OmniAuth Single Sign On with Devise, invalid_credentials

Question

I have 3 web apps - A, B and C. App A contains the user database. If accessing App B and App C, I would like the user to be redirected to App A to be authenticated, and th

Answer 1

I've found two issues:

1. Since 0.2.1 version omniauth has changed auth parameter name from access_token to oauth_token while fetching access (POST /oauth/token request).
2. Since 0.3.0 version omniauth has changed method of passing oauth_token in auth request (GET /auth/josh_id/user.json). Prior 0.3.0 token have been passed through request parameter oauth_token, but since 0.3.0 it become passed through HTTP_AUTHORIZATION header.

I don't know how to nicely get token from header (I think it can be fetched by devise), so I ugly hack client for sending oauth_token through GET parameter like this (in lib/josh_id.rb):

def raw_info
  @raw_info ||= access_token.get("/auth/josh_id/user.json?oauth_token=#{access_token.token}").parsed
end

You can find fully workable code in our github repos:

• https://github.com/openteam/sso-devise-omniauth-client
• https://github.com/openteam/sso-devise-omniauth-provider