Rails 3.0.12, the latest omniauth, I can connect to Google and get the user's email address just fine. But then I launch the same rails application for nginx in SSL mode and it does not work with the Google page:
"The page you requested is invalid."
Is this my nginx configuration? My omniauth installation?
I know that X-Forwarded-Proto: https is a special sauce, is there anything else I need to do to get openid happy behind the SSL web server?
Here's a complete code example: you can clone this repo, bundle install and run rails s to see that it works fine, and run rake server to see that it worked. https://github.com/jjulian/open_id_ssl
nginx.conf:
worker_processes 2; pid tmp/nginx.pid; error_log log/error.log; daemon off; events { } http { client_body_temp_path tmp/body; proxy_temp_path tmp/proxy; fastcgi_temp_path tmp/fastcgi; uwsgi_temp_path tmp/uwsgi; scgi_temp_path tmp/scgi; server { listen 3000 ssl; ssl_certificate development.crt; ssl_certificate_key development.key; ssl_verify_depth 6; access_log log/access.log; proxy_buffering off; location / { proxy_pass http://127.0.0.1:3300; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; proxy_set_header X-Forwarded-Proto https; } } }
omniauth.rb initializer:
require 'openid/store/filesystem' Rails.application.config.middleware.use OmniAuth::Builder do provider :open_id, :identifier => 'https://www.google.com/accounts/o8/id' end
routes.rb:
OpenIdSsl::Application.routes.draw do match '/auth/open_id/callback' => 'accounts#update' match '/auth/failure' => 'accounts#failure' root :to => 'accounts#show' end
UPDATE: This example uses Rails 3.1.12 and OmniAuth 1.0.3. Upgrading to Rails 3.1.4 and OmniAuth 1.1.0 fixes the problem.
source share