Problems with OAuth 2 Gem

Question

I have a rails project using https://github.com/intridea/oauth2. In my rails app I have the following code:

ApplicationController.rb

def facebook_client
  OAuth2::Client.new(FacebookOauthCredentials::APP_ID, FacebookOauthCredentials::APP_SECRET, :site => 'https://graph.facebook.com')
end

FacebookController.rb

def facebook_session_create(poster, featured_item)
  redirect_to facebook_client.web_server.authorize_url(:scope => 'publish_stream', :redirect_uri => "http://localhost:3000/facebook/facebook_callback")
end

def facebook_callback

  if(params[:code])
    begin
      access_token = facebook_client.web_server.get_access_token(params[:code], :redirect_uri => "http://localhost:3000/facebook/facebook_callback")

      access_token.post('/me/feed', "testing #{rand(1000)}")
    rescue OAuth2::HTTPError => e
      render :text => e.response.body
    end
  end
end

Every time I run this code I get this response:

{"error":{"type":"OAuthException","message":"Error validating verification code."}}

However, I use the sinatra app supplied in the OAuth2 gem's readme file, it works fine.

def client
  OAuth2::Client.new(FacebookOauthCredentials::APP_ID, FacebookOauthCredentials::APP_SECRET, :site => 'https://graph.facebook.com')
end

get '/auth/facebook' do
   redirect client.web_server.authorize_url(
    :redirect_uri => redirect_uri,
    :scope => 'publish_stream'
  )
end

get '/auth/facebook/callback' do
  access_token = client.web_server.get_access_token(params[:code], :redirect_uri =>   redirect_uri)

  begin
    user = JSON.parse(access_token.post('/me/feed', :message => "testing # {rand(10000)}"))
  rescue Exception => e
    return e.response.body
  end

  user.inspect
end

def redirect_uri
  uri = URI.parse(request.url)
  uri.path = '/auth/facebook/callback'
  uri.query = nil
  uri.to_s
end

I have tried reproducing the steps using irb, but I an http 400 error. I'm not sure if it's for the same reason as the rails app, or if it's because I'm doing a hybrid of console and web browser operation. Any suggestions would be greatly appreciated.

Answer 1

I found the answer to my problem on this page Facebook graph API - OAuth Token

I ran into the exact same problem but it turned out the issue is not the encoding of the redirect_uri parameter, or that I had a trailing slash or question mark it's simply that I passed in two different redirect urls (had not read the specification at that time).

The redirect_uri is only used as a redirect once (the first time) to redirect back to the relying party with the "code" token. The 2nd time, the redirect_uri is passed back to the auth server but this time it's not used as you'd expect (to redirect) rather it's used by the authentication server to verify the code. The server responds with the access_token.

You'll notice facebook documentation (which is terrible) says fetch "Exchange it for an access token by fetching .... "

In summary, I didn't have to encode or do anything special to the Uri, just pass in the same redirect_uri twice, and fetch the 2nd page to get the access_token inside.

I didn't copy my original code correctly and the redirect uri I was passing to get the code was different than the uri I was passing to get the access token. Facebook's API documentation is terrible :(

Answer 2

I had this problem/error but finally found a different solution (by comparing my Dev app settings which was working) to my prod app settings (which was generating this error).

I went to the advanced settings page for my app in the Facebook Developer app: https://developers.facebook.com/apps/YourAppID/advanced

Then I found the "Encrypted Access Token:" setting and turn it to "Enabled."