Wordpress strategy for OAuth 2.0

Question

I am working on an application that allows user to authenticate with Devise and Omniauth and then connect his social network account to the app. I wanted to add Wordpress integration (their website states they support OAuth 2.0 authentication and REST API access).

Unfortunately, there was no Omniauth strategy for this provider. I looked into some other gems and decide to write my own - it didn't seem so complicated. The source code can be found here.

I have added all required informations (according to Wordpress docs), then I have signed up for an app ID and secret. I have encountered my first problem here - Wordpress demanded a live, public domain as a redirect URI. I didn't want to use one - I wanted to test in development mode first, so localhost was fine for me. I have entered a dummy address, then changed it back to localhost (surprise! They didn't validate it on update, just on create).

I have added the credentials to my initializer (config/initializers/devise.rb):

config.omniauth :wordpress, "my_app_id", "my_app_secret"

It seemed to work - I got the authentication dialog I expected, it mentioned my application. But when I clicked 'Authorize' and got redirected to my application back, I got an error saying invalid credentials.

I have checked the credentials, but they were correct (no typos, proper order). I have reset the app secret - no luck. I have created two another applications, but still nothing.

I have already ran out of ideas. What can cause such error? Is it possible that it's because of the local address in redirect_uri?

Answer 1

I suspected it was something easy to miss, and it was. Wordpress' server responded with JSON string, but the response was not parsed as one. Therefore Omniauth gem couldn't find an access token in it and was raising the invalid credentials error. Setting up correct content type worked like a charm.