9

I'm trying to make Facebook login with omniauth-facebook in Rails 3.2.9; I have followed the steps of Ryan Bates in http://railscasts.com/episodes/360-facebook-authentication and in this very moment I have the same code.

If I try to login without the Javascript it works (it takes me to Facebook, I grant the permissions, and gets me back to the app successfully), but if I try with the Javascript (for the Facebook popup) it initially shows the popup to login, but then makes a redirect and throws me this error (without asking for the permissions):

Started GET "/auth/facebook/callback" for 127.0.0.1 at 2012-11-16 15:16:03 -0600
(facebook) Callback phase initiated.
(facebook) Authentication failure! invalid_credentials: OmniAuth::Strategies::OAuth2::CallbackError, OmniAuth::Strategies::OAuth2::CallbackError

OmniAuth::Strategies::OAuth2::CallbackError (OmniAuth::Strategies::OAuth2::CallbackError)

This is a very common error; I made the research and tried all the solutions (mostly are from some months ago) but none of them work. This is what I have tried:

  1. Checking the sandbox in Facebook is disable (and I have waited hours for the propagation)
  2. Checking the Site URL to http://localhost:3000/
  3. Checking the App ID and App Secret
  4. Downgrading the omniauth-facebook gem to 1.4, and throws me this error: omniauth-facebook must pass either acodeparameter or a signed request (viasigned_requestparameter or afbsr_XXXcookie)
  5. Downgrade to Rails 3.2.8

What else should I do? (I think the key is in the Javascript, and right now I have the same code of the video, with CoffeeScript). Thanks in advance!

pablomarti
  • 2,087
  • 2
  • 22
  • 35
  • since u said mostly is javascript error, do you check the console log from firebug or the network in the chrome? try to figure what the javascript doing and where it stop. alert something in the middle. – Nich Nov 16 '12 at 23:46
  • Hi, there is no Javascript error, nor warning or any message... – pablomarti Nov 19 '12 at 14:31
  • I found a similar solution with Rails 3.2.8. See my comments on the Github issue at https://github.com/mkdynamic/omniauth-facebook/issues/75. – Martin Streicher Jan 03 '13 at 20:24

2 Answers2

18

I followed that Railscast just now and managed to get it working. You'll notice people discussing your problem in the comments. Following the links there, I ended up on this issue on Github and this question on StackOverflow.

I recommend updating to 1.6.0 and to 2.0.0 when it finally comes out. In the meantime, make sure you aren't making any of these mistakes:

  • Defining your app credentials in two different initializers, usually omniauth.rb and devise.rb. source

  • Having a domain name mismatch between your live site and the site url configured within your facebook application. source

  • Leaving the facebook application in sandbox mode, so the domain name doesn't match the production one. source

  • Adding a before_filter :authenticate to the OmniauthCallbacksController or ApplicationController (since OmniauthCallbacksController inherits from ApplicationController). source

  • Using omniauth-facebook in conjunction with Facebook's client-side flow. source

  • Messing with the state param.

Community
  • 1
  • 1
Ashitaka
  • 19,028
  • 6
  • 54
  • 69
  • `omniauth-facebook`'s latest version has a few bugs, so downgrading at this point is the best solution. If you have a Github account, I suggest going to the bottom of the [issue page](https://github.com/mkdynamic/omniauth-facebook/issues/73) and start watching the thread. When the issue is finally resolved, you'll be notified of the definite solution. For the time being, just downgrade. – Ashitaka Nov 23 '12 at 14:50
  • Hi, I made the downgrade, and I did some weeks ago, but I'm still getting the error "must pass either a `code` parameter or a signed request (via `signed_request` parameter or a `fbsr_XXX` cookie)" (you can watch it on the things I did the last time). Did you use Rails 3.2.9? – pablomarti Nov 26 '12 at 14:21
  • Actually I used 3.2.8. Where did you read that it made a difference? – Ashitaka Nov 26 '12 at 16:19
  • 1
    Haha thats weird... I think I tried with R328 and omniauth-facebook 1.4.0 in the past, but I made a new downgrade from R329 to R328 and it did work. Cool! Thank you! Final solution: use omniauth-facebook 1.4.0 with Rails 3.2.8, and follow the issue on Github for updates. – pablomarti Nov 26 '12 at 16:46
  • Strange, but I'm glad it worked! I'll update my answer accordingly. – Ashitaka Nov 26 '12 at 17:41
  • 1
    Just wanted to say I've been spent the last day trying different solutions on SO, and this is the post that finally helped me. – CHawk Aug 12 '16 at 17:54
0

Solution without downgrading (using 1.5.1 right now) :

https://github.com/intridea/omniauth-oauth2/issues/32 -> Add this to your provider declaration : provider :facebook, xxxxxxxxx, yyyyyyyyy, {:provider_ignores_state => true}

alex
  • 357
  • 3
  • 14