Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

OmniAuth Strategies Facebook NoAuthorizationCodeError (must pass either a `code` parameter or a signed request (via `signed_request` parameter):

I am getting a error:

 OmniAuth::Strategies::Facebook::NoAuthorizationCodeError (must pass either a 
`code` parameter or a signed request (via `signed_request` parameter or a 
`fbsr_XXX` cookie)):

Its not coming all the time. Its coming once in a while, notified by airbrake.

There are lot of links for this on google search but not able to find out a proper solution.. Anyone? omniauth.rb under initializers directory:

OmniAuth.config.logger = Rails.logger
Rails.application.config.middleware.use OmniAuth::Builder do
  provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET'], {:client_options => {:ssl => {:ca_path => "/etc/ssl/certs"}}, :scope => 'user_about_me,email,publish_actions,user_location,publish_stream,offline_access,user_interests,user_likes,user_hometown', :display => 'popup'}      

  OmniAuth.config.on_failure = Proc.new do |env|
    #this will invoke the omniauth_failure action in SessionsController.
    "SessionsController".constantize.action(:omniauth_failure).call(env)
  end         
end

PS: I am using facebook javascript sdk with facebook-omniauth

like image 803
Mohit Jain Avatar asked Sep 11 '12 12:09

Mohit Jain


2 Answers

I recently encountered this error when also using the FB JS SDK with omniauth-facebook. I fixed it by sending the signed_request parameter with the GET as shown below:

$(document).bind("fb.loaded", function() {
  FB.getLoginStatus(function(response) {

    console.log('FB STATUS: ' + response.status);
    if(response.status == "connected") {

      console.log("FB AUTHED");

      location.href =
        '/auth/facebook/callback?' +
        $.param({ signed_request: response.authResponse.signedRequest })
      });

    }
  });
});

The scenario occurs when a user visits your site when already logged into FB but not your site. One often needs to sign the subsequent request to the omniauth callback:

Request URL:
http://localhost:3000/auth/facebook/callback?signed_request=QXZa2TPs8JiSgSAQkrS7Y7ObPZQDYLcU_JNvD6Wru_o.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImNvZGUiOiJBUURjQXdZUdVOMEFmd1RCbjRDQWp4eHpKcWRoRllOS1owLVZpa2pKTUQxSU1UbHJzbmEyMVNUUUtOLWl6b1dJOXJVRWUyWTBNd3ViZ1JxcmZJQmVMRDNOREI2M1EwREtqVzJCeVxTU2ZMR1foWlVwOEVlX0dMVUtwYUlqcWlaQ2FSc1h5c0NBNHdyZDBxbk4taU1haWp2cVFIX19QdUhxaldFcUtYZDc1LS1oZmptcTg4QVVuemVJdDJ4S2VOd3VPZG9vOGtaQkZlZmctZ2FDMk9CNl8wZ24iLCJpc3N1ZWRfYXQiOjEzNTg5NzQ4NzMsInVzZXJfaWQiOiIxMDYwMTg4NyJ9`

If using AJAX, you would need something like this:

      $.get(
        '/auth/facebook/callback',
        { signed_request: response.authResponse.signedRequest },
        function(json) {
          alert("received logged in response");
      });
like image 120
dimroc Avatar answered Oct 03 '22 22:10

dimroc


When you get the error

  • You will get this error if your app is in sandbox mode and you try to log in using real users which are not listed in the Developer Roles for your application . Once you create test users and use those instead, it will work.

  • You will also get this error in the opposite situation: you try to log in to your production app while being logged into facebook as a test user. You will get that error, and in my url I also get very clear information:

error_code=2102&error_message=User+is+not+a+test+user+owned+by+the+application

How to create test users

To create test users, click on Edit settings > Developer Roles in your application configuration at developers.facebook.com and click create on the Test users section. After creating the user, set the password clicking on Set Password and note down its facebook id which you can visualize when clicking modify. Then use those credentials to login to your app in sandbox mode.

like image 35
deivid Avatar answered Oct 03 '22 21:10

deivid