Rails Facebook login error with omniauth-facebook - OmniAuth::Strategies::OAuth2::CallbackError

8
votes

I'm trying to make Facebook login with omniauth-facebook in Rails 3.2.9; I have followed the steps of Ryan Bates in http://railscasts.com/episodes/360-facebook-authentication and in this very moment I have the same code.

If I try to login without the Javascript it works (it takes me to Facebook, I grant the permissions, and gets me back to the app successfully), but if I try with the Javascript (for the Facebook popup) it initially shows the popup to login, but then makes a redirect and throws me this error (without asking for the permissions):

Started GET "/auth/facebook/callback" for 127.0.0.1 at 2012-11-16 15:16:03 -0600
(facebook) Callback phase initiated.
(facebook) Authentication failure! invalid_credentials: OmniAuth::Strategies::OAuth2::CallbackError, OmniAuth::Strategies::OAuth2::CallbackError

OmniAuth::Strategies::OAuth2::CallbackError (OmniAuth::Strategies::OAuth2::CallbackError)

This is a very common error; I made the research and tried all the solutions (mostly are from some months ago) but none of them work. This is what I have tried:

  1. Checking the sandbox in Facebook is disable (and I have waited hours for the propagation)
  2. Checking the Site URL to http://localhost:3000/
  3. Checking the App ID and App Secret
  4. Downgrading the omniauth-facebook gem to 1.4, and throws me this error: omniauth-facebook must pass either acodeparameter or a signed request (viasigned_requestparameter or afbsr_XXXcookie)
  5. Downgrade to Rails 3.2.8

What else should I do? (I think the key is in the Javascript, and right now I have the same code of the video, with CoffeeScript). Thanks in advance!

2
ruby-on-railsfacebookoauth-2.0omniauth
since u said mostly is javascript error, do you check the console log from firebug or the network in the chrome? try to figure what the javascript doing and where it stop. alert something in the middle. - Nich
Hi, there is no Javascript error, nor warning or any message... - pablomarti
I found a similar solution with Rails 3.2.8. See my comments on the Github issue at github.com/mkdynamic/omniauth-facebook/issues/75. - Martin Streicher

2 Answers

17
votes

I followed that Railscast just now and managed to get it working. You'll notice people discussing your problem in the comments. Following the links there, I ended up on this issue on Github and this question on StackOverflow.

I recommend updating to 1.6.0 and to 2.0.0 when it finally comes out. In the meantime, make sure you aren't making any of these mistakes:

  • Defining your app credentials in two different initializers, usually omniauth.rb and devise.rb. source

  • Having a domain name mismatch between your live site and the site url configured within your facebook application. source

  • Leaving the facebook application in sandbox mode, so the domain name doesn't match the production one. source

  • Adding a before_filter :authenticate to the OmniauthCallbacksController or ApplicationController (since OmniauthCallbacksController inherits from ApplicationController). source

  • Using omniauth-facebook in conjunction with Facebook's client-side flow. source

  • Messing with the state param.

0
votes

Solution without downgrading (using 1.5.1 right now) :

https://github.com/intridea/omniauth-oauth2/issues/32 -> Add this to your provider declaration : provider :facebook, xxxxxxxxx, yyyyyyyyy, {:provider_ignores_state => true}