Issues with oauth2 and doorkeeper on callback phase (invalid_request Missing required parameter: client_id) about omniauth HOT 5 CLOSED

@msuliq thanks for the update.
The code from this issue was a proof of concept I was doing and I eventually fixed the issue (although I'm not sure what I've changed 😆)
I also updated the code to use OIDC (https://github.com/doorkeeper-gem/doorkeeper-openid_connect) instead of using a custom strategy (I'm building both RP and IdP). It makes much more sense for my use cases than relying just on oauth and implementing custom identity endpoints like "/api/v1/me.json"

For those who read this, avoid that link in the first post and follow the official documentation. :)

from omniauth.

Try and see if this works w/o the monkey patch, as monkey patching it could break other strategies if you use them.

Devise.setup do |config|
  config.omniauth :doorkeeper, "fake_client_id", "fake_client_secret, scope: 'read', auth_scheme: :request_body
end

from omniauth.

@raivil I am having similar issue when trying to connect Instagram Basic to my app: users cannot authenticate thru it but can connect their Instagram links to their profiles on my app.
Have you tried using curl to pass the requests and see if it works or not? In my case curl was working perfectly, but the app did not and the difficult part was that the issue was somewhere within the gems' source code.
My issue was that the authorization code incoming from the IG server was being processed within oauth2 as authentication method. Apparently OAuth2::Client has auth_scheme variable, which is set to basic_auth by default and should have been request_body in my case.

I ended up monkey patching the OAuth2::Client as follows:

module OAuth2
  class Client
    def initialize(client_id, client_secret, options = {}, &block)
      opts = options.dup
      @id = client_id
      @secret = client_secret
      @site = opts.delete(:site)
      ssl = opts.delete(:ssl)
      @options = {
        authorize_url: 'oauth/authorize',
        token_url: 'oauth/token',
        token_method: :post,
        auth_scheme: :request_body,
        connection_opts: {},
        connection_build: block,
        max_redirects: 5,
        raise_errors: true,
        logger: ::Logger.new($stdout),
        access_token_class: AccessToken,
      }.merge(opts)
      @options[:connection_opts][:ssl] = ssl if ssl
    end
  end
end

And for now it seems to work fine. I hope it will help you and others to save time trying to pinpoint the source of this bug. Cheers!

from omniauth.

@msuliq you shouldn't need to monkey patch that, you should be able to pass that key/value into the options hash

from omniauth.

Thank you @BobbyMcWho for the suggestion, but the config does not help, since the options are being set in the OAuth2. I figured that I can pass the auth_scheme inside the options hash (opts in the OAuth2::Client), which will be then merged with the pre-set @options, so my value in opts should overwrite the default auth_scheme. I have updated my strategy to look like following:

require 'omniauth-oauth2'

module OmniAuth
  module Strategies
    class Instagram < OmniAuth::Strategies::OAuth2
      option :client_options,         site: 'https://api.instagram.com',
                                      authorize_url: 'https://api.instagram.com/oauth/authorize',
                                      token_url: 'https://api.instagram.com/oauth/access_token',
                                      auth_scheme: :request_body
...

And this should a better solution than monkey patch. Thanks for the help and time!

from omniauth.