4

I'm using devise_token_auth with a Rails 5 API and a separate React/Redux app using redux-token-auth, attempting to allow users to login via Twitter OAuth (using omniauth-twitter).

I have devise_token_auth mounted at /api/v1 as follows:

1 │ Rails.application.routes.draw do 2 │ namespace :api do 3 │ scope :v1 do 4 │ mount_devise_token_auth_for 'User', at: 'auth', controllers: { omniauth_callbacks: 'omniauth_callbacks' } 5 │ end 6 │ end 7 │ end

Here's what's happening right now:

  1. In React frontend, user clicks link to sign in with Twitter
  2. User gets redirected to /api/v1/auth/twitter (which is handled in the backend Rails app) in the same window
  3. User gets redirected to twitter.com to login and authorize app
  4. User gets redirected to the callback URL, which is /api/v1/auth/twitter/callback, handled by the Rails backend
  5. Oauth is successful, user info gets added to users table
  6. Then nothing happens. A blank page is shown with the URL still showing the backend Rails app URL with path /api/v1/auth/twitter/callback

What I need is for the user to get back to the React frontend app and be authenticated with the token for the new user that was just created.

What am I doing wrong? Am I wrong to initially redirect to the backend API which handles the oauth flow? I've seen some comments in the devise_token_auth issues about doing this in a new window but I don't see any documentation on how to do it besides using the jQuery library jToker (which I don't want to do).

What's the proper way to setup and configure redux-token-auth and devise_token_auth when using omniauth?

Guy
  • 764
  • 1
  • 5
  • 18

1 Answers1

0

I was just dealing with the same thing. You simply need to redirect to the url you want the user to be at after authentication.

So attach a return link to your auth link say like so 

http://www.acme.com/api/v1/auth/twitter?r=http://www.acme.com/dashboard

Then in your callback function you will find the r parameter in the request.env object.

request.env['omniauth.params']['r']

You can then check to make sure r has something and if it does you'd want to save it or pass it on to the failure or success state to which this method ultimately redirects to.

Also remember to pass your encrypted token to the frontend. This may help you work out how to pass the security token back and forth.

UPDATE

I also just tried setting a param as "auth_origin_url" instead of my custom one. 

http://www.acme.com/api/v1/auth/twitter?auth_origin_url=http://www.acme.com/

I imagine this is what you were looking for.

David Geere
  • 404
  • 5
  • 10