Reputation: 1271
Getting error OmniAuth::NoSessionError with Rails 5 API
I created a new Rails 5 application with rails new appname --api which seems great! I want to use it as a backend to a frontend with React and in time a Chrome App. For now I want to create an API.
I used the following gems
- gem 'omniauth'
- gem 'omniauth-oauth2'
- gem 'devise'
- gem 'devise_token_auth', git: 'git://github.com/lynndylanhurley/devise_token_auth.git'
- gem 'omniauth-twitter'
- gem 'omniauth-facebook'
- gem 'omniauth-google-oauth2'
And I followed the directions on their Github and here to do the setup: http://www.developingandrails.com/2015/02/api-authentication-with-devisetokenauth.html
And now when I run the app I get:
Started GET "/" for 14.144.15.10 at 2016-07-17 17:21:46 +0000
ActiveRecord::SchemaMigration Load (0.1ms) SELECT "schema_migrations".* FROM "schema_migrations"
OmniAuth::NoSessionError (You must provide a session to use OmniAuth.):
I've looked for answers on Github and StackOverflow but no one seems to have the solution.
The only thing that seems to "fix" the problem is adding this:
# config/application.rb
config.middleware.use Rack::Session::Cookie
But this "solution" gives me this error in the console:
SECURITY WARNING: No secret option provided to Rack::Session::Cookie.
This poses a security threat. It is strongly recommended that you
provide a secret to prevent exploits that may be possible from crafted
cookies. This will not be supported in future versions of Rack, and
future versions will even invalidate your existing user cookies.
Please help! Thanks.
Upvotes: 12
Views: 7345
Answers (4)
Reputation: 2537
In your config/application.rb set the secret
config.middleware.use Rack::Session::Cookie, secret: "s3cr3t_k3y_3x@mpl3"
Ref.: https://www.rubydoc.info/gems/rack/Rack/Session/Cookie
Upvotes: 0
Reputation: 1795
While config.middleware.insert_after worked for me, the same middleware was not loaded so I had to insert choose something else to insert it after. I found a similar answer in http://stackoverflow.com/questions/15342710/adding-cookie-session-store-back-to-rails-api-app and simply added:
config.middleware.use ActionDispatch::Cookies
config.middleware.use ActionDispatch::Session::CookieStore
in application.rb.
Upvotes: 20
Reputation: 5214
Unfortunately, omniauth requires rack.session presence to keep some data between the request to provider and the callback request.
https://github.com/omniauth/omniauth/blob/master/lib/omniauth/strategy.rb#L173
To Omniauth with Rails API needs to return a session to middleware stack:
config.middleware.insert_after ActiveRecord::Migration::CheckPending, ActionDispatch::Cookies
config.middleware.insert_after ActionDispatch::Cookies, ActionDispatch::Session::CookieStore
Upvotes: 13
Reputation: 5633
Not totally sure, but something that worked for me in a project is:
#config/application.rb
config.middleware.insert_after(ActiveRecord::QueryCache, ActionDispatch::Cookies)
config.middleware.insert_after(ActionDispatch::Cookies, ActionDispatch::Session::CookieStore)
Upvotes: 8
Related Questions
- Omniauth-identity InvalidAuthenticityToken
- How to rescue OmniAuth::Strategies::OAuth2::CallbackError?
- OmniAuth routing error, no route match
- Using OmniAuth in Rails 5
- Omniauth returns a 401 unauthorized
- Handling OmniAuth::Strategies::OAuth2::CallbackError in OmniAuth
- Omniauth not working
- omniauth OAuthException & OAuth::Unauthorized
- OAuthException 101 in rails 3.2 app
- OmniAuth Invalid Response Error