Twitter integration to rails giving Unauthorized (401 Unauthorized) in ubuntu


#1

Hi,

I am trying to integrate the twitter to rails application and not able to reach twitter login page.
when I say http://My IP:3000/auth/twitter, it gives me below error.

Started GET “/auth/twitter” for 76.173.159.170 at 2012-10-29 17:56:38 +0400
17:56:39 FATAL:
OAuth::Unauthorized (401 Unauthorized):
oauth (0.4.7) lib/oauth/consumer.rb:216:in token_request' oauth (0.4.7) lib/oauth/consumer.rb:136:inget_request_token’
omniauth-oauth (1.0.1) lib/omniauth/strategies/oauth.rb:29:in request_phase' omniauth-twitter (0.0.13) lib/omniauth/strategies/twitter.rb:63:inrequest_phase’


#2

What have you tried so far to debug? Are you familiar with OAuth going into this and the kinds of reasons OAuth fails? Check out [node:204] for some tips.


#3

Hi Taylor,

I am getting same error. Followings are my app details:

Callback URL: http://127.0.0.1:3000/auth/twitter/callback
Website : http://127.0.0.1:3000

When I click http://localhost:3000/auth/twitter, It gives me " OAuth::Unauthorized

401 Unauthorized" error.

omniauth.rb:

Rails.application.config.middleware.use OmniAuth::Builder do

provider :developer unless Rails.env.production?

provider :twitter, ENV[‘XXXX’], ENV[‘XXXXXX’]
end

routes.rb:

Chilli::Application.routes.draw do
resources :posts
root :to => ‘posts#index’
#match ‘/auth/:twitter/callback’ => ‘sessions#create’, :as => :auth_callback
match ‘auth/twitter/callback’, to: ‘sessions#create’

application.html.rb:

Chilli <%= stylesheet_link_tag "application", :media => "all" %> <%= javascript_include_tag "application" %> <%= csrf_meta_tags %>
<%= link_to "Sign in with Twitter", "/auth/twitter"%>
<%= yield %>

sessions_controller.rb

class SessionsController < ApplicationController
def create
user = User.from_omniauth(env[‘omniauth.auth’])
session[:user_id] = user.id
redirect_to root_url, notice: "Signed in."
end
end

Debugging info for my application is below:

OAuth::Unauthorized (401 Unauthorized):
oauth (0.4.7) lib/oauth/consumer.rb:216:in token_request' oauth (0.4.7) lib/oauth/consumer.rb:136:inget_request_token’
omniauth-oauth (1.0.1) lib/omniauth/strategies/oauth.rb:29:in request_phase' omniauth-twitter (0.0.14) lib/omniauth/strategies/twitter.rb:63:inrequest_phase’
omniauth (1.1.3) lib/omniauth/strategy.rb:207:in request_call' omniauth (1.1.3) lib/omniauth/strategy.rb:174:incall!‘
omniauth (1.1.3) lib/omniauth/strategy.rb:157:in call' omniauth (1.1.3) lib/omniauth/builder.rb:48:incall’
actionpack (3.2.11) lib/action_dispatch/middleware/best_standards_support.rb:17:in call' rack (1.4.5) lib/rack/etag.rb:23:incall’
rack (1.4.5) lib/rack/conditionalget.rb:25:in call' actionpack (3.2.11) lib/action_dispatch/middleware/head.rb:14:incall’
actionpack (3.2.11) lib/action_dispatch/middleware/params_parser.rb:21:in call' actionpack (3.2.11) lib/action_dispatch/middleware/flash.rb:242:incall’
rack (1.4.5) lib/rack/session/abstract/id.rb:210:in context' rack (1.4.5) lib/rack/session/abstract/id.rb:205:incall’
actionpack (3.2.11) lib/action_dispatch/middleware/cookies.rb:341:in call' activerecord (3.2.11) lib/active_record/query_cache.rb:64:incall’
activerecord (3.2.11) lib/active_record/connection_adapters/abstract/connection_pool.rb:479:
actionpack (3.2.11) lib/action_dispatch/middleware/callbacks.rb:28:in block in call' activesupport (3.2.11) lib/active_support/callbacks.rb:405:in_run__175654199__call__289795
activesupport (3.2.11) lib/active_support/callbacks.rb:405:in __run_callback' activesupport (3.2.11) lib/active_support/callbacks.rb:385:in_run_call_callbacks’
activesupport (3.2.11) lib/active_support/callbacks.rb:81:in run_callbacks' actionpack (3.2.11) lib/action_dispatch/middleware/callbacks.rb:27:incall’
actionpack (3.2.11) lib/action_dispatch/middleware/reloader.rb:65:in call' actionpack (3.2.11) lib/action_dispatch/middleware/remote_ip.rb:31:incall’
actionpack (3.2.11) lib/action_dispatch/middleware/debug_exceptions.rb:16:in call' actionpack (3.2.11) lib/action_dispatch/middleware/show_exceptions.rb:56:incall’
railties (3.2.11) lib/rails/rack/logger.rb:32:in call_app' railties (3.2.11) lib/rails/rack/logger.rb:16:inblock in call’
activesupport (3.2.11) lib/active_support/tagged_logging.rb:22:in tagged' railties (3.2.11) lib/rails/rack/logger.rb:16:incall’
actionpack (3.2.11) lib/action_dispatch/middleware/request_id.rb:22:in call' rack (1.4.5) lib/rack/methodoverride.rb:21:incall’
rack (1.4.5) lib/rack/runtime.rb:17:in call' activesupport (3.2.11) lib/active_support/cache/strategy/local_cache.rb:72:incall’
rack (1.4.5) lib/rack/lock.rb:15:in call' actionpack (3.2.11) lib/action_dispatch/middleware/static.rb:62:incall’
railties (3.2.11) lib/rails/engine.rb:479:in call' railties (3.2.11) lib/rails/application.rb:223:incall’
rack (1.4.5) lib/rack/content_length.rb:14:in call' railties (3.2.11) lib/rails/rack/log_tailer.rb:17:incall’
rack (1.4.5) lib/rack/handler/webrick.rb:59:in service' C:/RailsInstaller/Ruby1.9.3/lib/ruby/1.9.1/webrick/httpserver.rb:138:inservice’
C:/RailsInstaller/Ruby1.9.3/lib/ruby/1.9.1/webrick/httpserver.rb:94:in run' C:/RailsInstaller/Ruby1.9.3/lib/ruby/1.9.1/webrick/server.rb:191:inblock in start_thread’


#4

I had the same problem. Yours was 31 weeks ago, so hopefully you have the solution by now, but for anyone else out there… Here is the solution:

In your omniauth.rb initializer file you have the following code:

Rails.application.config.middleware.use OmniAuth::Builder do

provider :developer unless Rails.env.production?

provider :twitter, ENV[‘XXXX’], ENV[‘XXXXXX’]
end

You need to change this line:

provider :twitter, ENV[‘XXXX’], ENV[‘XXXXXX’]

To this:

provider :twitter, ‘XXXX’, ‘XXXXXX’

Get rid of ENV and simply put your consumer token and secret .


#5

I was having the same issue. Using rails 4.1 and the secrets.yml file and ENV I was getting the 401 error. Putting token and secret directly into the initializer, but isn’t this a security risk?

Was this resolved?


#6

IMHO the safest way of doing this is setting these ENVs in your shell before starting your rails server something like below

$ TWITTER_CONSUMER_KEY=XXXXXXXX TWITTER_CONSUMER_SECRET=XXXX rails server


#7

Placing your TWITTER_KEY and your TWITTER_SECRET inside of the initializer is most definitely a security risk. The reason that ENV[TWITTER_KEY] wasn’t working is most likely because you did not include gem ‘dotenv’ in your GemFile. If you were storing the keys safely in your .env file without this gem the app isn’t able to read it. Once you include it and bundle install, you should be fine.