Rails: Could not authenticate you from Facebook because "Invalid credentials"

Question

I integrated omniauth-facebook using https://github.com/plataformatec/devise/wiki/OmniAuth%3a-Overview. But I am getting error of :

Could not authenticate you from Facebook because "Invalid credentials".

And in logs, getting this:

Authentication failure! invalid_credentials: OAuth2::Error, : {"error":{"message":"This authorization code has been used.","type":"OAuthException","code":100}}

I have devise installed. When i click on facebook sign in link, it comes back to devise sign "www.mealnut.com/user/sign_in#=" and gives above error. I checked the solution for "Invalid credentials" on https://github.com/plataformatec/devise/wiki/OmniAuth%3a-Overview and as mentioned there, my app is header set for App Type = Web. Not getting why it is not working.

Also my app is pending review from facebook. But i don't think it is related to this error. Following are the things i did for omniauth-facebook:

Gemfile contains:

gem "omniauth", "~> 1.1.4"
gem 'omniauth-facebook', '1.4.1'

In user model, added:

devise :omniauthable, :omniauth_providers => [:facebook]
attr_accessible :provider, :uid

  def self.find_for_facebook_oauth(auth, signed_in_resource=nil)
    user = User.where(:provider => auth.provider, :uid => auth.uid).first
    unless user
    user = User.create(name:auth.extra.raw_info.name,
                       provider:auth.provider,
                       uid:auth.uid,
                       email:auth.info.email,
                       password:Devise.friendly_token[0,20]
                      )
  end
user
end

devise.rb

require "omniauth-facebook"
config.omniauth :facebook, "APP_ID", "APP_SECRET", :scope => "offline_access, email" 

omniauth.rb:

OmniAuth.config.logger = Rails.logger
Rails.application.config.middleware.use OmniAuth::Builder do
 provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET'], {:provider_ignores_state => true}
end

route.rb:

devise_for :user, :controllers => { :omniauth_callbacks => "omniauth_callbacks" }

Omniauth controller:

class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
  def facebook
    @user = User.find_for_facebook_oauth(request.env["omniauth.auth"], current_user)

    if @user.persisted?
      sign_in_and_redirect @user, :event => :authentication #this will throw if @user is not activated
      set_flash_message(:notice, :success, :kind => "Facebook") if is_navigational_format?
    else
      session["devise.facebook_data"] = request.env["omniauth.auth"]
      redirect_to new_user_registration_url
    end
  end
end

Can anybody help in this?

Answer 1

Thought I'd chip in here since this came up for me when trying to search for a solution for Could not authenticate you from Facebook because “Invalid credentials”

The problem is with Facebook API version >=2.3 you need to set {token_params: {parse: :json}} to your provider config.

devise.rb

config.omniauth :facebook,
    APP_ID,
    APP_SECRET,
    token_params: { parse: :json } # <----- this line is NB

Answer found on this issue for omniauth-oauth2

UPDATE Aug 2018: The "invalid credentials" issue reoccurred, I had to remove the token_params setting for it to work again - so this may not be an issue anymore