2

I have a problem on production with Facebook login which happened today. I'm using Rails omniouth-facebook gem for authentication users via Fb.

So, after some debugging I figure out that uid which I got in response from Facebook isn't the same as uid which particular user has stored in database.

I have this part:

find_by(provider: auth.provider, uid: auth.uid)

where auth is env['omniauth.auth'] and when I manually check user with auth.email in my database uids not matched, so this function always returns nil and Login Failure.

Does anybody has idea what could be the problem? Really would appreciate any hint.

Thanks, Bojan

zauzaj
  • 1,206
  • 12
  • 20
  • Is the UID scoped? Depending on API and context Facebook may return ids unique to a relationship with a particular page. – Jeremy Gordon Jun 06 '16 at 23:04
  • I don't know is it scoped, I suppose yes as I have Fb application registered. And also on staging pretty much the same configuration and everything works fine – zauzaj Jun 06 '16 at 23:06
  • I just checked, it is scoped as it use V2.5 The point is that it was working about 4-5 hours ago, and I'm not sure what's happening and how to solve it. – zauzaj Jun 06 '16 at 23:17

1 Answers1

1

With API v2.0, Facebook introduced app-scoped user ids.

For every new user that logs in to your app after the switch was made to 2.0, you will not get their “global” user id any more, but only an app-scoped one, that is unique to your app - to be more specific, it is tied to your app id.

So if you are using different app ids, resp. switched app ids at some point, of course you will get different app-scoped ids for the same user.

If you have a business that has several apps, you can connect them via Business Manager, so that you can connect the different app-scoped user ids for different apps.

CBroe
  • 91,630
  • 14
  • 92
  • 150
  • Thanks for reply. So the point here is that this is only one application which we are using for production and we are using it sincy January this year. Everything was perfect since yesterday, when I noticed this issue. We didn't touch App neither Facebook_key/Facebook_secret there. So right now our existing users complain as they can't login via Facebook and we have to find solution quickly. Do you have any suggestion ? – zauzaj Jun 07 '16 at 09:29
  • App-scoped user ids are supposed to stay the same, for the same app id. If that is not the case, file a bug report: https://developers.facebook.com/bugs – CBroe Jun 07 '16 at 09:31
  • Also what I noticed, when I try to do something like: www.facebook.com/user_id it works with both uids. Mine from database for existing user and new one from response. Maybe I should update them all with new one ? – zauzaj Jun 07 '16 at 09:57
  • When I use this https://graph.facebook.com/me?access_token I'm getting different uid that I have in database. Also using this https://developers.facebook.com/tools/debug/ with token I'm getting from the response I see that there is a diff UID then I have in database. I just don't know how that's happened as App credentials are the same and nothing was changed. – zauzaj Jun 07 '16 at 10:25
  • The first thing is normal - `www.facebook.com/{app-scoped-user-id}` is supposed to redirect to the “real” profile URL in a browser. / Again, if you are _sure_ that the app id used is still the same - file a bug report; that should not happen. – CBroe Jun 07 '16 at 11:21