I have an app written in rails 2.3. This app uses devise for authentication. I'm on the need to create a SSO with some other projects, like Worpdress.
Because newer versions of devise includes omniauth support, I need to create a intermediate app as an auth endpoint. This tool only will validates the user and redirects to the 2.3 app, with the user logged.
This is the flow:
User log to the 2.3 app => request to 3.2 app => OAuth with external system => logged in the 2.3 app
I did all the configuration required. Basically is share the same key and secret to allow the apps share the session. The problem is after a successful loguin, I get the following error in the 2.3 app:
Status: 500 Internal Server Error
Session contains objects whose class definition isn\'t available.
Remember to require the classes for all objects kept in the session.
(Original exception: #{const_error.message} [#{const_error.class}])
I guess this error means my session contains some classes that 2.3 app does not know how to instantiate. I just don't know how to find which classes are.
Solved. The problem was the Flash message added in the 3.2 rails app. The class of this message is ActionDispatch::Flash::FlashHash and the class for a 2.3 app is ActionController::Flash::FlashHash.
The solution in my case was remove the call set_flash_message. Now that you solve the 3.2 => 2.3 maybe you need to go back to the 3.2 app. As the 2.3 app will be adding Flash messages with the 'wrong' class, you need to add the definition of this new class on your 3.2 app:
# config/initializers/session_store.rb
module ActionController
module Flash
class FlashHash < Hash
def method_missing(m, *a, &;b)
end
end
end
end
References:
Rails 3.2 => 2.3. This post
Rails 2.3 => 3.2 This post