Rails Devise + omniauth-stripe-connect "Authorization code does not belong to you"

Question

I'm using Rails with Devise and the omniauth-stripe-connect gem.

Devise.rb

config.omniauth :stripe_connect,
                  ENV['STRIPE_CONNECT_CLIENT_ID'],
                  ENV['STRIPE_SECRET_KEY'],
                  :scope => 'read_write',
                  :stripe_landing => 'register'

Omniauth Callbacks Controller

class OmniauthCallbacksController < Devise::OmniauthCallbacksController

  def stripe_connect
    @user = current_user
    if @user.update_attributes({
       provider: request.env["omniauth.auth"].provider,
       uid: request.env["omniauth.auth"].uid,
       access_code: request.env["omniauth.auth"].credentials.token,
       publishable_key: request.env["omniauth.auth"].info.stripe_publishable_key
                               })
      # anything else you need to do in response..
      sign_in_and_redirect @user, :event => :authentication
      set_flash_message(:notice, :success, :kind => "Stripe") if is_navigational_format?
    else
      session["devise.stripe_connect_data"] = request.env["omniauth.auth"]
      redirect_to new_user_registration_url
    end
  end
end

In development this works fine and adds the information i need to the user for stripe connect, but in production i'm getting this error.

{
2017-11-07T02:05:05.255495+00:00 app[web.1]:   "error": "invalid_grant",
2017-11-07T02:05:05.255496+00:00 app[web.1]:   "error_description": "Authorization code provided does not belong to you"

I set up the live stripe api keys in production. I'm thinking maybe it has something to do with devise, but i'm really not sure.

Answer 1

In our case, we were inadvertently using a client ID with a secret key from a different account that was causing a similar error.