我需要在我的Rails应用程序中添加omniauth Google,Facebook和Twitter的登录,我遵循github上官方文档的omniauth教程。但没有可用的资源,API只应用程序,我是初学者,找不到有用的资源,后端只。请帮助我完成这项任务。我将提供我的代码并以正确的方式指导我。这里我的服务器日志,当我击中API请求从 Postman 在http://localhost:3000/users/auth/google_oauth2/callback和一些时间得到
已开始POST“/users/auth/google_oauth2”for::1 at 2023-09-12 18:49:21 +0530 D,[2023-09- 12 T18:49:21.941614 #38273]调试-- omniauth:(google_oauth2)请求阶段已启动。E,[2023-09- 12 T18:49:21.943750 #38273]错误-- omniauth:(google_oauth2)身份验证失败!验证码控制器::InvalidAuthenticityToken:错误控制器::InvalidAuthenticityToken,错误控制器::InvalidAuthenticityToken用户处理::OmniauthCallbacksController#失败为 /
还有一些时间
Started GET“/users/auth/google_oauth2/callback”for::1 at 2023-09-12 19:08:53 +0530 D,[2023-09-12T19:08:53.125607 #39856] DEBUG -- omniauth:(google_oauth2)回调阶段已启动。E,[2023-09- 12 T19:08:53.128328 #39856]错误-- omniauth:(google_oauth2)身份验证失败!undefined方法expired?' for nil:NilClass: NoMethodError, undefined method
过期?' for nil:NilClass Processing by Users::OmniauthCallbacksController#failure as /
控制器
# frozen_string_literal: true
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
respond_to :json
skip_before_action :verify_authenticity_token
skip_before_action :authenticate_request
protect_from_forgery with: :null_session
def handle_omniauth(provider)
@user = User.from_omniauth(request.env["omniauth.auth"])
if @user.persisted?
render json: { status: 'success', message: "Successfully authenticated via #{provider.capitalize}", user: @user }
else
render json: { status: 'error', message: 'Authentication failed', errors: @user.errors.full_messages }, status: :unprocessable_entity
end
end
def google_oauth2
handle_omniauth('Google')
end
def twitter
handle_omniauth('Twitter')
end
def facebook
handle_omniauth('Facebook')
end
end
型号
class User < ApplicationRecord
# Devise modules
devise :database_authenticatable, :registerable, :confirmable,
:recoverable, :rememberable, :validatable, :trackable,
:omniauthable, omniauth_providers: [:google_oauth2, :twitter, :facebook]
# OmniAuth callback method to create or find a user
def self.from_omniauth(auth)
user = User.find_by(email: auth.info.email)
if user
user.update(provider: auth.provider, uid: auth.uid)
else
user = User.create(
provider: auth.provider,
uid: auth.uid,
email: auth.info.email,
password: Devise.friendly_token[0, 20]
)
end
user
end
end
我已经在devise.rb和credentials.yml中设置了凭据,我尝试调试,但调试器无法控制。
devise_for :users, controllers: {
omniauth_callbacks: 'users/omniauth_callbacks'
registrations: 'users/registrations',
sessions: 'users/sessions',
passwords: 'users/passwords'
}
路由定义得很好,但我仍然无法登录omniauth。
**gems are **
# Authentication
gem 'devise'
gem 'omniauth'
gem 'omniauth-facebook'
gem 'omniauth-google-oauth2'
gem 'omniauth-twitter'
gem 'omniauth-rails_csrf_protection'
我想添加第三方登录,但得到的错误.
1条答案
按热度按时间uxhixvfz1#
https://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html
Rails文档说
protect_from_forgery
添加了这一行:这和你的另一句台词有冲突
在这种情况下,真实性令牌没有意义,因为您期待的是来自第三方的回调,而不是您自己生成的表单。
你应该删除
protect_from_forgery with: :null_session
行,看看会发生什么。