OAuth failure callback error with Google provider

[micred]

Hi, thanks for creating this great gem.

I configured Google OAuth specifying allowed domains:

  provider :google_oauth2, client_id, secret, { hd: %w(domain1.com domain2.com) }

All works well if I try to login with [email protected] or [email protected].

Anyway if I try to login with [email protected] I get "Authentication failure" (as expected since gmail.com is not in the whitelist) but this raise an exception:

Started GET "/omniauth/google_oauth2?auth_origin_url=http%3A%2F%2Flocalhost%3A4200%2Foauth_callback&omniauth_window_type=newWindow&resource_class=User" for 127.0.0.1 at 2017-05-29 15:51:48 +0200
I, [2017-05-29T15:51:48.108338 #13400]  INFO -- omniauth: (google_oauth2) Request phase initiated.
Started GET "/omniauth/google_oauth2/callback?state=12f268ce2f8fd6ad7f1ff7279d6561c615ca2db456f8f9d5&code=4/jKMhb8suasNeXJ4mUohd762fbpFk2f78ESdlSwKHhx0" for 127.0.0.1 at 2017-05-29 15:51:52 +0200
I, [2017-05-29T15:51:52.529193 #13400]  INFO -- omniauth: (google_oauth2) Callback phase initiated.
E, [2017-05-29T15:51:53.061012 #13400] ERROR -- omniauth: (google_oauth2) Authentication failure! invalid_credentials: OmniAuth::Strategies::OAuth2::CallbackError, invalid_hd | Invalid Hosted Domain
  
RuntimeError (Could not find a valid mapping for path "/omniauth/google_oauth2/callback"):
  
devise (4.2.1) lib/devise/mapping.rb:49:in `find_by_path!'
devise (4.2.1) lib/devise/omniauth.rb:17:in `block in <top (required)>'
omniauth (1.6.1) lib/omniauth/strategy.rb:478:in `fail!'
omniauth-oauth2 (1.4.0) lib/omniauth/strategies/oauth2.rb:78:in `rescue in callback_phase'
omniauth-oauth2 (1.4.0) lib/omniauth/strategies/oauth2.rb:67:in `callback_phase'
omniauth (1.6.1) lib/omniauth/strategy.rb:230:in `callback_call'
omniauth (1.6.1) lib/omniauth/strategy.rb:187:in `call!'
omniauth (1.6.1) lib/omniauth/strategy.rb:167:in `call'
omniauth (1.6.1) lib/omniauth/builder.rb:63:in `call'
bullet (5.5.1) lib/bullet/rack.rb:12:in `call'
warden (1.2.7) lib/warden/manager.rb:36:in `block in call'
warden (1.2.7) lib/warden/manager.rb:35:in `catch'
warden (1.2.7) lib/warden/manager.rb:35:in `call'
rack-cors (0.4.1) lib/rack/cors.rb:81:in `call'
rack (2.0.3) lib/rack/etag.rb:25:in `call'
rack (2.0.3) lib/rack/conditional_get.rb:25:in `call'
rack (2.0.3) lib/rack/head.rb:12:in `call'
rack (2.0.3) lib/rack/session/abstract/id.rb:232:in `context'
rack (2.0.3) lib/rack/session/abstract/id.rb:226:in `call'
actionpack (5.0.3) lib/action_dispatch/middleware/cookies.rb:613:in `call'
activerecord (5.0.3) lib/active_record/migration.rb:553:in `call'
actionpack (5.0.3) lib/action_dispatch/middleware/callbacks.rb:38:in `block in call'
activesupport (5.0.3) lib/active_support/callbacks.rb:97:in `__run_callbacks__'
activesupport (5.0.3) lib/active_support/callbacks.rb:750:in `_run_call_callbacks'
activesupport (5.0.3) lib/active_support/callbacks.rb:90:in `run_callbacks'
actionpack (5.0.3) lib/action_dispatch/middleware/callbacks.rb:36:in `call'
actionpack (5.0.3) lib/action_dispatch/middleware/executor.rb:12:in `call'
actionpack (5.0.3) lib/action_dispatch/middleware/remote_ip.rb:79:in `call'
airbrake (6.1.0) lib/airbrake/rack/middleware.rb:52:in `call'
actionpack (5.0.3) lib/action_dispatch/middleware/debug_exceptions.rb:49:in `call'
web-console (3.5.1) lib/web_console/middleware.rb:135:in `call_app'
web-console (3.5.1) lib/web_console/middleware.rb:28:in `block in call'
web-console (3.5.1) lib/web_console/middleware.rb:18:in `catch'
web-console (3.5.1) lib/web_console/middleware.rb:18:in `call'
actionpack (5.0.3) lib/action_dispatch/middleware/show_exceptions.rb:31:in `call'
railties (5.0.3) lib/rails/rack/logger.rb:36:in `call_app'
railties (5.0.3) lib/rails/rack/logger.rb:24:in `block in call'
activesupport (5.0.3) lib/active_support/tagged_logging.rb:69:in `block in tagged'
activesupport (5.0.3) lib/active_support/tagged_logging.rb:26:in `tagged'
activesupport (5.0.3) lib/active_support/tagged_logging.rb:69:in `tagged'
railties (5.0.3) lib/rails/rack/logger.rb:24:in `call'
actionpack (5.0.3) lib/action_dispatch/middleware/request_id.rb:24:in `call'
rack (2.0.3) lib/rack/method_override.rb:22:in `call'
rack (2.0.3) lib/rack/runtime.rb:22:in `call'
activesupport (5.0.3) lib/active_support/cache/strategy/local_cache_middleware.rb:28:in `call'
actionpack (5.0.3) lib/action_dispatch/middleware/executor.rb:12:in `call'
actionpack (5.0.3) lib/action_dispatch/middleware/static.rb:136:in `call'
rack (2.0.3) lib/rack/sendfile.rb:111:in `call'
railties (5.0.3) lib/rails/engine.rb:522:in `call'
puma (3.8.2) lib/puma/configuration.rb:224:in `call'
puma (3.8.2) lib/puma/server.rb:600:in `handle_request'
puma (3.8.2) lib/puma/server.rb:435:in `process_client'
puma (3.8.2) lib/puma/server.rb:299:in `block in run'
puma (3.8.2) lib/puma/thread_pool.rb:120:in `block in spawn_thread'

Gems version:
devise (4.2.1) (but tried also with 4.3.0)
devise_token_auth (0.1.42)
oauth2 (1.3.1)
omniauth (1.6.1)
omniauth-google-oauth2 (0.4.1)
omniauth-oauth2 (1.4.0)

Support for more than one hosted domain is handled by:
zquestz/omniauth-google-oauth2@1e6bb96

[micred]

I notice that this problem is not related to "more than one hosted domain".
Even if I specify just one domain, but I force Google to login with another account I get that OmniAuth failure that is not handled and raise the exception.

[zquestz]

When you login with gmail the hosted domain comes back empty. Just use the following and it should work:

provider :google_oauth2, client_id, secret, { hd: ['domain1.com', 'domain2.com', nil] }

[micred]

It works, but it actually allows any domain.

[zachfeldman]

Workaround posted, closing for now. @micred if your last comment is still an issue please reopen or open a new issue!