Ruby on Rails OAuth2 Endless Refreshing, never redirects back to application

0 Votes



I'm looking to enable users to Login with Constant Contact to our Rails application, using the Omniauth-ConstantContact2 gem with Devise.  


We initialize the providers as devise requires, including scope for constant contact:


    config.omniauth :google_oauth2, ENV['GOOGLE_CLIENT'], ENV['GOOGLE_SECRET']
    	config.omniauth :hubspot, ENV['HUBSPOT_CLIENT_ID'], ENV['HUBSPOT_SECRET_ID'], scope: 'contacts timeline'
    if ENV['CC_KEY']
    	config.omniauth :constantcontact, ENV['CC_KEY'], ENV['CC_SECRET'], scope: 'contact_data'


When we hit the authentication URL: http://localhost:3000/users/auth/constantcontact


The URL we are then taken to is:


Upon entering username and password, the page simply ends up refreshing. It looks like the authorization succeeds, and then immediately logs the user out and refreshes the page. Here are the network requests:




The redirect URI should be http://localhost:3000/users/auth/callback/constantcontact, but we are never taken back there.


We currently have Google, Slack, and HubSpot OAuth all working in this same way and cannot figure out what we are doing wrong here. 


Our API and secret keys are setup, the redirect URIs are listed in the application, we are passing a simple contact_data scope as shown in the code sample above. We never receive a "invalid redirect uri" or similar error, the page simply always refreshes. This happens in all browsers.


What can we do to enable oauth authentication within our Rails app? Happy to provide any information needed!






0 Votes

Hello BrettL475,


Thank you for reaching out to Constant Contact API Developer Support. My team is here to assist outside software developers with questions about building into Constant Contact's API.


The 3rd party code library that you are using appears to have been built for our legacy V2 API, whereas it looks like you are attempting authentication using a V3 API key, which is not cross-compatible.


Within the README file of the "Omniauth-ConstantContact2" link you provided, if you scroll down under the usage section, it states:
“You will have to put in your consumer key and secret, which you can find at” However, the post is from 10 years ago, and the referenced link has since been updated to direct to our newest V3 API.


To generate a legacy V2 API key, please use the instructions in the link below:


How to generate an API Key and Access Token:


Please let us know if you have any other questions! You can also reach our team directly via email at 


Courtney E.
Tier II API Support Engineer

Did I answer your question?
If so, please mark my post as an "Accepted Solution" by clicking the Accept as Solution button in the bottom right hand corner of this post.
Developer Portal

View API documentation, code samples, get your API key.

Visit Page


API Updates

Join our list to be notified of new features and updates to our V3 API.

Sign Up