问题
I am trying to implement omniauth-facebook as described in Railscast #360 and have run into quite a roadblock. When I click on the signin link, I get the desired popup asking me to input my facebook credentials, but when I submit, I get an OmniAuth::Strategies::OAuth2::CallbackError error. In the apache logs, this is printed: (facebook) Authentication failure! invalid_credentials: OmniAuth::Strategies::OAuth2::CallbackError, OmniAuth::Strategies::OAuth2::CallbackError
here is the relevant code:
omniauth.rb
OmniAuth.config.logger = Rails.logger
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, ENV['FACEBOOK_APP_ID'], ENV['FACEBOOK_SECRET']
end
sessions_controller.rb
class SessionsController < ApplicationController
def create
user = User.from_omniauth(env["omniauth.auth"])
session[:user_id] = user.id
redirect_to root_url
end
def destroy
session[:user_id] = nil
redirect_to root_url
end
end
application.html.erb
<div id="fb-root"></div>
<script>
window.fbAsyncInit = function() {
FB.init({
appId : '(**my app id**)', // App ID
status : true, // check login status
cookie : true // enable cookies to allow the server to access the session
});
$('#sign_in').click(function(e) {
e.preventDefault();
return FB.login(function(response) {
if (response.authResponse) {
return window.location = '/auth/facebook/callback';
}
});
});
return $('#sign_out').click(function(e) {
FB.getLoginStatus(function(response) {
if (response.authResponse) {
return FB.logout();
}
});
return true;
});
};
</script>
Am I missing something simple? I've been searching for a solution for the last few days.
回答1:
It seems like omniauth-facebook v1.4.1 introduced an issue with CSRF. A temporary fix is to just roll back to v1.4.0. In your Gemfile, change the omniauth-facebook line to:
gem 'omniauth-facebook', '1.4.0'
I've reported the issue: https://github.com/mkdynamic/omniauth-facebook/issues/73
回答2:
I had a similar issue where it was working for 1 user but getting the Authenticating error for the 2nd user.
Disabling the Sandbox mode (Apps > Settings > Advanced) seems to have fixed it.
回答3:
In your omniauth.rb add code:
OmniAuth.config.on_failure = Proc.new do |env| new_path = "/auth/failure"
[302, {'Location' => new_path, 'Content-Type'=> 'text/html'}, []]
end
回答4:
I've noticed that omniauth-oauth2 > 1.0.3 will cause a problem too, uninstalling higher version and keep omniauth-oauth2 1.0.3 solved the problem ..
回答5:
I have this too.
Remove the JS script in your application.html.erb (but keep the fb-root div) will work. Anyway, the FB login screen won't be displayed in a popup window anymore, you'll be redirected to FB login then back to your site instead.
回答6:
For anyone that's careless like I am,
Remember to switch you app out of Sandbox mode at developers.facebook before you deploy!
Sandbox mode will trigger the csrf error for everyone except the developer's account.
回答7:
you may want to override OmniauthCallbacksController, and add this to logging:
class OmniauthCallbacksController < Devise::OmniauthCallbacksController
def failure_message
exception = env["omniauth.error"]
#add login here:
Rails.logger.info "exception: #{exception.inspect}"
error = exception.error_reason if exception.respond_to?(:error_reason)
error ||= exception.error if exception.respond_to?(:error)
error ||= env["omniauth.error.type"].to_s
error.to_s.humanize if error
end
#other code ...
end
after ive added mine, i found "invalid ip..." issue,
来源:https://stackoverflow.com/questions/11597130/omniauth-facebook-keeps-reporting-invalid-credentials