ERROR -- omniauth: (facebook) Authentication failure

Question

I'm getting the following error using the latest Omniauth Facebook gem:

ERROR -- omniauth: (facebook) Authentication failure! invalid_credentials: OAuth2::Error, :

My credentials are correct and i seem to hit facebook ok but the callback errors out.

Any ideas?

Which specific version of omniauth are you using ? I had the same issue 1 week ago and solved it. — Alexander Luna, Apr 03 '17 at 05:46
duplicate: http://stackoverflow.com/questions/43089426/omniauth-callback-not-firing-returns-failure-with-invalid-credentials — rebagliatte, Apr 10 '17 at 02:40

Alexander Luna · Accepted Answer · 2017-04-04T21:17:57.450

3

The problem I had was that my app was using an older version of the facebook API. Omniauth-facebook uses a default API version, in my case 2.4 but my App needed a newer version because that is what it said in my Facebook Developer Console. In my case, all I had to do was to update the omniauth-facebook gem to version 4.0.

If you wish you can set the Facebook API version that you want to use instead of using the default like this (omniauth-facebook docs):

use OmniAuth::Builder do
  provider :facebook, ENV['APP_ID'], ENV['APP_SECRET'],
    client_options: {
      site: 'https://graph.facebook.com/v3.0',  # this is the example API version
      authorize_url: "https://www.facebook.com/v3.0/dialog/oauth"
    }
end

You can check which API verison your app is using by going to your facebook developer console.

You can read more about the omniauth-facebook gem API here: http://www.rubydoc.info/gems/omniauth-facebook/4.0.0#API_Version

edited Apr 04 '17 at 21:17

answered Apr 03 '17 at 22:10

Alexander Luna

5,261
4
30
36

That fixed it locally but for the live app i'm still having issues. My test app is API v2.8 but my live app is v2.6 I'm guessing this is the issue. Any idea how to upgrade the live app API? – Apr 04 '17 at 03:51
Try setting the API so that it matches that of your live app. – Alexander Luna Apr 04 '17 at 07:04
As far as I can tell, there's no way to change the API version from within the developer portal. – Apr 04 '17 at 16:13
Set it in your initializer like I suggested in my answer. Change v3.0 to v2.6. – Alexander Luna Apr 04 '17 at 21:17
I set it in the devise.rb file to the following: ````config.omniauth :facebook, Rails.application.secrets.facebook_id, Rails.application.secrets.facebook_secret, info_fields: 'email,name,birthday', :client_options => { :site => 'https://graph.facebook.com/v2.6', :authorize_url => "https://www.facebook.com/v2.6/dialog/oauth" }```` Works fine locally with the test app that's set at 2.8, but nothing for the live app which is 2.6 – Apr 05 '17 at 03:05
How odd, I have it the other way. 2.6 in test, and 2.8 in production but both work with Omniauth-facebook version 4. Try downgrading to version 3. Also upload your gemfile if possible. – Alexander Luna Apr 06 '17 at 09:35
you can see the current facebook graph api versions here https://developers.facebook.com/docs/graph-api/changelog/ – Dorian Nov 21 '20 at 19:29

score 2 · Answer 2 · answered May 29 '18 at 06:38

I had the same problem but specifying version didn't help me. I end up passing token_params: { parse: :json } something like below which resolved my issue :

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :facebook, Figaro.env.fb_appid, Figaro.env.fb_sec,
           { scope: 'email',  token_params: { parse: :json } }
end

I have found the reference #174 comment

score 2 · Answer 3 · answered Jul 04 '18 at 00:50

If you are not using the gem as a middleware directly and instead configuring your options in config/initializers/devise.rb (like the guide in Devise's wiki suggests), you can solve this issue by adding token_params: { parse: :json } to your config options.

So, in config/initializers/devise.rb:

config.omniauth :facebook, "APP_ID", "APP_SECRET", token_params: { parse: :json }

This problem is explicitly handled in Devise's wiki linked above (see section "If you are seeing something like Could not authenticate you from Facebook because “Invalid credentials”...)

score 0 · Answer 4 · answered Jul 03 '20 at 16:04

Please try to put as many details as you can, try to be specific about your issue to understand the issue more deeply. It'll help to find out the exact issue and answers.

As you're not specific with your issue. I am putting here my answer which I got after so many tries and research.

MY ERROR

ERROR -- omniauth: (facebook) Authentication failure! invalid_credentials: OAuth2::Error, {"message"=>"Cannot call API for app 67878******** on behalf of user sa97**********", "type"=>"OAuthException", "code"=>200, "fbtrace_id"=>"8987987*********"}:

I was facing the above issue in a case if the Facebook user who is authenticating itself by Signing up with his/her details is only having the mobile number in his Facebook profile and NO EMAIL ID because my app is validating the email id should be present before creating any User object.

Because the same code is working fine with the users having the email id in the profile.

Although the Facebook error should be more specific, which saves the developer time to debug the exact issue.

ERROR -- omniauth: (facebook) Authentication failure

4 Answers4