Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

"Error validating client secret." 404 with Facebook Oauth and ruby

I am trying to implement facebook authentication for an app with warden, after the user allows facebook auth and redirects to my app callback with the token I get a 400 while consuming the api. My warden strategy is this:

class Facebook < Warden::Strategies::Base
  def client
    @client ||= OAuth2::Client.new MyApp::Facebook::AppID, MyApp::Facebook::AppSecret, :site => 'https://graph.facebook.com'
  end

  def params
    @params ||= Rack::Utils.parse_query(request.query_string)
  end

  def authorize_url
    client.web_server.authorize_url :redirect_uri => request.url, :scope => 'email,publish_stream'
  end

  def authenticate!
    throw(:halt, [302, {'Location' => authorize_url}, []]) unless params['code']
    facebook = client.web_server.get_access_token params['code'], :redirect_uri => request.url
  rescue OAuth2::HTTPError => e
    puts e.response.body
  end
end

Strategies.add :facebook, Facebook

The result of printing the response body is this:

{"error":{"type":"OAuthException","message":"Error validating client secret."}}

I am pretty shure the app id and app secret are the ones provided by FB.

Thanks.

like image 925
Macario Avatar asked Jan 20 '11 23:01

Macario


2 Answers

I've seen that error message many times. Here are the things I would double check:

  • your domain is the same as what you listed in the facebook callback url
  • the app id is correct (actually print this out on a page, sometimes y
  • the app secret is correct
like image 56
Jerry C. Avatar answered Nov 14 '22 07:11

Jerry C.


Add redirect_uri while creating the object of facebook that will fix the issue.

Redirect the user to https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL After user click allow, it'll hit our Redirect Uri At that point we'll get the code and we need to do a server side HTTP Get to the following Url to exchange the code with our oAuth access token:

https://graph.facebook.com/oauth/access_token? client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&

 client_secret=YOUR_APP_SECRET&code=THE_CODE_FROM_ABOVE

Now at step 3, I kept on getting Http 400 response back.

So after some research, I found out that on that redirect_uri that we submitted on step 3 doesn't do anything but validate the request. Thus, the value need to match with step 2.

like image 23
sourab Avatar answered Nov 14 '22 06:11

sourab