A lot of people are now using OmniAuth for Oath processing to connect applications to twitter, facebook, linkedin or any number of other SAAS applications. It’s easy and it works well.
I’m using it for some work I’m doing with a client of mine (Practically Green – a great little eco-startup) and ran into an issue with how it created callback url’s — the url where the user is redirected after the Oauth authentication is completed.
The issue was with the way our web listeners are proxied back to the rails application servers. Behind the scenes, the rails application servers have a host name of something that’s not really a valid domain name (say, something like ‘railsserver’).
Omniauth was grabbing this value from the request object and forwarding our users back to an Oauth callback url like ‘http://railsservers/auth/twitter/…’. Obviously, this isn’t what we wanted — the Oauth callbacks were failing.
After digging through the Omniauth code, I ran across the offending piece of code:
uri = URI.parse(request.url.gsub(/\?.*$/,''))
uri.path = ''
uri.query = nil
Basically, if this config paramerter
:full_host isn’t set to either a string or a proc, omniauth pulls the uri from the request object — this is where it was messing up.
Since the Omniauth config object is a singleton, I just set that parameter in config/initializers/omniauth.rb like so:
# Set the default hostname for omniauth to send callbacks to.
OmniAuth.config.full_host = "http://practicallygreen.com"
With this, the full_host param is a string and now the redirects are always created to come back to where we want.