Broken FB-omniauth after bundle update, invalid credentials

Question

The oauth data doesn't go to controller action. Can't understand what's wrong. There is one more auth provider in this controller and it works well the core is absolutely same.

devise  3.5.10 
rails 4.2.4

devise.rb
config.omniauth :facebook, Figaro.env.fb_app_id, Figaro.env.fb_app_secret, callback_url: 'https://chotam.ru/users/auth/facebook/callback',
                  scope: 'email, publish_actions'

class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController

def facebook
    logger.error "fb here" # IT'S NO OUTPUT HERE ON REQUEST!!!
    logger.error(request.env['omniauth.auth'])
    result = User.find_for_facebook_oauth(request.env["omniauth.auth"], current_user)
    @user = result[:user]
    status = result[:status]
    if @user
      token = request.env["omniauth.auth"]["credentials"]["token"]
      @user.account.update_attribute(:fb_token, token)
      if status[:redirect] == 'added' || status[:redirect] == 'existed'
        flash[status[:key]] = status[:value]
        render 'devise/registrations/edit'
      else
        flash[status[:key]] = status[:value]
        sign_in_and_redirect @user, event: :authentication
      end
    else
      flash[status[:key]] = status[:value]
      redirect_to new_user_registration_url
    end
  end

UPDATE With logger I can see following:

E, [2017-03-28T23:46:41.255481 #21494] ERROR -- : (facebook) Authentication failure! invalid_credentials: OAuth2::Error, :
{"access_token":"real_token","token_type":"bearer"$

How to find what's wrong? And also I found that users can't change their passwords anymore.

I'm getting the same error...I do know that Facebook upgraded their API yesterday (3/27/2017), so I'm digging through my code to understand better. If I find out, I will post here. — jakeatwork, Mar 28 '17 at 18:43

score 4 · Accepted Answer · answered Mar 28 '17 at 22:24

4

Ok...found a way without updating the gem.

You can add the following in your config/initializers/devise.rb file at the config.omniauth line:

client_options: {
  site: "https://graph.facebook.com/v2.3",
  authorize_url: "https://www.facebook.com/v2.3/dialog/oauth"
},
token_params: {
  parse: :json
}

YMMV with the full config, but it would look something like this:

config.omniauth :facebook, ENV["FACEBOOK_KEY"], ENV["FACEBOOK_SECRET"],
    scope: 'email',
    secure_image_url: true,
    auth_type: 'https',
    info_fields: 'email,name,first_name,last_name',
    client_options: {
        site: "https://graph.facebook.com/v2.3",
        authorize_url: "https://www.facebook.com/v2.3/dialog/oauth"
    },
    token_params: {
        parse: :json
    }

The main issue is that they upgraded the response format and without the forced version pointer and the token params to parse the new json format (instead of url encoded format), it would break at the response because it didn't recognize what was spit back from the api.

answered Mar 28 '17 at 22:24

jakeatwork

487
5
17

But from my computer only... Other users have error: (facebook) Authentication failure! no_authorization_code: OmniAuth::Strategies::Facebook::NoAuthorizationCodeError, must pass either a `code` (via URL or by an `fbsr_XXX` signed request cookie) – nobilik Mar 29 '17 at 01:16
What do you mean other users? If you made the update on your local computer, then how are they accessing your local computer? – jakeatwork Mar 29 '17 at 01:32
No)) I update production server, and I was able to enter via FB. I made it few times. But my friend hit an error. I try to access site from iphone and also hit an error... – nobilik Mar 29 '17 at 01:36
Well, it's hard to tell exactly...try looking up that new error on stackoverflow separately from this issue. Maybe something else in your config or application isn't working. – jakeatwork Mar 29 '17 at 03:03
looks like if you scroll down to SEMVC's comment, they have the same issue and a fix is posted in reply by NUNZIOFIORE: https://coderwall.com/p/bsfitw/ruby-on-rails-4-authentication-with-facebook-and-omniauth, but this is definitely a separate issue, so if you don't find this solution works, keep digging on google. good luck – jakeatwork Mar 29 '17 at 03:07
The problem was that I use https address to access the site from my computer, but if I try to access through http the error rise – nobilik Mar 29 '17 at 03:07

score 1 · Answer 2 · 2017-03-28T18:53:40.973

1

Try this. You have to update facebook-omniauth gem. How to fix invalid credential? omniauth-facebook gem broken after Facebook API Deprecation.

Spent a lot of time here, before fixed - omniauth-facebook issue

edited Mar 28 '17 at 18:53

answered Mar 28 '17 at 18:48

Thanks...that's good to know. I'm going to try to find a way to work this without updating the gem (there are production gem change reasons that updating a gem is less than ideal), so i'll reply with an answer if i can find something that will work outside of updating the gem. – jakeatwork Mar 28 '17 at 18:59

Broken FB-omniauth after bundle update, invalid credentials

2 Answers2