Question

当我尝试在本地使用Google oauth2登录时出现此错误。谷歌搜索错误并没有给我任何指示。在Heroku上我没有任何问题

这是我对谷歌的omniauth控制器功能：

  def google_oauth2
      # You need to implement the method below in your model (e.g. app/models/user.rb)
      @user = User.from_omniauth(request.env["omniauth.auth"])

      if @user.persisted? # Check if the user exits
        sign_in_and_redirect @user, event: :authentication
        # flash[:notice] = I18n.t "devise.omniauth_callbacks.success", :kind => "Google"
      else
        session["devise.google_data"] = request.env["omniauth.auth"].except('extra')
        redirect_to new_user_registration_url
      end
  end

这是服务器日志输出：

Started GET "/user/auth/google_oauth2" for 10.0.2.2 at 2015-10-04 17:11:23 -0400
Cannot render console from 10.0.2.2! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255
I, [2015-10-04T17:11:23.278558 #8203]  INFO -- omniauth: (google_oauth2) Request phase initiated.


Started GET "/user/auth/google_oauth2/callback?state=7080deaf5a52603044da3856898c08a89722f57e4dc9e75d&code=4/vWA-kcX2_P8JF6i10VIMRtYO81crG5vyPMRyknGs3q4" for 10.0.2.2 at 2015-10-04 17:11:26 -0400
Cannot render console from 10.0.2.2! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255
I, [2015-10-04T17:11:26.065521 #8203]  INFO -- omniauth: (google_oauth2) Callback phase initiated.

JWT::InvalidIatError - Invalid iat:
  jwt (1.5.1) lib/jwt.rb:170:in `decode'
  omniauth-google-oauth2 (0.2.7) lib/omniauth/strategies/google_oauth2.rb:63:in `block in <class:GoogleOauth2>'
  omniauth (1.2.2) lib/omniauth/strategy.rb:105:in `block in compile_stack'
  omniauth (1.2.2) lib/omniauth/strategy.rb:104:in `compile_stack'
  (eval):7:in `extra_stack'
  omniauth (1.2.2) lib/omniauth/strategy.rb:329:in `extra'
  omniauth (1.2.2) lib/omniauth/strategy.rb:336:in `auth_hash'
  omniauth (1.2.2) lib/omniauth/strategy.rb:361:in `callback_phase'
  omniauth-oauth2 (1.3.1) lib/omniauth/strategies/oauth2.rb:79:in `callback_phase'
  omniauth (1.2.2) lib/omniauth/strategy.rb:227:in `callback_call'
  omniauth (1.2.2) lib/omniauth/strategy.rb:184:in `call!'
  omniauth (1.2.2) lib/omniauth/strategy.rb:164:in `call'
  omniauth (1.2.2) lib/omniauth/strategy.rb:186:in `call!'
  omniauth (1.2.2) lib/omniauth/strategy.rb:164:in `call'
  bullet (4.14.7) lib/bullet/rack.rb:12:in `call'
  meta_request (0.3.4) lib/meta_request/middlewares/app_request_handler.rb:13:in `call'
  meta_request (0.3.4) lib/meta_request/middlewares/meta_request_handler.rb:13:in `call'
  rails-dev-boost (0.3.0) lib/rails_development_boost/async.rb:14:in `call'
  jquery-fileupload-rails (0.4.6) lib/jquery/fileupload/rails/middleware.rb:14:in `_call'
  jquery-fileupload-rails (0.4.6) lib/jquery/fileupload/rails/middleware.rb:10:in `call'
  warden (1.2.3) lib/warden/manager.rb:35:in `block in call'
  warden (1.2.3) lib/warden/manager.rb:34:in `call'
  rack (1.6.4) lib/rack/etag.rb:24:in `call'
  rack (1.6.4) lib/rack/conditionalget.rb:25:in `call'
  rack (1.6.4) lib/rack/head.rb:13:in `call'
  remotipart (1.2.1) lib/remotipart/middleware.rb:27:in `call'
  actionpack (4.2.4) lib/action_dispatch/middleware/params_parser.rb:27:in `call'
  actionpack (4.2.4) lib/action_dispatch/middleware/flash.rb:260:in `call'
  rack (1.6.4) lib/rack/session/abstract/id.rb:225:in `context'
  rack (1.6.4) lib/rack/session/abstract/id.rb:220:in `call'
  actionpack (4.2.4) lib/action_dispatch/middleware/cookies.rb:560:in `call'
  activerecord (4.2.4) lib/active_record/query_cache.rb:36:in `call'
  activerecord (4.2.4) lib/active_record/connection_adapters/abstract/connection_pool.rb:653:in `call'
  activerecord (4.2.4) lib/active_record/migration.rb:377:in `call'
  actionpack (4.2.4) lib/action_dispatch/middleware/callbacks.rb:29:in `block in call'
  activesupport (4.2.4) lib/active_support/callbacks.rb:88:in `__run_callbacks__'
  activesupport (4.2.4) lib/active_support/callbacks.rb:778:in `_run_call_callbacks'
  activesupport (4.2.4) lib/active_support/callbacks.rb:81:in `run_callbacks'
  actionpack (4.2.4) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
  actionpack (4.2.4) lib/action_dispatch/middleware/reloader.rb:73:in `call'
  actionpack (4.2.4) lib/action_dispatch/middleware/remote_ip.rb:78:in `call'
  better_errors (2.1.1) lib/better_errors/middleware.rb:84:in `protected_app_call'
  better_errors (2.1.1) lib/better_errors/middleware.rb:79:in `better_errors_call'
  better_errors (2.1.1) lib/better_errors/middleware.rb:57:in `call'
  rack-contrib (1.4.0) lib/rack/contrib/response_headers.rb:17:in `call'
  meta_request (0.3.4) lib/meta_request/middlewares/headers.rb:16:in `call'
  actionpack (4.2.4) lib/action_dispatch/middleware/debug_exceptions.rb:17:in `call'
  web-console (2.2.1) lib/web_console/middleware.rb:31:in `call'
  actionpack (4.2.4) lib/action_dispatch/middleware/show_exceptions.rb:30:in `call'
  railties (4.2.4) lib/rails/rack/logger.rb:38:in `call_app'
  railties (4.2.4) lib/rails/rack/logger.rb:20:in `block in call'
  activesupport (4.2.4) lib/active_support/tagged_logging.rb:68:in `block in tagged'
  activesupport (4.2.4) lib/active_support/tagged_logging.rb:26:in `tagged'
  activesupport (4.2.4) lib/active_support/tagged_logging.rb:68:in `tagged'
  railties (4.2.4) lib/rails/rack/logger.rb:20:in `call'
  quiet_assets (1.1.0) lib/quiet_assets.rb:27:in `call_with_quiet_assets'
  actionpack (4.2.4) lib/action_dispatch/middleware/request_id.rb:21:in `call'
  rack (1.6.4) lib/rack/methodoverride.rb:22:in `call'
  rack (1.6.4) lib/rack/runtime.rb:18:in `call'
  activesupport (4.2.4) lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
  rack (1.6.4) lib/rack/lock.rb:17:in `call'
  actionpack (4.2.4) lib/action_dispatch/middleware/static.rb:116:in `call'
  rack (1.6.4) lib/rack/sendfile.rb:113:in `call'
  rack-mini-profiler (0.9.7) lib/mini_profiler/profiler.rb:276:in `call'
  railties (4.2.4) lib/rails/engine.rb:518:in `call'
  railties (4.2.4) lib/rails/application.rb:165:in `call'
  rack (1.6.4) lib/rack/content_length.rb:15:in `call'
  puma (2.11.1) lib/puma/server.rb:507:in `handle_request'
  puma (2.11.1) lib/puma/server.rb:375:in `process_client'
  puma (2.11.1) lib/puma/server.rb:262:in `block in run'
  puma (2.11.1) lib/puma/thread_pool.rb:104:in `block in spawn_thread'

Answer 1

最近google_oauth2发布了一种我们可以通过ByPass JWT解码的方法。

使用选项：skip_jwt =＆gt;在您配置OmniAuth的文件中为true 。

use OmniAuth::Builder do
  provider :google_oauth2, ENV["GOOGLE_CLIENT_ID"],ENV["GOOGLE_CLIENT_SECRET"], skip_jwt: true
end

有关详细信息，请查看Fix Steps By Gem Author

Answer 2

skip_jwt: true并不总是最好的方法。在这种情况下，问题似乎在于我的服务器的硬件时钟。在我的情况下它被关闭72秒，如果我记得默认JWT允许60秒。您可以通过执行以下操作来检查并修复它。

sudo ntpdate ntp.ubuntu.com


setup cronjob to check every hour and fix it


sudo nano /etc/cron.hourly/ntpdate


add

#! /bin/sh

ntpdate ntp.ubuntu.com

save file and change permissions


sudo chmod +x /etc/cron.hourly/ntpdate

Answer 3

基于@ imsinu9的回答：

use OmniAuth::Builder do
  provider :google_oauth2, ENV["GOOGLE_CLIENT_ID"], ENV["GOOGLE_CLIENT_SECRET"], skip_jwt: true
end

Answer 4

与其他参数组合（如果有的话）

provider :google_oauth2, ENV['GOOGLE_KEY'],   ENV['GOOGLE_SECRET'], { access_type: 'online', skip_jwt: true }

/ user / auth / google_oauth2 / callback中的JWT :: InvalidIatError无效的iat

4 个答案: