Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Omniauth.params are empty hash (api_only) #1052

Open
mkralik opened this issue Nov 28, 2021 · 0 comments
Open

Omniauth.params are empty hash (api_only) #1052

mkralik opened this issue Nov 28, 2021 · 0 comments

Comments

@mkralik
Copy link

mkralik commented Nov 28, 2021
edited

Configuration

  • Provider Gem: omniauth-ldap
  • Ruby Version: 2.7.4 (Rails API only)
  • Framework: Rails 6.0.4.1
  • Platform: Ubuntu

Expected Behavior

Authenticate using LDAP provider

Actual Behavior

Getting missing_credentials? error. The request.params is always an empty hash even though I provide username and password in the request body via POST method. I can see the body params when debugging actual controller, but it looks like those params are not passed to omniauth request.

Is POST and Rails API supported - I am not sure if I should continue searching for a solution in my code (spent already a week on that) or this is a bug/out of scope of the current implementation.

screen1
screen2

Controller:

module Api
  module V1
    module Auth
      class OmniauthCallbacksController < Devise::OmniauthCallbacksController #< ApplicationController#
        include ActionController::Cookies
     
        def ldap
          puts request.env['omniauth.auth'] # => NULL

        end

        def failure
          puts "request.env['omniauth.auth']: #{request.env['omniauth.auth']}" # => NULL
          puts "request.env['omniauth.params']: #{request.env['omniauth.params']}" # => {}
          puts "params: #{params}" # => { "username": "myusername", "password": "mypassword" }

          render json: { status: "fail" }
        end
      end
    end
  end
end

Application.rb:

    config.api_only = true
    config.session_store :cookie_store, key: '_interslice_session'
    config.middleware.use ActionDispatch::Cookies
    config.middleware.use config.session_store, config.session_options

Routes.rb:
devise_for :users, controllers: { omniauth_callbacks: 'api/v1/auth/omniauth_callbacks' }

Devise:

config.omniauth :ldap, :host => 'XXX.com',
                :port => 389,
                :method => :plain,
                :base => 'cn=accounts,dc=int,dc=dostack,dc=io',
                :uid => 'uid',
                :try_sasl => false,
                :bind_dn => "uid=XXX,cn=users,cn=accounts,dc=int,dc=dostack,dc=io",
                :password => "xxxxxxxx"

Response:
image
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mkralik