Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

404 when trying GitHub Auth #6

Open
DouglasUrner opened this issue Jan 21, 2020 · 2 comments
Open

404 when trying GitHub Auth #6

DouglasUrner opened this issue Jan 21, 2020 · 2 comments

Comments

@DouglasUrner
Copy link
Contributor

I naively tried the "sign in with GitHub" button and got a 404 error.

If there are configuration steps, it might be nice to mention them.
@horaciovelvetine
Copy link

Running into this same issue, on redirect it seems to go back to GH instead of back to the callback URL

@horaciovelvetine
Copy link

After a day or so of problem solving, I found a potential solution I wanted to leave here for anyone else stuck! (Forgive the lack of clarity, I'm still fairly new to OAuth, and so there will be more information then any person could ever need!!).

What was happening:

After clicking the Login with Github link, it correctly redirected to Github and even allowed signing in, but on a successful sign in it failed to redirect back to the callback link (even though, when examining the URL the callback link was correct). HOWEVER the Client ID was not being included in the original request, and so Github didn't have any idea which actual OAuth app it was being pointed towards. This is 100% due to my lack of understanding of how to utilize the new Credentials system, and not an error in the application code itself.

I stumbled onto the solution by checking the value of the Secrets in the included console.

Relevant Information:

This particular example of OAuth is implemented using Rails "new" Credentials system to store both the ID secret and KEY secret. Both of which are required per Gh's Oauth documentation.

Some Fixes:

This article, is a great explainer of how to implement the new built in credentials part of Rails. The credentials.yml file inside the config folder CANNOT just be modified.

Gems like Figaro, or DotEnv were built to allow storing keys as environment variables which can be accessed anywhere easily, while also being ignored by GH so that you arent uploading your keys to the WWW.

Relevant Links:

Rails Docs: https://guides.rubyonrails.org/security.html#custom-credentials
OAuth Docs: https://docs.github.com/en/developers/apps/building-oauth-apps/authorizing-oauth-apps
Tutorial on Rails Credentials: https://blog.corsego.com/ruby-on-rails-6-credentials-full
Add'l Credentials Help: https://www.codewithjason.com/understanding-rails-secrets-credentials/
Figaro Gem: https://github.com/laserlemon/figaro
DotEnv Gem: https://github.com/bkeepers/dotenv

Hoping this saves someone else a frustrating afternoon, but I learned a ton, and big thanks Imhta for providing a working example!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DouglasUrner @horaciovelvetine