Not found. Authentication passthru.

[hallmatt]

I'm attempting to use the omniauth-wordpress_hosted gem to sign into a WordPress site, but I keep getting an error:

"Not found. Authentication passthru."

Here's my gemfile:

gem 'devise'
gem 'omniauth'
gem 'omniauth-wordpress_hosted', github: 'jwickard/omniauth-wordpress-oauth2-plugin'

Here's my Omniauth Callbacks Controller:

class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
def wordpress_oauth2
#You need to implement the method below in your model (e.g. app/models/user.rb)
@user = User.find_for_wordpress_oauth2(request.env["omniauth.auth"], current_user)

if @user.persisted?
  flash[:notice] = I18n.t "devise.omniauth_callbacks.success", :kind => "Wordpress Oauth2"
  sign_in_and_redirect @user, :event => :authentication #this will throw if @user is not activated
else
  session["devise.wordpress_oauth2_data"] = request.env["omniauth.auth"]
  redirect_to new_user_registration_url
end

end
end

Here's my devise.rb:

config.omniauth :wordpress_oauth2,
"63A25y8nPbM113iAfyoZQBnH2bR2Ve", "x2h74mGdJwowyqzR0OpoOfZbW1mN4i",
strategy_class: OmniAuth::Strategies::WordpressHosted,
client_options: {
site: 'http://example.exampleurl.com'
}

And lastly, my routes:

devise_for :users, controllers: { omniauth_callbacks: 'users/omniauth_callbacks' }

Am I missing anything? I've followed the Facebook tutorial for Omniauth and haven't seen anything glaring that I'm missing.

I'm on the latest versions of Rails and Devise, along with Ruby 2.2.2

[hallmatt]

I'm guessing there might need to be some updates to reflect the latest version of Devise.

[duchaiweb]

I just had same error. Did you have a solution? @hallmatt

[hallmatt]

I wasn't able to find a solution. So I used the Wordpress JSON plugin instead to provide a single sign on solution. I'm relying on the Wordpress sign on instead of devise.

[ianseyer]

+1

[tgeisler]

Did you list the provider in your model for the devise :omniauthable options?
https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview

[davidkrider]

I'm having the same trouble. I have ":omniauthable, omniauth_providers: ['wordpress_oauth2']" in my user.rb, because this is almost universal in the various tutorials, but that's NOT actually in the instructions, or the example.

[davidkrider]

I get this in the application log:

Started GET "/users/auth/wordpress_oauth2" for 127.0.0.1 at 2019-03-09 17:45:50 -0500
Processing by OmniauthCallbacksController#passthru as HTML
  Rendering text template
  Rendered text template (0.0ms)
Completed 404 Not Found in 1ms (Views: 0.4ms | ActiveRecord: 0.0ms)

Seem like client_options: { site: 'http://<my.awesome.wordpress.site.com>' } in config/initializers/devise.rb ought to be redirecting me to my Wordpress site for authentication, but I fiddled around with settings for a couple of hours, and nothing I do can make it actually go to my WP site TO GET TO THE callback function.

[davidkrider]

The gem literally does not initiate the request phase of Omniauth. There's never a chance to direct to Wordpress to do the authentication. How did I figure this out? The Facebook Oauth2 gem works, and gives me a debug line like so:

[1] pry(#<OmniAuth::Strategies::Facebook>)>
I, [2019-03-21T07:47:26.320879 #21213]  INFO -- omniauth: (facebook) Request phase initiated.

I never get to this point with this gem.

[davidkrider]

In the process of stepping through the code in the various gems, I noticed that Devise/Omniauth is rendering the request path as "wordpress_hosted", despite the fact that "wordpress_oauth2" is referenced everywhere in this example. I guess it's taking that cue from the name of the gem itself? Wherever that's coming from, I renamed the Devise config to config.omniauth :wordpress_hosted and then used omniauth_providers: [:wordpress_hosted] in my User model, and it finally started directing me to my Wordpress site for authentication.

Also, I can even leave out the "omniauth_providers" entirely, but then the Facebook Oauth gem doesn't magically display the Facebook link on my login page. I'm guessing that Omniauth gems that configure in the omniauth.rb initializer config need to be listed as an omniauth provider? I'm still not clear on this part.

I still haven't actually gotten logged in yet, but at least this is a step in the right direction. I have finally noticed that there are a dozen and a half forks of this gem, and at least a couple have made the change I have, plus some others. I'm getting close now.