8

Error Message: "No route matches [GET] "/auth/google_oauth2"

View page link: <%= link_to "Log In with Google", "/auth/google_oauth2" %>

Relevant gems:

gem 'omniauth'
gem 'dotenv-rails'
gem 'omniauth-google-oauth2'

Initializer file:

Rails.application.config.middleware.use OmniAuth::Builder do
    provider :google_oauth2, ENV["GOOGLE_CLIENT_ID"],ENV["GOOGLE_CLIENT_SECRET"], skip_jwt: true
end

I'm using this as my guide: Medium Guide

I've gone through the process of setting up the app twice now on Developer Tools to get the Client ID and Secret in case that was the issue and both times I was getting the same error. I am new to coding so I'm sure this is something very silly and obvious, but I just can't seem to find it. Thank you for the help!

EDIT: I also have in my routes file: get '/auth/:provider/callback' => 'sessions#omniauth'

Rails Routes:

                               Prefix Verb   URI Pattern                                                                              Controller#Action
                                 root GET    /                                                                                        sessions#home
                                      GET    /auth/:provider/callback(.:format)                                                       sessions#omniauth
                               signup GET    /signup(.:format)                                                                        users#new
                                      POST   /signup(.:format)                                                                        users#create
                                login GET    /login(.:format)                                                                         sessions#new
                                      POST   /login(.:format)                                                                         sessions#create
                               logout DELETE /logout(.:format)                                                                        sessions#destroy
                          user_groups GET    /users/:user_id/groups(.:format)                                                         groups#index
                                      POST   /users/:user_id/groups(.:format)                                                         groups#create
                       new_user_group GET    /users/:user_id/groups/new(.:format)                                                     groups#new
                                users GET    /users(.:format)                                                                         users#index
                                      POST   /users(.:format)                                                                         users#create
                             new_user GET    /users/new(.:format)                                                                     users#new
                            edit_user GET    /users/:id/edit(.:format)                                                                users#edit
                                 user GET    /users/:id(.:format)                                                                     users#show
                                      PATCH  /users/:id(.:format)                                                                     users#update
                                      PUT    /users/:id(.:format)                                                                     users#update
                                      DELETE /users/:id(.:format)                                                                     users#destroy
                                      GET    /users(.:format)                                                                         users#index
                                      POST   /users(.:format)                                                                         users#create
                                      GET    /users/new(.:format)                                                                     users#new
                                      GET    /users/:id(.:format)                                                                     users#show
                           edit_group GET    /groups/:id/edit(.:format)                                                               groups#edit
                                group GET    /groups/:id(.:format)                                                                    groups#show
                                      DELETE /groups/:id(.:format)                                                                    groups#destroy
                           categories GET    /categories(.:format)                                                                    categories#index
                             category GET    /categories/:id(.:format)                                                                categories#show
                                cards GET    /cards(.:format)                                                                         cards#index
                                      POST   /cards(.:format)                                                                         cards#create
                             new_card GET    /cards/new(.:format)                                                                     cards#new
                            edit_card GET    /cards/:id/edit(.:format)                                                                cards#edit
                                 card GET    /cards/:id(.:format)                                                                     cards#show
                                      PATCH  /cards/:id(.:format)                                                                     cards#update
                                      PUT    /cards/:id(.:format)                                                                     cards#update
                                      DELETE /cards/:id(.:format)                                                                     cards#destroy
        rails_postmark_inbound_emails POST   /rails/action_mailbox/postmark/inbound_emails(.:format)                                  action_mailbox/ingresses/postmark/inbound_emails#create
           rails_relay_inbound_emails POST   /rails/action_mailbox/relay/inbound_emails(.:format)                                     action_mailbox/ingresses/relay/inbound_emails#create
        rails_sendgrid_inbound_emails POST   /rails/action_mailbox/sendgrid/inbound_emails(.:format)                                  action_mailbox/ingresses/sendgrid/inbound_emails#create
  rails_mandrill_inbound_health_check GET    /rails/action_mailbox/mandrill/inbound_emails(.:format)                                  action_mailbox/ingresses/mandrill/inbound_emails#health_check
        rails_mandrill_inbound_emails POST   /rails/action_mailbox/mandrill/inbound_emails(.:format)                                  action_mailbox/ingresses/mandrill/inbound_emails#create
         rails_mailgun_inbound_emails POST   /rails/action_mailbox/mailgun/inbound_emails/mime(.:format)                              action_mailbox/ingresses/mailgun/inbound_emails#create
       rails_conductor_inbound_emails GET    /rails/conductor/action_mailbox/inbound_emails(.:format)                                 rails/conductor/action_mailbox/inbound_emails#index
                                      POST   /rails/conductor/action_mailbox/inbound_emails(.:format)                                 rails/conductor/action_mailbox/inbound_emails#create
    new_rails_conductor_inbound_email GET    /rails/conductor/action_mailbox/inbound_emails/new(.:format)                             rails/conductor/action_mailbox/inbound_emails#new
   edit_rails_conductor_inbound_email GET    /rails/conductor/action_mailbox/inbound_emails/:id/edit(.:format)                        rails/conductor/action_mailbox/inbound_emails#edit
        rails_conductor_inbound_email GET    /rails/conductor/action_mailbox/inbound_emails/:id(.:format)                             rails/conductor/action_mailbox/inbound_emails#show
                                      PATCH  /rails/conductor/action_mailbox/inbound_emails/:id(.:format)                             rails/conductor/action_mailbox/inbound_emails#update
                                      PUT    /rails/conductor/action_mailbox/inbound_emails/:id(.:format)                             rails/conductor/action_mailbox/inbound_emails#update
                                      DELETE /rails/conductor/action_mailbox/inbound_emails/:id(.:format)                             rails/conductor/action_mailbox/inbound_emails#destroy
rails_conductor_inbound_email_reroute POST   /rails/conductor/action_mailbox/:inbound_email_id/reroute(.:format)                      rails/conductor/action_mailbox/reroutes#create
                   rails_service_blob GET    /rails/active_storage/blobs/:signed_id/*filename(.:format)                               active_storage/blobs#show
            rails_blob_representation GET    /rails/active_storage/representations/:signed_blob_id/:variation_key/*filename(.:format) active_storage/representations#show
                   rails_disk_service GET    /rails/active_storage/disk/:encoded_key/*filename(.:format)                              active_storage/disk#show
            update_rails_disk_service PUT    /rails/active_storage/disk/:encoded_token(.:format)                                      active_storage/disk#update
                 rails_direct_uploads POST   /rails/active_storage/direct_uploads(.:format)                                           active_storage/direct_uploads#create
BeccaN
  • 121
  • 1
  • 6
  • Did you add `get '/auth/:provider/callback' => 'sessions#omniauth'` to `config/routes.rb`? The `routes.rb` file determines what happens when someone accesses a path in your app (in this case `/auth/google_oauth2`). The error is telling you that Rails can't find anything in the list of routes that tells it what to do. – rmlockerd Jan 18 '21 at 23:55
  • Thank you for responding, yes I do have that in my routes, and its the same error. I just tried setting this up using login with GitHub, and I'm actually getting the same kind of no route matches error... Is there something else that could be doing this? My version of omniauth? Adding the route info to post. – BeccaN Jan 19 '21 at 00:03
  • Could you run `rails routes` and add the result to your question? – rmlockerd Jan 19 '21 at 00:50
  • Added in the rails routes results to my post. – BeccaN Jan 19 '21 at 00:59
  • Also, important to note I think, I just went through the process of setting up omniauth with github, and its the same 'no route matches get' error... – BeccaN Jan 19 '21 at 01:19

4 Answers4

18

Depending on the OmniAuth version (2.0.0):

OmniAuth now defaults to only POST as the allowed request_phase method

Add:

# Gemfile
gem 'omniauth-rails_csrf_protection', '~> 0.1'

Change Links to POST requests:

link_to "Log In with Google", "/auth/google_oauth2", method: :post
# or
button_to "Log In with Google", "/auth/google_oauth2"

If you still need GET requests, add knowing there is a security concern:

# config/initializers/omniauth.rb or similar
OmniAuth.config.allowed_request_methods = [:post, :get]

For omniauth < 2.0.0

Consider CVE remediation described here.

Dorian
  • 7,749
  • 4
  • 38
  • 57
Sarah Marie
  • 369
  • 2
  • 7
  • 2
    Yep, I was able to reproduce the original problem and resolve it by converting to POST. But note that with OmniAuth > 2.0.0 you have to also install the `omniauth-rails_csrf_protection` gem, and the version mentioned in the linked CVE (`~> 0.1`) does not fully work with the latest OmniAuth version. You get an `OmniAuth::AuthentictyError` using that version. Instead, use ` 'omniauth-rails_csrf_protection', '~> 1.0'` instead. – rmlockerd Jan 19 '21 at 08:02
  • Updated post to make a bit more clear based off omniauth versions. – Sarah Marie Jan 19 '21 at 21:39
  • 2
    @SarahMarie It seems that according to omniauth docs, even with omniauth >= 2.0, the use of `omniauth-rails_csrf_protection` is still required in order to protect against CSRF. https://github.com/omniauth/omniauth/wiki/Upgrading-to-2.0#rails I think the new omniauth version changes the default configuration so that the GET routes isn't created. But the actual handling of CSRF is still done in `omniauth-rails_csrf_protection` – Simon Mar 01 '21 at 14:36
  • How do I know I whether I “still need `GET` requests”? I have a separate Nuxt.js frontend and Rails API, and my login flow involves opening a popup (`window.open`) with a URL leading to a Rails route to Omniauth endpoint `/auth/google_oauth2`. I don't see a way to use `POST` in this context. Is there one? Or is it the situation where I need `GET`? – Froschgesicht Apr 18 '21 at 12:36
  • 1
    I also found that I needed `omniauth-rails_csrf_protection` to get it to work with omniauth >= 2.0. If you could update your answer, I'm sure it would help save people some time. – Rikki Aug 12 '21 at 23:08
3

OmniAuth now defaults to only POST as allowed request_phase methods.

You need to update all the get requests to post requests.

In your view file you can replace anchor tag with a form and submit button

<a href='/auth/developer'>Login with Developer</a>

above code can be replaced with the following:-

<%= form_tag('/auth/developer', method: 'post') do %>
  <button type='submit'>Login with Developer</button>
<% end %>

In case you don't want to use the post method you can add the below code:

config/initializers/omniauth.rb

OmniAuth.config.allowed_request_methods = [:post, :get]
OmniAuth.config.silence_get_warning = true

Check out here for more information.

Kishan Ku. Patel
  • 311
  • 1
  • 2
  • 10
1

I was experiencing this exact error, except that it was working fine on my main layouts but not working on the landing page layouts (I have 2 different layouts)

the signin link

<%= link_to '/auth/google_oauth2', method: :post, :class => "btn-get-started font-weight-semibold" do %>
  <span class="text-pink-400">
    <i class="icon-cart2 mr-2"></i> Order
  </span>
<% end %>

The link method is clearly a :post but the error reported a missing get route

Fixed this by ensuring that the landing page layout has all the required javascripts

<%= javascript_pack_tag 'application' %>
Rubyist
  • 6,486
  • 10
  • 51
  • 86
kev
  • 1,148
  • 2
  • 14
  • 29
0

I was getting this error after upgrading from Rails 6 to Rails 6. My old link:

 <%= link_to "log in",  '/auth/xxx/', method: :post %>

did not generate POST requests anymore. This is because Rails-ujs is no longer used by default in Rails 7.

See Rails API: Deprecated: Rails UJS Attributes and Rails Guide for Rails 7: Working with JavaScript.

The new way of setting the method is with data { "turbo-method" ... }

 <%= link_to "log in",  '/auth/xxx/', data: { "turbo-method": :post } %>

But in my case this did not work either, because this is sent with JavaScript by default, which messed up my oauth2 flow. I ended up using button_to instead. button_to uses post by default, which is what I needed, and I could disable turbo and turn the HTTP request into a normal request and avoid problems with CORS and oauth:

  <%= button_to "log in",  '/auth/fhs/',  data: { "turbo": false } %>
bjelli
  • 9,752
  • 4
  • 35
  • 50