can't authenticate with Facebook

7
votes

I'm following Ryan Bate's instructions for using Omniauth to set up third party authentication, except that I'm trying it with Facebook rather than Twitter, which he sets up in RailsCast 235.

After installing omniauth-facebook gem, and setting up the initializer

Rails.application.config.middleware.use OmniAuth::Builder do
    provider :facebook, 'APP_ID', 'APP_SECRET'

end

I should be able to go to localhost:3000/auth/facebook and be presented with the Facebook login (even though it won't eventually work because we haven't set up the callback url yet) However, when i go to that url, I get this error

{
   "error": {
      "message": "Error validating application.",
      "type": "OAuthException",
      "code": 101
   }
}

and the url actually changes to

https://graph.facebook.com/oauth/authorize?response_type=code&client_id=APP_ID&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Ffacebook%2Fcallback&scope=email%2Coffline_access

On my app, I've set up Devise and followed the instructions on the Devise wiki for integrating Facebook authorization https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview

Can anyone tell me what the problem might be?

Doing a Google search on the error message revealed that quite a few people have experienced this problem in recent weeks but couldn't find anyone with a solution enter image description here

4
ruby-on-railsfacebookauthenticationomniauth
downvote without comment? childishLeahcim
+1 Offsetting down vote, seems legit to me.Gary

4 Answers

7
votes

I searched for 101 and I stumbled upon this page. As you can see, that error stands for Invalid API key, so I believe that the problem lies in where you defined your key.

You should set up your key and your secret in a separate file (for clarity and security) but be mindful that Rails loads files in alphabetical order so the file that defines those constants should have a name that comes before the file that configures the oauth connection. In my case, I created a file called constants.rb, which comes before devise.rb. Also, make sure to keep this file away from source control. You don't want other people to have your keys and secrets.

# config/initializers/constants.rb
FACEBOOK_KEY = 'string'
FACEBOOK_SECRET = 'string'

Then configure your connection in your devise file if you are using devise or in your omniauth file if you are using simple omniauth:

# config/initializers/devise.rb|omniauth.rb
require 'omniauth-facebook'
config.omniauth :facebook, FACEBOOK_KEY, FACEBOOK_SECRET

Now, there is a better way to do this using ENV variables. I recommend the Figaro gem as it really simplifies configuring apps.

If you want to display the facebook dialog page as a popup, you'll want to use

config.omniauth :facebook, FACEBOOK_KEY, FACEBOOK_SECRET, :display => 'popup'

And follow this question later down the road.

And, if you are on Windows, you'll need a certificate so that the SSL connection does not fail. The solution to this problem is clarified by Arcolye here.

Finally, to test your login locally, all you need to do is define your Site URL as http://localhost:3000/. That's all there is. You do not have to define your canvas URL.

3
votes

In the past, I had an issue using localhost with Facebook applications. What I ended up doing was to create an entry in my host file on my computer to point fbdev.com to localhost and just used "fbdev.com" in place of localhost in the app settings on facebook.

1
votes

I was getting the same error but I had forgotten to restart the server after adding my APP_ID and APP_SECRET :-P Maybe that will help?

0
votes

First, ensure you have the following in routes.rb:

# Auth callback routes
match '/auth/:provider/callback' => 'sessions#create' # This route is hit when a user gives the app permissions (the auth hash will be in request.env['omniauth.auth'])
match '/auth/failure' => 'sessions#failure' # This route is hit when a user doesn't give the app permissions

Second, ensure you have the following in config/initializers/omniauth.rb:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :facebook, 'APP_ID', 'APP_SECRET', :scope => 'email', :display => 'page'
end

Third, ensure you have http://localhost:3000/ set as your Canvas URL in your Facebook app settings (https://developers.facebook.com/apps/).

You should then be able to simply redirect your users to http://localhost:3000/auth/facebook to display the authentication dialog to them.