zetacu
Reputation: 17602
Okta login UI fails to loan using omniauth-okta
I'm trying to implement oauth with okta on a ruby on rails project. This is what I have at the moment:
# Gemfile
...
gem 'omniauth'
gem 'omniauth-okta'
...
# config/initializers/omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
provider :okta,
ENV['OKTA_CLIENT_ID'],
ENV['OKTA_CLIENT_SECRET'],
{
client_options: {
site: 'https://MY_DOMAIN.oktapreview.com',
authorize_url: 'https://MY_DOMAIN.oktapreview.com/oauth2/default/v1/authorize',
token_url: 'https://MY_DOMAIN.oktapreview.com/oauth2/default/v1/token',
user_info_url: 'https://MY_DOMAIN.oktapreview.com/oauth2/default/v1/userinfo'
}
}
end
# config/routes.rb
...
match 'auth/okta/callback', to: 'omniauth#create', via: [:get, :post]
match 'auth/failure', to: redirect('/'), via: [:get, :post]
match 'signout', to: 'omniauth#destroy', as: 'signout', via: [:get, :post]
...
# app/controllers/omniauth_controller.rb
class Omniauth < ActionController::Base
def callback
render inline: <<~HTML
<div>Welcome #{auth['uid']}</div>
HTML
end
def failure
render inline: <<~HTML
<div>You reached this due to an error in OmniAuth</div>
<div>Strategy: #{params['strategy']}</div>
<div>Message: #{params['message']}</div>
HTML
end
private
def auth
@auth ||= request.env['omniauth.auth']
end
end
<!--views/login/new.html.erb-->
<%= button_to 'Login with okta', '/auth/okta', method: :post %>
At the moment I'm getting this errors when I click the button to sign-in
[uuid] [uuid] [ip] [remote_ip] Started POST "/auth/okta" for 127.0.0.1 at 2022-01-04 13:58:07 -0800
D, [2022-01-04T13:58:07.215161 #22097] DEBUG -- omniauth: (okta) Request phase initiated.
W, [2022-01-04T13:58:07.215791 #22097] WARN -- omniauth: Attack prevented by OmniAuth::AuthenticityTokenProtection
E, [2022-01-04T13:58:07.216301 #22097] ERROR -- omniauth: (okta) Authentication failure! authenticity_error: OmniAuth::AuthenticityError, Forbidden
E, [2022-01-04T13:58:07.216640 #22097] ERROR -- omniauth: (okta) Authentication failure! Forbidden: OmniAuth::AuthenticityError, Forbidden
[uuid] [uuid] [ip] [remote_ip] Forbidden excluded from capture: DSN not set
[uuid] [uuid] [ip] [remote_ip]
OmniAuth::AuthenticityError (Forbidden):
omniauth (2.0.4) lib/omniauth/authenticity_token_protection.rb:27:in `deny'
rack-protection (1.5.5) lib/rack/protection/base.rb:53:in `react'
omniauth (2.0.4) lib/omniauth/authenticity_token_protection.rb:18:in `call!'
omniauth (2.0.4) lib/omniauth/authenticity_token_protection.rb:11:in `call'
omniauth (2.0.4) lib/omniauth/strategy.rb:240:in `request_call'
omniauth (2.0.4) lib/omniauth/strategy.rb:193:in `call!'
omniauth (2.0.4) lib/omniauth/strategy.rb:169:in `call'
omniauth (2.0.4) lib/omniauth/builder.rb:45:in `call'
...
# lib/omniauth/authenticity_token_protection.rb
def deny(_env)
OmniAuth.logger.send(:warn, "Attack prevented by #{self.class}")
raise AuthenticityError.new(options[:message]) # <<--- fails here
end
I'm currently scratching my head since I'm unsure on what's the problem: a missing conf key, a missing conf on okta, a typo on the okta endpoints, .
..
Note: the project uses rails (4.2.11.3), omniauth (2.0.4), omniauth-oauth2 (1.7.2), omniauth-okta (1.0.0)
Upvotes: 2
Views: 388
Answers (0)
Related Questions
- Omniauth-identity InvalidAuthenticityToken
- OmniAuth - current session not loaded on OpenID callback
- Okta stuck in endless loop if no user account in app
- Using OmniAuth in Rails 5
- Callback denied with OmniAuth
- Omniauth returns a 401 unauthorized
- Omniauth fails with invalid credentials only on iPhone Safari
- Handling OmniAuth::Strategies::OAuth2::CallbackError in OmniAuth
- Omniauth not working with heroku
- Omniauth not working