What is the meaning of the error for Facebook SSO callback in rails

Question

I am trying to implement facebook sso in a project without any gem. After callback it is throwing the below error.

The API calls

The errors

My code is Gemfile:

gem 'devise'
   gem 'devise_invitable', '~> 2.0.0'
   gem 'devise-jwt'
    gem 'omniauth-oauth2', '~> 1.7'
    gem 'omniauth'
    gem 'omniauth-rails_csrf_protection', '~> 1.0.0'

OmniauthAuthenticatorsController.rb

 def facebook
    ForceSignOut.call(request)  if request.cookie_jar["#{tenant.upcase}-ID-TOKEN"].present?
    repost("/auth/facebook/#{omniauth_params}",
               options: { authenticity_token: :auto, cookies: cookies })
 end

omniauth_callbacks_controller.rb

def facebook_hotwire
   success(CncOmniauth::FacebookSession.new(request, auth_hash).authenticate)
end

facebook.rb

# frozen_string_literal: true

require 'omniauth-oauth2'

module OmniAuth
  module Strategies
    class Facebook < OmniAuth::Strategies::OAuth2
      DEFAULT_SCOPE = 'email'

      option :name, :facebook

      option :client_options, {
        site: 'https://graph.facebook.com/v4.0',
        authorize_url: 'https://www.facebook.com/v4.0/dialog/oauth',
        token_url: 'oauth/access_token'
      }
      option :authorize_options, [:scope]
      uid { raw_info['id'] }

      extra do
        { 'raw_info' => raw_info }
      end

      def raw_info
        @raw_info ||= access_token.get("#{SOCIAL['facebook']['api_endpoint']}?fields=#{SOCIAL['facebook']['fields']}").parsed || {}
      end


      def authorize_params
        super.tap do |params|
          params['scope'.to_sym] = request.params['scope'] if request.params['scope']
          params[:scope] ||= DEFAULT_SCOPE
          session['omniauth.state'] = params[:state] = CncOmniauth::FacebookSession.state(request.params)
        end
      end

      def callback_url
        options[:redirect_uri] || (full_host + script_name + callback_path)
      end
    end
  end
end

facebook_session.rb

# frozen_string_literal: true

module CncOmniauth
  class FacebookSession < Base
    attr_accessor :extra, :info

    def authenticate
      ApartmentService.switch state_params['tenant']
      return register_user && { user: user.detail, state: state_params } if user.blank?

      set_cookie && save_session && save
      { user: user.list, state: state_params }
    end

    private

    def user
      @user ||= User.find_by(email: info['email'])
    end

    def provider
      'facebook'
    end

    def access_token
      credentials['token']
    end

    def refresh_token
      credentials['refresh_token']
    end

    def expiry
      Time.zone.at(credentials['expires_at'])
    end

    class << self
      def state(params)
        JWT.encode(
          {
            tenant: params['tenant'] || Cnc::Scope::Tenant.current,
            role_id: params['role_id'],
            redirect_url: params['redirect_url'],
            retry_count: params['retry_count']
          }, secret
        )
      end
    end
  end
end

omniauth_graph.rb

Rails.application.config.middleware.use OmniAuth::Builder do

  provider :facebook,
           ENV['FACEBOOK_APP_ID'],
           ENV['FACEBOOK_APP_SECRET']
end

OmniAuth.config.allowed_request_methods = [:post, :get]

routes.rb

match 'auth/facebook_hw/callback', to: 'api/v2/iam/users/omniauth_callbacks#facebook_hotwire', via: %i[get post]

get 'omniauth/facebook_hw_sign_in', to: 'api/v2/iam/users/omniauth_authenticators#facebook'

frontend part:

facebook(event) {
    let data = `?tenant=${event.currentTarget.dataset.tenant}&redirect_url=https://${this.element.dataset.omni_auth}&role_id=3`
    window.location.href = `/omniauth/facebook_hw_sign_in/${data}`
  }

this.element.dataset.omni_auth = site URL event.currentTarget.dataset.tenant = tenant name

What is the meaning of the error?

Answer 1

I see in routes.rb match 'auth/facebook_hw/callback', but in the browser I see auth/facebook/callback. What happens if you edit the url in browser to the use _hw, does it work?