Rails 3.0.12,最新的omniauth,我可以连接到Google并获取用户的电子邮件地址。但后来我在 SSL 模式下在 nginx 后面运行相同的 Rails 应用程序,但它失败并显示 Google 页面:
"The page you requested is invalid."
这是我的 nginx 配置吗?我的omniauth设置?
我知道X-Forwarded-Proto: https这是这里的特别之处,我还需要做些什么才能让 OpenID 在 SSL Web 服务器后面满意吗?
这是完整的示例代码:您可以克隆此存储库,bundle install,然后运行rails s看看它工作正常,然后运行rake server看到它失败。https://github.com/jjulian/open_id_ssl https://github.com/jjulian/open_id_ssl
nginx.conf:
worker_processes 2;
pid tmp/nginx.pid;
error_log log/error.log;
daemon off;
events {
}
http {
client_body_temp_path tmp/body;
proxy_temp_path tmp/proxy;
fastcgi_temp_path tmp/fastcgi;
uwsgi_temp_path tmp/uwsgi;
scgi_temp_path tmp/scgi;
server {
listen 3000 ssl;
ssl_certificate development.crt;
ssl_certificate_key development.key;
ssl_verify_depth 6;
access_log log/access.log;
proxy_buffering off;
location / {
proxy_pass http://127.0.0.1:3300;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto https;
}
}
}
omniauth.rb 初始值设定项:
require 'openid/store/filesystem'
Rails.application.config.middleware.use OmniAuth::Builder do
provider :open_id, :identifier => 'https://www.google.com/accounts/o8/id'
end
路线.rb:
OpenIdSsl::Application.routes.draw do
match '/auth/open_id/callback' => 'accounts#update'
match '/auth/failure' => 'accounts#failure'
root :to => 'accounts#show'
end
UPDATE:此示例使用 Rails 3.1.12 和 OmniAuth 1.0.3。升级到 Rails 3.1.4 和 OmniAuth 1.1.0 修复了该问题。
