Omniauth-facebook keeps reporting invalid_credentials

Question

I am trying to implement omniauth-facebook as described in Railscast #360 and have run into quite a roadblock. When I click on the signin link, I get the desired popup aski

Answer 1

you may want to override OmniauthCallbacksController, and add this to logging:

class OmniauthCallbacksController < Devise::OmniauthCallbacksController
  def failure_message
    exception = env["omniauth.error"]
    #add login here:
    Rails.logger.info "exception: #{exception.inspect}"
    error   = exception.error_reason if exception.respond_to?(:error_reason)
    error ||= exception.error        if exception.respond_to?(:error)
    error ||= env["omniauth.error.type"].to_s
    error.to_s.humanize if error
  end

  #other code ...
end

after ive added mine, i found "invalid ip..." issue,

Answer 2

I've noticed that omniauth-oauth2 > 1.0.3 will cause a problem too, uninstalling higher version and keep omniauth-oauth2 1.0.3 solved the problem ..

Answer 3

It seems like omniauth-facebook v1.4.1 introduced an issue with CSRF. A temporary fix is to just roll back to v1.4.0. In your Gemfile, change the omniauth-facebook line to:

gem 'omniauth-facebook', '1.4.0'

I've reported the issue: https://github.com/mkdynamic/omniauth-facebook/issues/73

Answer 4

For anyone that's careless like I am,

Remember to switch you app out of Sandbox mode at developers.facebook before you deploy!

Sandbox mode will trigger the csrf error for everyone except the developer's account.

Answer 5

In your omniauth.rb add code:

OmniAuth.config.on_failure = Proc.new do |env| new_path = "/auth/failure"
 [302, {'Location' => new_path, 'Content-Type'=> 'text/html'}, []]
end

Answer 6

I had a similar issue where it was working for 1 user but getting the Authenticating error for the 2nd user.

Disabling the Sandbox mode (Apps > Settings > Advanced) seems to have fixed it.