How to test Facebook-Connect on local host using ssl

0
votes

I have a rails app that uses facebook connect to enable user registration/login (using devise and omniauth). After reading several articles on Firesheep i decided to force ssl communications for my entire app.

I followed this tutorial to force my rails 3.0.x app to communicate only via ssl: http://www.simonecarletti.com/blog/2011/05/configuring-rails-3-https-ssl/

And I followed this tutorial so that I could test the app locally using webrick on locahost:3001: http://blog.readypulse.com/2012/01/19/setup-webrick-to-serve-ssl-https-as-well-as-non-ssl-http-traffic-side-by-side/

So far so good. My app forces ssl communications throughout while running on localhost:3000. My problem occurs when trying to communicate with facebook connect

If I change my facebook development app's site url to https://localhost:3001, fb graph responds with { "error": { "message": "Invalid redirect_uri: Given URL is not allowed by the Application configuration.", "type": "OAuthException", "code": 191 } }

However, if I change the site url to http:localhost:3001 I get an error from my server saying that the connection was reset while loading the page. My browser URL bar shows that the url it tried to load was localhost:3001/auth/facebook/callback?code=MYCODEHERE, and if I simply add, "https://" in front of that URL and reload, the page loads as expected.

Maybe my issue stems from my very basic knowledge of SSL. but i would greatly appreciate it if someone can explain to me how to setup a facebook development app to support my local testing of facebook connect over ssl?

3
facebookssloauthomniauth

3 Answers

2
votes

You need to setup a subdomain pointing to your localhost (whatever IN A 127.0.0.1) or create said subdomain via your /etc/hosts file.

In both cases you can then use http://yoursubdomain.yourdomain/auth/.... with yourdomain being the domain registered for the facebook app.

2
votes

OK. Got it working. Here's what I did so that I can test fb and twitter registration/login over ssl on localhost:3001.

First, I set my app's FB site url to http://localhost:3001. Then I modified the omniauth initializer as follows:

if RAILS_ENV == "production"
  full_host = 'https://www.mydomain.com'
  Rails.application.config.middleware.use OmniAuth::Builder do
    provider :facebook, 'myfbappid', 'myfbsecret', {:scope => 'email, publish_stream'}
    provider :twitter, 'mytwitterappid', 'mytwittersecret'
  end
  Twitter.configure do |config|
    config.consumer_key = 'myconsumerkey'
    config.consumer_secret = 'myconsumersecret'
    config.oauth_token =    'myoauthtoken'
    config.oauth_token_secret = 'myoauthtokensecret'
  end
elsif RAILS_ENV == "development"
  full_host = 'https://localhost:3001'
  Rails.application.config.middleware.use OmniAuth::Builder do
    provider :facebook, 'myfbdevappid', 'myfbdefappsecret', {:scope => 'email, publish_stream'}
    provider :twitter, 'mytwitterdevappid', 'mytwitterdevappsecret'
  end
  Twitter.configure do |config|
    config.consumer_key = 'mytwitterconsumerkey'
    config.consumer_secret = 'mytwitterconsumersecret'
    config.oauth_token =    'mytwitteroauthtoken'
    config.oauth_token_secret = 'mytwitteroathtokensecret'
  end
end
OmniAuth.config.full_host = full_host
0
votes

You can use https://ngrok.com/ to get a secure url which point to your localhost