Authentication failure : Devise + OmniAuth + Twitter

Question

I am getting (twitter) Authentication failure! invalid_credentials: OAuth::Unauthorized, 401 Unauthorized error after successfully loin to twitter and page is redirected to sign in page

Here is the application configuration

routes.rb

devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }

devise.rb

config.omniauth :twitter, "KEY", "SECRET"

omniauth_callbacks_controller.rb

class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController  
  def twitter
    auth = env["omniauth.auth"]
    Rails.logger.info("auth is **************** #{auth.to_yaml}")
    @user = user = User.find_by_provider_and_uid(auth["provider"], auth["uid"]) || User.new
    if @user.persisted?
      flash[:notice] = I18n.t "devise.omniauth_callbacks.success"
      sign_in_and_redirect @user, :event => :authentication
    else
      session["devise.twitter_uid"] = auth["uid"]
      redirect_to new_user_registration_url
    end
  end
end

user.rb

class User < ActiveRecord::Base
  # Include default devise modules. Others available are:
  # :token_authenticatable, :confirmable,
  # :lockable, :timeoutable and :omniauthable
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable, :omniauthable

  # Setup accessible (or protected) attributes for your model
  attr_accessible :email, :password, :password_confirmation, :remember_me, :provider, :uid
  # attr_accessible :title, :body
end

index.html.erb

<h3>Home</h3>

<%if user_signed_in? %>
  <div><%="Welcome #{current_user.email}"%></div>

<div><%=link_to "Logout", destroy_user_session_path, method: :delete%></div>

<%else%>
<div><%=link_to "Sign in twitter", user_omniauth_authorize_path(:twitter)%></div>
<%end%>

Console log

Started GET "/users/auth/twitter" for 127.0.0.1 at 2012-07-09 18:58:16 +0530
(twitter) Callback phase initiated.
(twitter) Callback phase initiated.
(twitter) Authentication failure! invalid_credentials: OAuth::Unauthorized, 401 Unauthorized

Started GET "/users/auth/twitter/callback?oauth_token=rLCEqgAWPtoIzce475sacKwoqU5baEdz0JnmldXE&oauth_verifier=xYPoz2LZGHQlmz4akoVGkarPtZTebCOmeWzPUqLcPA" for 127.0.0.1 at 2012-07-09 18:58:48 +0530
Processing by Users::OmniauthCallbacksController#failure as HTML
  Parameters: {"oauth_token"=>"rLCEqgAWPtoIzce475sacKwoqU5baEdz0JnmldXE", "oauth_verifier"=>"xYPoz2LZGHQlmz4akoVGkarPtZTebCOmeWzPUqLcPA"}
Redirected to http://localhost:3000/users/sign_in

Callback URL in dev.twitter.com Earlier it was http://127.0.0.1:3000. From Devise, Omniauth and Twitter I changed it to http://127.0.0.1:3000/auth/twitter/callback but still getting error

Would anyone please help here to rectify the issue?

Thanks, Amit Patel

Answer 1

I found the issue. I have configured providers in both devise.rb and omniauth.rb. I simply removed omniauth.rb and it started working.

Answer 2

Try putting your twitter KEY code in an omniauth.rb file in your initilizers folder. Like this:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :twitter, 'KEY', 'SECRET'
end

per: https://github.com/intridea/omniauth The authentication with twitter, after all, comes through omniauth, not devise.

Good Luck! @thatdankent