invalid_credentials: Unknown request

[bkno]

Hi,

I'm having a bit of a nightmare getting this working, probably something fundamental I'm missing on the Rails end.

When I visit /auth/wordpress_hosted it successfully goes to WordPress and logs in, then returns to Rails, but shows this error: Could not authenticate you from WordpressHosted because "Invalid credentials".

There's a more specific error in the logs Unknown request:

Started GET "/users/auth/wordpress_hosted/callback?code=852b0819f536d44d4c6daa19a648c0c9d42fbae4&state=b79bf1b2824dd58c983263cc9e2e4bd71156b9d6e174a964"

INFO -- omniauth: (wordpress_hosted) Callback phase initiated.

ERROR -- omniauth: (wordpress_hosted) Authentication failure! invalid_credentials: OAuth2::Error, invalid_request: Unknown request

{"error":"invalid_request","error_description":"Unknown request"}

Gems:
devise 3.5.1
omniauth-wordpress_hosted 0.0.2 from git://github.com/jwickard/omniauth-wordpress-oauth2-plugin.git
oauth2 1.0.0
omniauth 1.2.2
omniauth-oauth2 1.3.1

WP:
WordPress 4.2.2
WordPress OAuth Server 3.1.3

Host:
I've tried WordPress on both Tsohost and Pantheon.

devise.rb:

  config.omniauth :wordpress_hosted, ENV['OAUTH_ID'], ENV['OAUTH_SECRET'],
                  strategy_class: OmniAuth::Strategies::WordpressHosted, 
                  client_options: { site: 'http://my-site.com' }

Have also tried putting the keys directly in here as strings.

omniauth_callbacks_controller.rb:

class OmniauthCallbacksController < Devise::OmniauthCallbacksController
  def wordpress_hosted
    @user = User.find_for_wordpress_hosted(request.env["omniauth.auth"], current_user)
    if @user.persisted?
      flash[:notice] = I18n.t "devise.omniauth_callbacks.success", :kind => "Wordpress Hosted"
      sign_in_and_redirect @user, :event => :authentication #this will throw if @user is not activated
    else
      session["devise.wordpress_hosted_data"] = request.env["omniauth.auth"]
      redirect_to new_user_registration_url
    end
  end
end

user.rb:

:omniauth_providers => [:wordpress_hosted]

..
I tried putting debug lines in and this block doesn't get executed:

 def self.find_for_wordpress_hosted(oauth, signed_in_user=nil)
    if signed_in_user
      return signed_in_user
    else
      user = User.find_by_uid(oauth['uid'])
      if user.nil?
        user = User.create!(email: oauth['info']['email'], uid: oauth['uid'], firstname: 'test', lastname: 'test')
      end
      user
    end
  end

routes.rb:

devise_for :users, controllers: { omniauth_callbacks: 'omniauth_callbacks' }

The doc says wordpress_oauth2 a few times, I ran into some prior problems with this (passthru error) but changing it to wordpress_hosted got me to the point where everything runs and I get the Unknown request error.

[SleepyDeveloper]

My devise.rb looks like this:

config.omniauth :wordpress_oauth2,
    ENV['OAUTH_ID'], ENV['OAUTH_SECRET'],
    strategy_class: OmniAuth::Strategies::WordpressHosted,
    client_options: {
        site: 'http://my-site.com',
        token_url: "/oauth/token",
        access_url: "/oauth/me/"
   }

I remember it took a fair bit of wrestling with it to get it working for me.

[atzorvas]

@SleepyDeveloper
The requested URL /oauth/authorize was not found on this server.
what about this one on wordpress? should I configure something else there?

UPDATE 1

well I needed to enable permalinks,
now I have this error:

{"error":"redirect_uri_mismatch","error_description":"The redirect URI provided is missing or does not match","error_uri":"http:\/\/tools.ietf.org\/html\/rfc6749#section-3.1.2"}

with this url

http://mywp/oauth/authorize/?client_id=CLIENT_ID&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fusers%2Fauth%2Fwordpress_hosted%2Fcallback&response_type=code&state=5d837f2bd47b607bb573375712bf6c2cd465f33f383c402f

UPDATE 2

ok now I'm in the same boat as the OP,
@bkno did you solve this uknown request?

[bkno]

Upon debugging I found that this strategy is for the previous major version of the WP plugin and the endpoints changed. I forked this gem and got it working: https://github.com/bkno/omniauth-wordpress-oauth2-plugin

Didn't get a chance to fully test but if it works for you I'll do a pull request.

Here's my devise.rb initializer:
config.omniauth :wordpress_hosted, ENV['OAUTH_ID'], ENV['OAUTH_SECRET'], strategy_class: OmniAuth::Strategies::WordpressHosted, client_options: { site: 'YOUR_WP_DOMAIN' }

[atzorvas]

I'll check this out asap and report back

[atzorvas]

@bkno still not working,
repo code

Started GET "/users/auth/wordpress_hosted/callback?code=do07naylh4yn0pdg9tazfhcek5kb9ioeezxrzsv3&state=97c44a15102e1a76bef63f74c4ad13b360c16c75b68586e2" for ::1 at 2015-08-26 02:08:39 +0300
I, [2015-08-26T02:08:39.969732 #24592]  INFO -- omniauth: (wordpress_hosted) Callback phase initiated.
da6lexeatkejikgmakw4j7dtbmbgeffqisnbfqh1
E, [2015-08-26T02:08:40.459446 #24592] ERROR -- omniauth: (wordpress_hosted) Authentication failure! invalid_credentials: OAuth2::Error, invalid_request: Missing or invalid parameter(s)
{"error":"invalid_request","error_description":"Missing or invalid parameter(s)"}
Processing by Users::OmniauthCallbacksController#failure as HTML
  Parameters: {"code"=>"do07naylh4yn0pdg9tazfhcek5kb9ioeezxrzsv3", "state"=>"97c44a15102e1a76bef63f74c4ad13b360c16c75b68586e2"}
Redirected to http://localhost:3000/users/sign_in
Completed 302 Found in 1ms (ActiveRecord: 0.0ms)

note that I don't have a license key & everything except Authorization Code: are disabled

Update

I was authorized with chrome's rest-api-client plugin, so no problem server-side

[atzorvas]

@bkno interesting enough, I receive a valid access token, which I can see it with your puts access_token.token

[atzorvas]

@bkno solved for me, https://github.com/bkno/omniauth-wordpress-oauth2-plugin/compare/master...atzorvas:master

it works on localhost but not on heroku (even though I'm changing callback url in wp auth server plugin)

[bkno]

I only got as far as testing locally but should be the same on Heroku. If you have your ENV['OAUTH_ID'] and ENV['OAUTH_SECRET'] populated on Heroku I'm not sure what else to suggest.

[atzorvas]

something is wrong with heroku. I hate heroku -.-
Just deployed to digitalocean and it worked perfectly without any modification -.-

[txssseal]

@bkno this was crazy trying to get this to work...

[txssseal]

thanks @bkno and @atzorvas

[jsgv]

I am having similar issue.
After changing some sections from wordpress_oauth2 to wordpress_hosted I got closer to solving it.
Now Im getting error:

Started GET "/users/auth/wordpress_hosted/callback?state=4b39572910a8fa1bef11fb7dcccdda55a4d23579b2e76478&code=f801ec4ad0144e2328800a618b15e563fa12b72d" for ::1 at 2015-09-15 19:42:48 -0700  
I, [2015-09-15T19:42:48.538120 #5293]  INFO -- omniauth: (wordpress_hosted) Callback phase initiated.  
E, [2015-09-15T19:42:48.685870 #5293] ERROR -- omniauth: (wordpress_hosted) Authentication failure! invalid_credentials: OAuth2::Error, Paramter method: The method parameter is required and seems to be missing  
{"error":"Paramter method","error_description":"The method parameter is required and seems to be missing"}  
Processing by Users::OmniauthCallbacksController#failure as HTML  
  Parameters: {"state"=>"4b39572910a8fa1bef11fb7dcccdda55a4d23579b2e76478", "code"=>"f801ec4ad0144e2328800a618b15e563fa12b72d"}  
Redirected to http://localhost:3000/users/sign_in  
Completed 302 Found in 1ms (ActiveRecord: 0.0ms)  

[txssseal]

@jesusjjf what wp version are you using. And are you using the most recent wordpress_hosted?

[jsgv]

I am using the latest version of both.
wordpress version 4.3.1
wordpress_hosted 0.0.5

I am running local instances of both. I am redirected to the login page for the plugin. After login I am just redirected back to http://localhost:3000/users/sign_in with a failed console response.

[tgeisler]

@jesusjjf I am having the same issue and was wondering if you were able to resolve the issue?