I'm trying to make Facebook login with omniauth-facebook in Rails 3.2.9; I have followed the steps of Ryan Bates in http://railscasts.com/episodes/360-facebook-authentication and in this very moment I have the same code.
If I try to login without the Javascript it works (it takes me to Facebook, I grant the permissions, and gets me back to the app successfully), but if I try with the Javascript (for the Facebook popup) it initially shows the popup to login, but then makes a redirect and throws me this error (without asking for the permissions):
Started GET "/auth/facebook/callback" for 127.0.0.1 at 2012-11-16 15:16:03 -0600
(facebook) Callback phase initiated.
(facebook) Authentication failure! invalid_credentials: OmniAuth::Strategies::OAuth2::CallbackError, OmniAuth::Strategies::OAuth2::CallbackError
OmniAuth::Strategies::OAuth2::CallbackError (OmniAuth::Strategies::OAuth2::CallbackError)
This is a very common error; I made the research and tried all the solutions (mostly are from some months ago) but none of them work. This is what I have tried:
http://localhost:3000/
omniauth-facebook must pass either a
codeparameter or a signed request (via
signed_requestparameter or a
fbsr_XXXcookie)
What else should I do? (I think the key is in the Javascript, and right now I have the same code of the video, with CoffeeScript). Thanks in advance!
I followed that Railscast just now and managed to get it working. You'll notice people discussing your problem in the comments. Following the links there, I ended up on this issue on Github and this question on StackOverflow.
I recommend updating to 1.6.0
and to 2.0.0
when it finally comes out. In the meantime, make sure you aren't making any of these mistakes:
Defining your app credentials in two different initializers, usually omniauth.rb
and devise.rb
. source
Having a domain name mismatch between your live site and the site url configured within your facebook application. source
Leaving the facebook application in sandbox mode, so the domain name doesn't match the production one. source
Adding a before_filter :authenticate
to the OmniauthCallbacksController or ApplicationController (since OmniauthCallbacksController inherits from ApplicationController). source
Using omniauth-facebook
in conjunction with Facebook's client-side flow. source
Messing with the state
param.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With