Skip to content

Custom Strategy - OmniAuth::NoSessionError #120

Open
@tardoe

Description

@tardoe

Hi All,

I'm attempting to create a custom oAuth2 strategy against Toornament (https://developer.toornament.com/v2/security/authorization) and while I can use the oauth2 gem by itself, i'm getting some session weirdness through OmniAuth (where we already use another provider).

module OmniAuth
  module Strategies
    class Toornament < OmniAuth::Strategies::OAuth2
      option :name, 'toornament'
      option :client_options, {
        site: 'https://api.toornament.com/',
        authorize_url: 'https://account.toornament.com/oauth2/authorize',
        token_url: 'https://api.toornament.com/oauth/v2/token',
        auth_scheme: :request_body,
        scope: 'user:info'
      }
      option :authorize_options, [:scope]

      uid { raw_info['id'] }

      info do
        {
          name: raw_info['name']
        }
      end

      extra do
        {
          raw_info: raw_info
        }
      end

      def raw_info
        @raw_info ||= access_token.get('account/v2/me/info', headers: {'X-Api-Key': ENV['ENVKEYHIDDEN']})
      end
    end
  end
end

Then within devise.rb:

  config.omniauth :toornament, ENV['TOORNAMENT_ID'], ENV['TOORNAMENT_SECRET'], scope: 'user:info'

The callback comes back comes back with an OmniAuth::NoSessionError error which indicates it's not matching up the state params.

>> request.env['omniauth.auth']
=> nil

Back from Toornament i'm getting the code and a state string and a "session_id" cookie is in the session variables. The only issue is, my application is using the CookieStore (all loaded correctly, and this isn't an API-only app) with a session cookie name of "codename-on-rails", not "session_id".
I suspect something isn't being done correctly with the session handling but I've googled this one and all the usual things (rack middleware loading order, scope etc.) are all looking correct.

Rails: 5.1.5
Devise 4.3.0
oAuth2 1.2.0
omniauth-oauth2 1.5.0
omniauth 1.8.1

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions