more than once. : Unable to retrieve access token : appId or redirect uri does not match authorization code or authorization code expired","error":"invalid_request"}

Google

ERROR -- omniauth: (google_oauth2) Authentication failure! invalid_credentials: >OAuth2::Error, redirect_uri_mismatch: { "error" : "redirect_uri_mismatch" }

I went reviewed the requests that were sent for all three of these in the Chrome Developers Console and the redirect uri for the callback matches the uri that is registered with each API (Which has not changed since it was working).

The challenge with back tracking this error is I am not 100% sure when these stopped working as I was logging in directly or using the Github login during recent integration tests as I installed new functionality. (Big Lesson Learned!) One of the significant changes that could be impacting this is that I integrated the Traceable extension for Devise which had me require the Warden Gem. However, I removed both the Traceable and Warden configuration and restored the user model and config files to their previous state and I am having the same issue.

I would generally prefer to provide more code samples but to be honest, I am not sure what code to start with. I am hoping that someone has experienced a similar problem and can point in the right direction to start.

To Start, below is my Devise Initializer with Comments Removed to Shorten

Devise.setup do |config|

  config.mailer_sender = 'no-reply@' + ENV['DOMAIN_NAME']

  config.mailer = 'Devise::Mailer'

  require 'devise/orm/active_record'

  config.case_insensitive_keys = [:email]

  config.strip_whitespace_keys = [:email]

  config.skip_session_storage = [:http_auth]

  config.stretches = Rails.env.test? ? 1 : 10

  config.allow_unconfirmed_access_for = 10.days

  config.reconfirmable = true

  config.confirmation_keys = [:email]

  config.remember_for = 2.weeks

  config.expire_all_remember_me_on_sign_out = true

  config.password_length = 8..72

  config.email_regexp = /\A[^@]+@[^@]+\z/

  config.reset_password_keys = [:email]

  config.reset_password_within = 6.hours

  config.sign_in_after_reset_password = true

  config.sign_out_via = :get

  # ==> OmniAuth
  # Add a new OmniAuth provider. Check the wiki for more information on setting
  # up on your models and hooks.
  # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'

  require "omniauth-google-oauth2" # Added Based on Response to Another Stackoverflow Issues - Did Not Help.

  OMNIAUTH = YAML.load(File.read(File.expand_path('../../omniauth.yml', __FILE__))).deep_symbolize_keys

  OMNIAUTH.each_value do |provider|
    config.omniauth provider[:reference].to_sym, ENV[provider[:key_ref]], ENV[provider[:secret_ref]], { :scope => provider[:scope] }
  end
end

The omniauth.yml file that is loaded looks like this:

facebook: { reference: "facebook",
            name: "Facebook",
            scope: "email, public_profile, user_birthday",
            key_ref: "FACEBOOK_KEY",
            secret_ref: "FACEBOOK_SECRET" }

twitter:  { reference: "twitter",
            name: "Twitter",
            scope: "r_fullprofile, r_emailaddress",
            key_ref: "TWITTER_KEY",
            secret_ref: "TWITTER_SECRET" }

linkedin: { reference: "linkedin",
            name: "LinkedIn",
            scope: "r_basicprofile r_emailaddress",
            key_ref: "LINKEDIN_KEY",
            secret_ref: "LINKEDIN_SECRET" }

github: {   reference: "github",
            name: "GitHub",
            scope: "user, public_repo",
            key_ref: "GITHUB_KEY",
            secret_ref: "GITHUB_SECRET" }

google:   { reference: "google_oauth2",
            name: "Google",
            scope: "email, profile",
            key_ref: "GOOGLE_KEY",
            secret_ref: "GOOGLE_SECRET" }

Do you know if something changes that would affect multiple providers since I am having the same issue across several providers? — David Uli
I am having the exact same issue. It was working perfectly then suddenly it stopped working. I see in the link that the solution mentioned is only for facebook but my google signin is broken as well so I'm a little confused — Batman
Same for me. It was working fine and suddenly not. Github login is working fine, only having issue with Linkedin — Chleo

alexey_the_cat alexey_the_cat · Accepted Answer · 2015-11-02T08:22:52

I had exactly similar issue, facebook working, linkedin and google - not.

After some digging/googling i was able to fix my issue by downgrading:

gem 'omniauth-oauth2', '1.3.1'

So my Gemfile looks like:

gem 'devise'
gem 'koala'
gem 'omniauth-oauth2', '1.3.1'
gem 'omniauth-facebook'
gem 'omniauth-google-oauth2'
gem 'omniauth-linkedin-oauth2'

Oauth2 Login for Facebook, Linkedin and Google Stopped Working with Devise and Omniauth, But Still Works for LinkedIn and Twitter

2 Answers