Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
636 views
in Technique[技术] by (71.8m points)

ruby on rails - Omniauth-facebook keeps reporting invalid_credentials

I am trying to implement omniauth-facebook as described in Railscast #360 and have run into quite a roadblock. When I click on the signin link, I get the desired popup asking me to input my facebook credentials, but when I submit, I get an OmniAuth::Strategies::OAuth2::CallbackError error. In the apache logs, this is printed: (facebook) Authentication failure! invalid_credentials: OmniAuth::Strategies::OAuth2::CallbackError, OmniAuth::Strategies::OAuth2::CallbackError

here is the relevant code:

omniauth.rb

OmniAuth.config.logger = Rails.logger

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :facebook, ENV['FACEBOOK_APP_ID'], ENV['FACEBOOK_SECRET']
end

sessions_controller.rb

class SessionsController < ApplicationController
  def create
    user = User.from_omniauth(env["omniauth.auth"])
    session[:user_id] = user.id
    redirect_to root_url
  end

  def destroy
    session[:user_id] = nil
    redirect_to root_url
  end
end

application.html.erb

<div id="fb-root"></div>
<script>        
window.fbAsyncInit = function() {
    FB.init({
        appId      : '(**my app id**)', // App ID
        status     : true, // check login status
        cookie     : true // enable cookies to allow the server to access the session
    });

    $('#sign_in').click(function(e) {
        e.preventDefault();
        return FB.login(function(response) {
            if (response.authResponse) {
                return window.location = '/auth/facebook/callback';
            }
        });
    });

    return $('#sign_out').click(function(e) {
        FB.getLoginStatus(function(response) {
            if (response.authResponse) {
                return FB.logout();
            }
        });
        return true;
    });
};
 </script>

Am I missing something simple? I've been searching for a solution for the last few days.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

It seems like omniauth-facebook v1.4.1 introduced an issue with CSRF. A temporary fix is to just roll back to v1.4.0. In your Gemfile, change the omniauth-facebook line to:

gem 'omniauth-facebook', '1.4.0'

I've reported the issue: https://github.com/mkdynamic/omniauth-facebook/issues/73


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...