laravel4 hybridauth facebook Authentication failed! Facebook returned an invalid user id

Question

OK, I'm trying to use Hybridauth with laravel 4. However I seem to be getting the very common when trying to log in with facebook:

Authentication failed! Facebook returned an invalid user id.

I have read all the other posts, and have had no luck, so just hoping someone may be able to help me.

I followed this tutorial: http://www.mrcasual.com/on/coding/laravel4-package-management-with-composer/

And have tried several other configurations to no success.

Here is my config/hybridauth.php

<?php
return array(
    "base_url"   => "http://myapp.dev/social/auth/",
    "providers"  => array (
        "Facebook"   => array (
            "enabled"    => true,
            "keys"       => array ( "id" => "****", "secret" => "****" ),

        ),
    ),
);

And here is my route:

Route::get('social/{action?}', array("as" => "hybridauth", function($action = "")
{
    // check URL segment
    if ($action == "auth") {
        // process authentication
        try {
            Hybrid_Endpoint::process();
        }

        catch (Exception $e) {
            // redirect back to http://URL/social/
            return Redirect::route('hybridauth');
        }
        return;
    }

    try {
        // create a HybridAuth object
        $socialAuth = new Hybrid_Auth(app_path() . '/config/hybridauth.php');
        // authenticate with Facebook
        $provider = $socialAuth->authenticate("Facebook");
        // fetch user profile
        $userProfile = $provider->getUserProfile();
    }

    catch(Exception $e) {
        // exception codes can be found on HybBridAuth's web site
        return $e->getMessage();
    }

    // access user profile data
    echo "Connected with: <b>{$provider->id}</b><br />";
    echo "As: <b>{$userProfile->displayName}</b><br />";
    echo "<pre>" . print_r( $userProfile, true ) . "</pre><br />";

    // logout
    $provider->logout();
}));

So, when I access "myapp.dev/social" I'm brought to the facebook sign up page everthing seems to work fine, asks me to allow permissions to myadd.dev. After I click OK I am brought to the following URL: http://myapp.ie/social#_=_ where the error is displayed.

Not sure if this is relevant: Just from observing other sites that in-cooperate a facebook login.. the redirect URL looks something like http://somesite.dev/subdomain/#_=_ . In other words they have a slash before the #=. Is this my problem, how do I fix it?? Very new to hybridauth so any help greatly appreciated thanks.

Oh I do realize that this post is very similar to other posts but I have yet to find a solution.

UPDATE: the exact error: Authentification failed. The user has canceled the authentication or the provider refused the connection.

Answer 1

In base_facebook.php do following

  public static $CURL_OPTS = array(
    CURLOPT_CONNECTTIMEOUT => 50,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_TIMEOUT        => 60,
    CURLOPT_USERAGENT      => 'facebook-php-3.2',
    CURLOPT_SSL_VERIFYPEER => false,
    CURLOPT_SSL_VERIFYHOST => false,
  );

  protected $trustForwarded = true;
  protected $allowSignedRequest = false;

Answer 2

CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false

at modules/hybridauth/Hybrid/thirdparty/Facebook/base_facebook.php:128

solved!

Answer 3

For anyone else this is what worked for me: I reset app secret and now works great. No idea why my first app secret key did not work. Spent a ridiculous amount of time trying to fix this error.

Answer 4

Had this error in the past. Solved by modyfying Hybridauth's code myself.

1. In thirdparty/Facebook/base_facebook.php make sure $CURL_OPTS array uses: CURLOPT_SSL_VERIFYPEER => false
2. In my case I was closing session files for performance improvements so I added: session_start() inside Storage.php wherever HA::STORE session var is being updated/unset.

Let me know if it helps.

Answer 5

CURLOPT_SSL_VERIFYPEER => false & resetting my app secret key didn't work for me. I was getting this error because of some conflict with privileges I had previously setup. Removing the app from my facebook account did the trick (under privacy settings -> apps).

Answer 6

REMOVE THE TRAILING SLASH !!! (in config/hybridauth.php)

"base_url" => "http://myapp.dev/social/auth/",

should be

"base_url" => "http://myapp.dev/social/auth",

Answer 7

My case was a little bit more specific, but just in case: Be carefull with redirects!

I had an SSL Certificate installed and a redirect to force the user over https, but when I first configured HybridAuth I didn't took this into account. The facebook request was being redirected over to https causing the $_REQUEST data to be lost in the process.

For me the change was, in Hybrid/config.php:

"base_url" => "http://my-site.com/"

to

"base_url" => "https://my-site.com/"

Answer 8

I was having the same issue (although using HybridAuth on Yii) and turns out my app on Facebook was still in Sandbox mode. No source code changes needed on HybridAuth, just needed to turn off Sandbox Mode for the app and suddenly everything worked. Hope this helps.

Answer 9

This happened to me because my SSL is terminated in AWS's load balancer

Just update the config file in your app/config to include the trustForwarded setting

<?php

return array(
    'base_url'   => 'http://website.com/oauth/auth',
    'providers'  => array (
        'Facebook'   => array (
            'enabled'    => true,
            'keys'       => array ( 'id' => 'redacted', 'secret' => 'redacted' ),
            'trustForwarded' => true,
        ),
    ),
);

Answer 10

I had the exact same error message on a wordpress installation using Hybridauth. To find the problem I set up an isolated test with the Facebook PHP SDK (which Hybridauth uses) just to find out that curl_exec was not enabled on my host. Happily, an easy fix.

If you are on apache open you php.ini and delete curl_exec from this line:

disable_functions = curl_exec

Reload your apache configuration and voila :)

Hope this will help somebody.