Invalid redirect URI with Devise

[TheLucasMoore]

I've seen this error elsewhere in the docs, but haven't seen anyone else trying to use Devise.
Found a similar issue on Stackoverflow.

Every request to Spotify returns with an error:

invalid_credentials: OAuth2::Error, invalid_grant: Invalid redirect URI {"error":"invalid_grant","error_description":"Invalid redirect URI"}

I have omniauth-spotify (0.0.9) and Devise (4.1.1) installed in my rails + angular application.

in devise.rb
config.omniauth :spotify, ENV["spotify_client_id"], ENV["spotify_client_secret"], scope: 'user-top-read user-read-email'

user.rb

class User < ActiveRecord::Base
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable and :omniauthable
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :trackable, :validatable,
         :omniauthable, :omniauth_providers => [:spotify]

  def self.from_omniauth(auth)
  where(provider: auth.provider, uid: auth.uid).first_or_create do |user|
    user.email = auth.info.email
    user.password = Devise.friendly_token[0,20]
    end
  end

end

routes.rb

Rails.application.routes.draw do
  devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }
  resources :genres
  resources :artists
  root 'static#index'

My redirect URI is set for my Spotify app:
http://localhost:3000/users/auth/spotify/callback

Any ideas would be great. Let me know if you need any more information.

[TheLucasMoore]

I believe I solved this by manually requiring omniauth-oauth2 ~1.3.1

My gemfile now:

...
gem 'devise'
gem 'omniauth-oauth2', '~> 1.3.1'
gem 'omniauth-spotify'

Is this the standard way to fix this type of error? Since this seems like a common issue, can we add it into the documentation?

[ckshei]

Had the same problem with spotify, the above has also worked for me.

[gfauredumont]

Hi,

I'm having a slightly different version of this problem:
We already have 'omniauth-oauth2', '~> 1.3.1'
But because of our server being behind a reverse proxy, I have to "manually" specify the callback_url in intializers/devise.rb like this:

config.omniauth :spotify, 
      ENV['SPOTIFY_APP_ID'], 
      ENV['SPOTIFY_APP_SECRET'], 
      scope: 'user-read-email playlist-modify-public user-library-read user-library-modify',
      callback_url: external_host + 'omniauth/spotify/callback'

The same thing works perfectly for omniauth-facebook but omniauth-spotify keeps providing the default uri :/

Any thoughts would be most welcome !

[gfauredumont]

So for anyone having the same problem, @masterkain has already done the work on this: 158a324 fixes the issue for me.
The current github master branch contains this fix but it's not yet available in RubyGems; so if you need it, just use the github address in your Gemfile.

[gfauredumont]

@masterkain could you create a 0.0.10 tag in github to limit the risk of using the master branch of the gem ?

[masterkain]

hello,
tag 0.0.10 has been released on both github and rubygems. thanks for testing!