CODEWITHSUNDEEP
ruby-on-rails-3twitteromniauth
wastedhours
wastedhours

Reputation: 257

Omniauth not updating OAuth token secret on log in

I'm using Omniauth to authenticate users with Twitter and Facebook, going by the "standard" tutorial on the topic (Ryan Bates' screencast, although I'm using Authlogic, not Devise).

I can log in using Twitter, but can't handle authenticated requests back because my Twitter access token secret has been changed on Twitter's end, but is not being updated on my application's end. I've tried deleting the authentication, but it just saves the old one for some reason.

authentications_controller.rb

def create
  omniauth = request.env['omniauth.auth']
  authentication = Authentication.find_by_provider_and_uid(omniauth['provider'], omniauth['uid'])

  if authentication
    # User is already registered with application
    flash[:notice] = 'Signed in successfully.'
    sign_in_and_redirect(authentication.user)
  elsif current_user
    # User is signed in but has not already authenticated with this social network
    current_user.authentications.create!(:provider => omniauth['provider'], :uid => omniauth['uid'], :token => (omniauth['credentials']['token'] rescue nil), :secret => (omniauth['credentials']['secret'] rescue nil))
    current_user.apply_omniauth(omniauth)
    current_user.save

    flash[:notice] = 'Authentication successful.'
    redirect_to root_url
  else
    # User is new to this application
    @user = User.new
    @user.apply_omniauth(omniauth)

    if @user.save
      flash[:notice] = 'User created and signed in successfully.'
      sign_in_and_redirect(@user)
    else
      session[:omniauth] = omniauth.except('extra')
      redirect_to new_user_path
    end
  end
end

user.rb

def apply_omniauth(omniauth)
  self.email = "[email protected]"
  self.login = omniauth['user_info']['nickname'] if login.blank?
  authentications.build(:provider => omniauth['provider'], :uid => omniauth['uid'], :token => omniauth['credentials']['token'], :secret => omniauth['credentials']['secret'])
end

Any ideas? Rails 3.0.6 and Ruby 1.8.7

Upvotes: 4

Views: 1520

Answers (1)

michaelh
michaelh

Reputation: 444

Steve, you can try the following:

if authentication
 # Make sure we have the latest authentication token for user
 if omniauth['credentials']['token'] && omniauth['credentials']['token'] != authentication.token
   # puts "Found Invalid token"
   authentication.update_attribute(:token, omniauth['credentials']['token'])
 end
 flash[:notice] = "Signed in successfully"
 sign_in_and_redirect(:user, authentication.user)
elsif ...

This should basically update the user's access token every time an already registered user tries to login and when a token mismatch occurs.

Upvotes: 2

Related Questions