I'm facing a weird problem.
I followed this tutorial : https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview
It works perfectly with the exact same code on my local machine (with modification on APP_ID and SECRET).
But when I test it on another server, I cant get logged in with Facebook informations...
I click on the link (<%= link_to 'register with fb', user_omniauth_authorize_path(:facebook) %>) then I'm redirected well to Facebook which asks me if I allow the app and finally I get redirected to my site.
But I'm redirected to /user/sign_in ! And no record with the user retrieved from Facebook is created.
The log gives me :
Started GET "/users/auth/facebook" for 192.168.1.254 at 2011-07-25 19:06:11 +0400
Started GET "/users/auth/facebook/callback?code=grV09GQr[...]BbcM-mxklOu5E"
for 192.168.1.254 at 2011-07-25 19:06:12 +0400 Processing by
Users::OmniauthCallbacksController#failure as HTML Parameters:
{"code"=>"grV09GQrqjDepasyQpVhqSg0FINlr4h9[...]sSUooMrBRxBbcM-mxklOu5E"}
Redirected to http://mysite.com/users/sign_in Completed 302 Found in
1ms
Someone has an idea ?
Many Thanks
You are getting the sign-in page because this is the default behavior for the omniauth gem when an error occurs from facebook. You are getting rejected from facebook. If you were to decode the code in the returned URL, you might be able to figure out the reason. It would be helpful if the error handler did that.
With facebook connect you must put the url of your website in the facebook configuration. It is the canvas URL or web site url/domain in the configuration. If you don't have this set correctly, then facebook will reject your return request.
Related
I am working on Etsy Authentication. I have created an app and tried to test the Authentication via Postman in the same above process but I was not able to Authenticate I was getting an error
Error
And I was unable to Edit the App and also there is no option of "Request Full Access"
No Edit option and also no Request full access and the app state is in pending approval
Help me with the issue as I was previously able to Edit the App and I have tested few APIs as well but now I am unable to do it.
Postman image
If I hit this API in the browser as a response I need code but I was getting the above error
Your request isn't working because you haven't registered the callback URL for postman with your App, and of course you mentioned that you couldn't edit your app to add the callback URL.
There is a silly URL bug on the Etsy dev portal which sending you to a broken like when you click on your app to edit it.
Once you click on the App to edit it and end up at the 404 page,
Remove this from the URL and it will then work.
I have emailed the Etsy Developers to point out this bug so hopefully it will be resolved quickly.
To piggyback off of Gareth's answer:
Step 1:
In https://www.etsy.com/developers/edit/{account_id}/callbacks, add the following callback:
http://localhost:3003/oauth/redirect
Step 2:
Follow these instructions https://developer.etsy.com/documentation/essentials/authentication/, make sure to set:
redirect_uri=http://localhost:3003/oauth/redirect
*You don't actually need anything running at localhost:3003
I just started to learn about Google Analytics Embed API from "https://developers.google.com/analytics/devguides/reporting/embed/v1/getting-started"
I followed their example, and deployed my HTML file onto local Tomcat server hosting at port 8080. I've added everything they mentioned including the whitelists for the host origin etc, provided my OAuth 2.0 key
when I hit my HTML page and logged in with google, I keep on getting 403 error when requesting for "https://content.googleapis.com/analytics/v3/management/accountSummaries?max-results=0&_src=embed-api%3Av1"
Anybody has any suggestions where I might have gone wrong?
p.s. the only thing I see on my page after login with Google is "You are logged in as: ***********#gmail.com"
Thanks,
Shen
Upon checking your link, I can see that the error code is 401. Regarding that error, you can check this SO thread.
I think you need to set up a service account as advised in answer.
By setting up a service account in Google apis console it will
allow you to access your own data with out needing to login and
autenticate the code all the time.
I've been seeing "Bad Request Error 400" for the last few weeks whenever using Google signin on my Play Framework website (https://www.cointouch.com/). SecureSocial Config as follows:
google {
authorizationUrl="https://accounts.google.com/o/oauth2/auth"
accessTokenUrl="https://accounts.google.com/o/oauth2/token"
clientId="[redacted]"
clientSecret=[redacted]
scope="https://www.googleapis.com/auth/plus.login profile email"
}
In the securesocial log, the following is shown before I see the error message in my browser
redirecting to: [https://accounts.google.com/o/oauth2/auth?scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fplus.login+email&client_id=[redeacted]&redirect_uri=http%3A%2F%2Ftest.cointouch.com%2Fauthenticate%2Fgoogle&response_type=code&state=[redacted]]
My redirect URLs are configured correctly in the Google API console.
I read that Google has deprecated some of their former signin APIs:
https://developers.google.com/+/api/auth-migration
Is there a quick-fix I can apply to my SecureSocial setup?
Having tried many remedies, and with the kind assistance of Jorge I discovered this was something to do with cookies. Deleting cookies fixed it.
I built a website with Ruby on Rails and want to use the facebook login. Using the Ominauth-Facebook gem, I am enable to log in on my computer. But when several friends tested it, they all got the error in Chrome(similar to Safari saying “Refused to display document because display forbidden by X-Frame-Options"):
It's odd because it works well in all browsers in each device of mine(desktop, iphone and laptop). On my rails config, I already set
config.action_dispatch.default_headers[:'X-Frame-Options'] = "ALLOW-FROM https://www.facebook.com"
Anything I probably missed?Thanks!
Update: the errors won't show up again if my friend somehow signed in successfully once. Even when he logout from FB and sign in on my sites. I think that's why it works all good for me
This happens because Facebook doesn't want to users enter their authentication data in iframe on another site. It's done for security purposes. To avoid this you can try add to your link:
:target => "_top"
I got this error on the facebook canvas, In order to stop this occuring i had to remove all of the loginurl parameters, im using the php sdk.
$loginUrl = $facebook->getLoginUrl();
When i try to add scope, redirect_uri it fails with the error seen in the question. I checked everything matches up on the scope to the app settings and still no joy, cannot apply any parameters. However, without the parameters my app is able to authenticate.
I'm trying to get Facebook authentication working with Devise through omniauth-facebook, I've followed the instructions here: https://github.com/plataformatec/devise/wiki/OmniAuth%3a-Overview
When I follow the login with Facebook link I am redirected to Facebook to login and accept the requested permissions.
I am then taken back to /users/sign_in with the error message "Could not authorize you from Facebook because "Invalid credentials""
Looking at the server logs the redirect comes from "/users/auth/facebook/callback?code=[long text string]" which is being processed with Users::OmniauthCallbacksController#failure rather than Users::OmniauthCallbacksController#facebook as I would have expected if it had worked.
Any suggestions as to why this is happening and how to resolve it much appreciated.
Ok, I had the very same issue. The reason for me turned out that I had defined this line in config/initializers/devise.rb:
config.omniauth :facebook ...
The app id and app secret were defined for my test Facebook app, and for production one. Fixing those id:s now fixed the problem.
facebook changes protocol from oauth to oauth2
the main difference that credentials (id, token, name..) now packaged into one hash. You should parse.