rails twitterログイン機能実装でエラー

前提・実現したいこと

こちらの記事を参考にrailsアプリでtwitterログイン機能を作ろうとしています

発生している問題・エラーメッセージ

タイポがないようにコピペで実装したのですが、twitterログインリンクを押すと認証画面に行かずこのようなエラーが出ます

Started POST "/users/auth/twitter" for ::1 at 2021-03-06 15:53:51 +0900
D, [2021-03-06T15:53:51.184784 #11199] DEBUG -- omniauth: (twitter) Request phase initiated.
W, [2021-03-06T15:53:51.185157 #11199]  WARN -- omniauth: Attack prevented by OmniAuth::AuthenticityTokenProtection
E, [2021-03-06T15:53:51.185517 #11199] ERROR -- omniauth: (twitter) Authentication failure! authenticity_error: OmniAuth::AuthenticityError, Forbidden
Processing by Users::OmniauthCallbacksController#failure as HTML
  Parameters: {"authenticity_token"=>"/AGT5HMjphJZgGA64KIZgKNw/fvAy9sSYg1RuG8tQXGh76Qhl76Ouiv8FLi5JiptNp6lio98kF6WyKuM+myRrQ=="}
Redirected to http://localhost:3000/
Completed 302 Found in 1ms (ActiveRecord: 0.0ms)

ソースコード

devise.rb

config.omniauth :twitter, ENV['TWITTER_API_KEY'], ENV['TWITTER_SECRET_KEY'], scope: 'email', oauth_callback: "#{ENV['HOST']}/users/auth/twitter/callback"

users/omniauth_callbacks_controller.rb

class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
  def twitter
    callback_for(:twitter)
  end

  def callback_for(provider)
    @user = User.from_omniauth(request.env["omniauth.auth"])
    if @user.persisted?
      sign_in_and_redirect @user, event: :authentication #this will throw if @user is not activated
      set_flash_message(:notice, :success, kind: "#{provider}".capitalize) if is_navigational_format?
    else
      session["devise.#{provider}_data"] = request.env["omniauth.auth"].except("extra")
      redirect_to new_user_registration_url
    end
  end

  def failure
    redirect_to root_path
  end
end

user.rb

class User < ApplicationRecord
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
  devise :database_authenticatable, :registerable,
         :recoverable, :rememberable, :validatable, :omniauthable, omniauth_providers: %i[twitter] 
       
  mount_uploader :avatar, AvatarUploader

  has_many :outputs, dependent: :destroy
  has_many :action_plans, dependent: :destroy
  has_many :likes, dependent: :destroy
  has_many :like_outputs, through: :likes, source: :output
  has_many :meetings, dependent: :destroy
  has_many :requestings, dependent: :destroy
  has_many :request_meetings, through: :requestings, source: :meeting
  has_many :participants, dependent: :destroy
  has_many :messages, dependent: :destroy

  def self.from_omniauth(auth)
    where(provider: auth.provider, uid: auth.uid).first_or_create do |user|
      user.email = auth.info.email
      user.password = Devise.friendly_token[0,20]
    end
  end

補足情報（FW/ツールのバージョンなど）

ruby 2.6.5
rails 5.2.3

行動規範の内容に同意します

回答2件

Gemfile
1gem "omniauth-rails_csrf_protection"

Gemfile に上記を追記後に bundle してログインするとどうなりますか？
(bundle後 rails は再起動してください)

投稿2021/03/06 22:14

neko_daisuki

総合スコア2090

masaya-tn

2021/03/07 02:52

ダメでしたが、エラーメッセージが変化しました Started POST "/users/auth/twitter" for ::1 at 2021-03-07 11:48:35 +0900 D, [2021-03-07T11:48:35.247761 #15332] DEBUG -- omniauth: (twitter) Request phase initiated. E, [2021-03-07T11:48:35.490596 #15332] ERROR -- omniauth: (twitter) Authentication failure! 403 Forbidden: OAuth::Unauthorized, 403 Forbidden Processing by Users::OmniauthCallbacksController#failure as HTML Parameters: {"authenticity_token"=>"Ee0oNZ+Pxp9X5FEa1cMwIuPIySaUZci6Cr+buLqshQBMAx/wexLuNyWYJZiMRwPPdiaRV9vSg/b+emGML+1V3A=="} Redirected to http://localhost:3000/users/sign_in Completed 302 Found in 1ms (ActiveRecord: 0.0ms)