I get the response that I need but its considered as authentication Failure

[laptopmutia]

here are my code is it because the server returning a JSON? because the token request is just work ok when I manually request it with CURL or postman/insomnia with Content-Type and Accept application/json

require 'omniauth-oauth2'

module OmniAuth
  module Strategies
    class Ocan < OmniAuth::Strategies::OAuth2
      option :name, "ocan

      option :client_options, {
        :site => "https://account.autogaming.web/",
        :authorize_url => "https://account.autogaming.web/auth",
        :token_url => "https://account.autogaming.web/api/v1/tokens"
      }
      
      option :token_params, {
        client_id: "my-client-id",
        client_secret: "my-secret",
        grant_type: "authorization_code"
      }
      
    end
  end 
end

here are my heroku logs

right after this line Authentication failure! invalid_credentials: OAuth2::Error is all the data that I need to get user info

at=info method=POST path="/users/auth/ocan" host=soripto.herokuapp.com request_id=ec586e52-66a2-4461-a2e6-afbce9276d0f fwd="180.242.165.119" dyno=web.1 connect=8ms service=9ms status=302 bytes=1390 protocol=https
2022-07-21T17:51:26.847218+00:00 app[web.1]: I, [2022-07-21T17:51:26.847128 #4]  INFO -- : [ec586e52-66a2-4461-a2e6-afbce9276d0f] Started POST "/users/auth/ocan" for 180.242.165.119 at 2022-07-21 17:51:26 +0000
2022-07-21T17:51:26.847516+00:00 app[web.1]: D, [2022-07-21T17:51:26.847485 #4] DEBUG -- omniauth: (ocan) Request phase initiated.
2022-07-21T17:51:27.642260+00:00 app[web.1]: I, [2022-07-21T17:51:27.642157 #4]  INFO -- : [78c93fe3-4be6-45fa-adc3-22dc4933f6e7] Started GET "/users/auth/ocan/callback?code=def50200045d660f2350f370d73dc1e1e436344aef88cd48cfa3d9709ecabc47a6da37b9c2d741a562122ac1e4a7a6f8e2bdf8b9d2797a07eb4641fcffdb2993aff47d0752c56f2784fce49de584eb0f2d03030601bfacff215f3372b3181fd346ba723997fbd7f7588c4dd883f3b36588aac747287e527badca42dad7554b90bc13ddcf9900dfad213933d0f2ccfa87e8636d3416ea37ca72a41f9be6c6088c15092c4a77c4f5041558e28b&state=71a1561a9fb9ae836a4225c26b6cf5392aad80334b6e66b3" for 180.242.165.119 at 2022-07-21 17:51:27 +0000
2022-07-21T17:51:27.642545+00:00 app[web.1]: D, [2022-07-21T17:51:27.642506 #4] DEBUG -- omniauth: (ocan) Callback phase initiated.
2022-07-21T17:51:29.440139+00:00 heroku[router]: at=info method=GET path="/users/auth/ocan/callback?code=def50200045d660f2350f370d73dc1e1e436344aef88cd48cfa3d9709ecabc47a6da37b9c2d741a562122ac1e4a7a6f8e2bdf8b9d2797a07eb4641fcffdb2993aff47d0752c56f2784fce49de584eb0f2d03030601bfacff215f3372b3181fd346ba723997fbd7f7588c4dd883f3b36588aac747287e527badca42dad7554b90bc13ddcf9900dfad213933d0f2ccfa87e8636d3416ea37ca72a41f9be6c6088c15092c4a77c4f5041558e28b&state=71a1561a9fb9ae836a4225c26b6cf5392aad80334b6e66b3" host=soripto.herokuapp.com request_id=78c93fe3-4be6-45fa-adc3-22dc4933f6e7 fwd="180.242.165.119" dyno=web.1 connect=0ms service=1798ms status=302 bytes=1220 protocol=https
2022-07-21T17:51:29.436121+00:00 app[web.1]: E, [2022-07-21T17:51:29.436040 #4] ERROR -- omniauth: (ocan) Authentication failure! invalid_credentials: OAuth2::Error, #<OAuth2::SnakyHash data=#<OAuth2::SnakyHash access_token="eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJjbGllbnQiOiIyYTNhNzU0Mi05OTY2LTQ5ZDctYTljOC0wOGNmYmJiNzZlMzkiLCJ1c2VyIjoiODk4MjY4OGYtNjY3YS00NjBiLWI3ZDAtMmNjZmMzMTQzMTYyIiwidHRsIjoyMTYwMCwic3ViIjoiZmUwMzNmOWItNjc2ZS00MzNhLWJkOWYtNTFhM2VkMmM0MzE0IiwiYXVkIjoiMmEzYTc1NDItOTk2Ni00OWQ3LWE5YzgtMDhjZmJiYjc2ZTM5IiwiZmluZ2VycHJpbnQiOiI4MTY0YzU5MTM4ZDllNmRkODU0MDQ1NGIzYWRhYmMxNDdmZTRjYTNiIn0.Q3q3dgQkHanzDzsaIobgzSeZFtks-uhVXOSe7LuGsejrcL4YTbWHSQRn439qCdT-jv5IF4r3-cTEr7DX1MWQPwCA4-pWgJf8DPMdF54HgE3VkX_x3Kd_vVfrZXjFuo7YJTi8dIC8sIxwWLKq7mPd8_FFJdR2nDyfT7qpWKITL1Y-1GdU35lOjf9ajHDpxXkel5rtB1R5TMuxIA4qtm41mlh8_Ohx0OMdbIJdbcIv4oxO6bqCX4CzfqEM2Sp-PJm5khLkAbeVoPK-1Dxq-3trv4YgdCY63DWyvBUb2zaN7-ol2rvFooyTDcamDfe0j8JB2CevZeRDCrun8_36OB3r1-CN-eh-d_efOt6YmMqNJOCEX8OfA9Nw9M12RTKQgMEHjKR3gfqpMF419Y_7D39OFa8_eWpnkwt_1q02MjTT05ts1cDy6Kv5wdiODsHfo81GXZut422_agUFOd48TTpSbise8cpC7zHNpUJIixZ88vlLzdALgHqv9cOexc409axuWKeld518lg4WFoKgPz0WzxlmTT0AZlRJQ8Zf3W6m45sJ8SsJrChHwh59YN-iy4-V_p-RmlPlzRZmtviJySzpPjenyqy3oKy5_WJ0M4AkZnOjDaNoQ6_40RwWg3gWjv7lFJK4bmY2ZGvPyzJ4B5G5QNpVX8ENUOa4cj89-bCZVVA" expires_in=21600 refresh_token="eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJjbGllbnQiOiIyYTNhNzU0Mi05OTY2LTQ5ZDctYTljOC0wOGNmYmJiNzZlMzkiLCJ1c2VyIjoiODk4MjY4OGYtNjY3YS00NjBiLWI3ZDAtMmNjZmMzMTQzMTYyIiwidHRsIjoyNTkyMDAwLCJzdWIiOiI3MjZlMjgxMS02MzA0LTQyZTgtOTFiMi03MTk3ZTk1ZGY1MzciLCJhdWQiOiIyYTNhNzU0Mi05OTY2LTQ5ZDctYTljOC0wOGNmYmJiNzZlMzkiLCJmaW5nZXJwcmludCI6IjgxNjRjNTkxMzhkOWU2ZGQ4NTQwNDU0YjNhZGFiYzE0N2ZlNGNhM2IifQ.V0wMudCv2MbB7SxkrsJQi8u05zvHeEsKjJCYzneB0kLf9S4di-jdFY-JMaT8lYM6BXrXPjTBSSlHP6aP7gKc-1UcpPv89y7KAdDzrUSmGQ4AxWU2av4GVQze7dLm0dgzgJysu3H_Yb04VyCMbZUWg0rjgcFvctFLeLhCPCLJQmHk9bAeiRBU1RCqhv5rfyRzEEafvAwHBGck3RlnQmd3DxzkyrWEIX3sLuaZChx9506iMw7-pzE_m3D8_aEhw3hZ-nOu_gH4ODjbY0HkveXtfMu0QYRtT2NVaKWOdA3XjLHIAXbHqOLvQIghoHD4ZpSm3uD7j36WrhY6oVeCXaf-nn7Ji3TvmZAAwAkbbnD4WVIpPkKpE-cB7JvvcR9imcLeHo7Gzv9wbFSesDeNo0uwZjNWk_Qdo-t19zgL9qEdGqe7GjVHSp1VCyO0LNN0FXTm074I7ZVJhQr9Yjl35Q_-gGV96EjGOC_-CrlvPc1c7fBZAVmQyMfKFw8TfD7Aekgdp9YFNqa-x8YLN99bzkjoWuRoCEAyPwQMslKGAKY1AiRRctpFV7cj_FLxCDiQo93ArsVrO8UGIR3fP4g1ZWlVJRq1gRNGOaMZUFznbX0hmeGcysp_QZu-V_jYoJcQ_7FkCNC15p6oUWoTGUUaX7w71O3Qj0OaQWySqrz3KmgReao" scopes="basic email" token_type="Bearer"> meta=#<OAuth2::SnakyHash client_ip="3.85.167.58" hostname="ocan-api-f9b689698-gdfb2" version="1">>
2022-07-21T17:51:29.436823+00:00 app[web.1]: I, [2022-07-21T17:51:29.436773 #4]  INFO -- : [78c93fe3-4be6-45fa-adc3-22dc4933f6e7] Processing by OmniauthCallbacksController#failure as HTML
2022-07-21T17:51:29.436874+00:00 app[web.1]: I, [2022-07-21T17:51:29.436850 #4]  INFO -- : [78c93fe3-4be6-45fa-adc3-22dc4933f6e7]   Parameters: {"code"=>"def50200045d660f2350f370d73dc1e1e436344aef88cd48cfa3d9709ecabc47a6da37b9c2d741a562122ac1e4a7a6f8e2bdf8b9d2797a07eb4641fcffdb2993aff47d0752c56f2784fce49de584eb0f2d03030601bfacff215f3372b3181fd346ba723997fbd7f7588c4dd883f3b36588aac747287e527badca42dad7554b90bc13ddcf9900dfad213933d0f2ccfa87e8636d3416ea37ca72a41f9be6c6088c15092c4a77c4f5041558e28b", "state"=>"71a1561a9fb9ae836a4225c26b6cf5392aad80334b6e66b3"}
2022-07-21T17:51:29.437906+00:00 app[web.1]: I, [2022-07-21T17:51:29.437867 #4]  INFO -- : [78c93fe3-4be6-45fa-adc3-22dc4933f6e7] Redirected to https://soripto.herokuapp.com/users/sign_in
2022-07-21T17:51:29.438031+00:00 app[web.1]: I, [2022-07-21T17:51:29.438007 #4]  INFO -- : [78c93fe3-4be6-45fa-adc3-22dc4933f6e7] Completed 302 Found in 1ms (ActiveRecord: 0.0ms | Allocations: 544)
2022-07-21T17:51:29.721960+00:00 heroku[router]: at=info method=GET path="/users/sign_in" host=soripto.herokuapp.com request_id=8011c6a7-8342-461b-aa31-76b1aca8a268 fwd="180.242.165.119" dyno=web.1 connect=0ms service=8ms status=200 bytes=5439 protocol=https
2022-07-21T17:51:29.714271+00:00 app[web.1]: I, [2022-07-21T17:51:29.714210 #4]  INFO -- : [8011c6a7-8342-461b-aa31-76b1aca8a268] Started GET "/users/sign_in" for 180.242.165.119 at 2022-07-21 17:51:29 +0000

in insomnia/postman the response are like this, is this because the response wrapped in data?

{
	"data": {
		"token_type": "Bearer",
		"expires_in": 21600,
		"scopes": "basic email",
		"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJjbGllbnQiOiIyYTNhNzU0Mi05OTY2LTQ5ZDctYTljOC0wOGNmYmJiNzZlMzkiLCJ1c2VyIjoiNDEwNmE4NWEtZmUyZS00OTQ2LTlmMWYtZjIwMTIxZDFkYTZiIiwidHRsIjoyMTYwMCwic3ViIjoiMmZjYWY5YWEtYjcwNS00ODY5LWExN2QtZTNhYWNmNTgwZjU3IiwiYXVkIjoiMmEzYTc1NDItOTk2Ni00OWQ3LWE5YzgtMDhjZmJiYjc2ZTM5IiwiZmluZ2VycHJpbnQiOiJhZmViMDMyYmIzNTg4NDNiMzVjZjgzOTRjMGU2NTE4MDdkMTg3NjQxIn0.G73Uza18ywtcR4DwOc6GuH10de2j6QdXnTNwTAcHNXTTduYHMgDcn7PBnPCBD8T8N-iogpvUEnwQH8bm3F5gq2cRhFYAK34ti2YRTF1VICt0W4hAra3tv9InsD9riGJ58FkcDJf_QanL3HhAYfo5gfDVeHzrNzaj0WOXl_dEFQT37Ce-lYkQ3BnFVpCJTDakM_F1aJ3Rs8XOT33FGrEtUUC06KxYwPb3G_W8qBsd3EA0sXH5aJhdl_2rI1Sn1-rMrEgHTWQ9-6CznJh16otDywATKNynBY1D3FSLzlpaAoOfdkmIHJqnzazeWMdpMcT2-6OR0nhbeiGFyC3gAU9CHdQ8qCUBfNyCSn4ViJBMpwVEaLr40UxQlVOtqCNvOpg67hHGK5x9bk-ATj2c9GqJHEYC-ktVlgHX88JPao7KUcIdM_EYExs-q06mi0hYzU0JrUcgFg5TNKmgMNPhmVN7GnxhEL0JdMnMMe-ychlEbLK5g_MN4vyl1A1QtMFAOwWL_oWhGO4xjiKOgRE9iFZRNAr1d4kbaYykOIBkFkNopmvmPCYRkdWhZ5W-BgqUk1uMHfzRzVbUplZz2tbpbd13rrpiKpmMzzxmQgXCgPi0uWxdV3-hT9ja2SyaGsWtH9eSyt_0rOhDx5ZL2mCpBhTo-1kONl-Yn-GZloQsKiOeSgc",
		"refresh_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJjbGllbnQiOiIyYTNhNzU0Mi05OTY2LTQ5ZDctYTljOC0wOGNmYmJiNzZlMzkiLCJ1c2VyIjoiNDEwNmE4NWEtZmUyZS00OTQ2LTlmMWYtZjIwMTIxZDFkYTZiIiwidHRsIjoyNTkyMDAwLCJzdWIiOiJlM2U3Mzg4ZS0xMGIzLTQyY2ItOWIwZC1lNDY5NzVjZTBlZjciLCJhdWQiOiIyYTNhNzU0Mi05OTY2LTQ5ZDctYTljOC0wOGNmYmJiNzZlMzkiLCJmaW5nZXJwcmludCI6ImFmZWIwMzJiYjM1ODg0M2IzNWNmODM5NGMwZTY1MTgwN2QxODc2NDEifQ.h844lllUOCNE118tYUGpqwFL0iNlGkQt6HwAFUBGcHxGJaKwEYo4vjpfWhd8a6wRr4JKMv4agysmWf7kjiriDZgvn7xWlFyG3ETI6dmqphVZK6lF7X8H_E8ka2uWlB40JD5yGriWA8w-U62yW-YDX8dsnamgIDYNiFqTk5IOF24m5TcIDCXkvsV13GCs2rFwhDUhkRyNlTYmSq4AoqoIprvjAUin2kBQYIEFIOdoRD-gr47hK2G18xEOylpnA9WyMeJ2Q5mTc_PVyrXrFoaxc5xX1gYSXFKtSfhcckTXIN1ooE4YgNCGojzoPMlLFtxu6Hjvk8FiXFmZngO24C8aCi6aDypghuxfShT8QjQyqbac6C3DLrfww-uYuxHixdglSgxfDigDgdmkfMM8KR6xZteC5MmMTuD3igc-9bIF73BI-LmmAxDXPtjXI2N1LbY0PmufWQi0vMpkJNjTClBcR1F74BKsAyxpmw44NkKVMqp5AEJddNHcvaQ2vrKlbVO5ULLJiIyh23qzX3Qjsp4Ru48XHzqzXuMlKbOuaTtBctENc7kp4NiAoNAm7tGFLxv7x3N83AZkfsG-PPh2pgtYTfeFwws1BuJNU8LTkPTnje0_XLrqUaCW-xlZcspOQgiDj5FpY3Z3QtYhxTwhWZBysz7lor6jjbqb3Jg7DtalW9I"
	},
	"meta": {
		"version": "1",
		"hostname": "ocan-api-xxxxxxxxx-xxxxx",
		"client_ip": "xx.xxx.xxx.xxx"
	}
}

so I use this PR branch #147 then I got this full messages

Could not authenticate you from Ocan because "Undefined method `to sym' for nil:nilclass env['omniauth.error.type'] = message key.to sym ^^^^^^^".

[BobbyMcWho]

I don't have time to look into this fully at the moment, but you should make sure not to post secrets publicly

[laptopmutia]

what is your guess about this then? if I want to debug it where I should start ?

[BobbyMcWho]

What version of omniauth-oauth2 and regular oauth2 gem are you using

[laptopmutia]

here are my omniauth and oauth2 gemfile lock

    oauth2 (2.0.6)
      faraday (>= 0.17.3, < 3.0)
      jwt (>= 1.0, < 3.0)
      multi_xml (~> 0.5)
      rack (>= 1.2, < 3)
      rash_alt (>= 0.4, < 1)
      version_gem (~> 1.1)
    omniauth (2.1.0)
      hashie (>= 3.4.6)
      rack (>= 2.2.3)
      rack-protection
    omniauth-oauth2 (1.8.0)
      oauth2 (>= 1.4, < 3)
      omniauth (~> 2.0)
    omniauth-rails_csrf_protection (1.0.1)
      actionpack (>= 4.2)
      omniauth (~> 2.0)

I use it with devise (4.8.1)

is it related with the auth token response that I get from the server? because the response is wrapped in
"data": { "access_token": "mytoken"}}

[laptopmutia]

I think its because oauth2 I open this issue here https://github.com/oauth-xx/oauth2/issues/627

[pboling]

It looks like the issue was caused by the oauth keys being nested inside a data top level object in the response. OP was able to override, and use a hash#dig to fix it. Is this a wider issue we should collaborate on @BobbyMcWho ? Perhaps a config option to specify where nested oauth keys should be pulled from?

[BobbyMcWho]

This could probably be solved with a custom strategy in the short term, we could add a feature like that in omniauth, but I'm currently out of town with little time, so it wouldn't be a priority anytime soon @pboling