Twitter API Question posted in
The official Twitter API documentation can be found here.

Getting error OmniAuth::NoSessionError with Rails 5 API – Twitter API

I created a new Rails 5 application with rails new appname --api which seems great! I want to use it as a backend to a frontend with React and in time a Chrome App. For now I want to create an API.

I used the following gems

  • gem ‘omniauth’
  • gem ‘omniauth-oauth2’
  • gem ‘devise’
  • gem ‘devise_token_auth’, git: ‘git://github.com/lynndylanhurley/devise_token_auth.git’
  • gem ‘omniauth-twitter’
  • gem ‘omniauth-facebook’
  • gem ‘omniauth-google-oauth2’

And I followed the directions on their Github and here to do the setup: http://www.developingandrails.com/2015/02/api-authentication-with-devisetokenauth.html

And now when I run the app I get:

Started GET "/" for 14.144.15.10 at 2016-07-17 17:21:46 +0000
  ActiveRecord::SchemaMigration Load (0.1ms)  SELECT "schema_migrations".* FROM "schema_migrations"
OmniAuth::NoSessionError (You must provide a session to use OmniAuth.):

I’ve looked for answers on Github and StackOverflow but no one seems to have the solution.

The only thing that seems to “fix” the problem is adding this:

 # config/application.rb
 config.middleware.use Rack::Session::Cookie

But this “solution” gives me this error in the console:

SECURITY WARNING: No secret option provided to Rack::Session::Cookie.
        This poses a security threat. It is strongly recommended that you
        provide a secret to prevent exploits that may be possible from crafted
        cookies. This will not be supported in future versions of Rack, and
        future versions will even invalidate your existing user cookies.

Please help! Thanks.

Tags:

4

Answers


  1. 0

    Not totally sure, but something that worked for me in a project is:

      #config/application.rb
  config.middleware.insert_after(ActiveRecord::QueryCache, ActionDispatch::Cookies)
  config.middleware.insert_after(ActionDispatch::Cookies, ActionDispatch::Session::CookieStore)
    Login or Signup to reply.
  2. 0

    Unfortunately, omniauth requires rack.session presence to keep some data between the request to provider and the callback request.

    https://github.com/omniauth/omniauth/blob/master/lib/omniauth/strategy.rb#L173

    To Omniauth with Rails API needs to return a session to middleware stack:

    config.middleware.insert_after ActiveRecord::Migration::CheckPending, ActionDispatch::Cookies
config.middleware.insert_after ActionDispatch::Cookies, ActionDispatch::Session::CookieStore
    Login or Signup to reply.
  3. 0

    While config.middleware.insert_after worked for me, the same middleware was not loaded so I had to insert choose something else to insert it after. I found a similar answer in http://stackoverflow.com/questions/15342710/adding-cookie-session-store-back-to-rails-api-app and simply added:

    config.middleware.use ActionDispatch::Cookies
config.middleware.use ActionDispatch::Session::CookieStore

    in application.rb.

    Login or Signup to reply.
  4. 0

    In your config/application.rb set the secret

    config.middleware.use Rack::Session::Cookie, secret: "s3cr3t_k3y_3x@mpl3"

    Ref.: https://www.rubydoc.info/gems/rack/Rack/Session/Cookie

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search