I'm trying to make Facebook login with omniauth-facebook in Rails 3.2.9; I have followed the steps of Ryan Bates in http://railscasts.com/episodes/360-facebook-authentication and in this very moment I have the same code.
If I try to login without the Javascript it works (it takes me to Facebook, I grant the permissions, and gets me back to the app successfully), but if I try with the Javascript (for the Facebook popup) it initially shows the popup to login, but then makes a redirect and throws me this error (without asking for the permissions):
Started GET "/auth/facebook/callback" for 127.0.0.1 at 2012-11-16 15:16:03 -0600
(facebook) Callback phase initiated.
(facebook) Authentication failure! invalid_credentials: OmniAuth::Strategies::OAuth2::CallbackError, OmniAuth::Strategies::OAuth2::CallbackError
OmniAuth::Strategies::OAuth2::CallbackError (OmniAuth::Strategies::OAuth2::CallbackError)
This is a very common error; I made the research and tried all the solutions (mostly are from some months ago) but none of them work. This is what I have tried:
- Checking the sandbox in Facebook is disable (and I have waited hours for the propagation)
- Checking the Site URL to
http://localhost:3000/
- Checking the App ID and App Secret
- Downgrading the omniauth-facebook gem to 1.4, and throws me this error:
omniauth-facebook must pass either a
codeparameter or a signed request (via
signed_requestparameter or a
fbsr_XXXcookie)
- Downgrade to Rails 3.2.8
What else should I do? (I think the key is in the Javascript, and right now I have the same code of the video, with CoffeeScript). Thanks in advance!
Best Answer
I followed that Railscast just now and managed to get it working. You'll notice people discussing your problem in the comments. Following the links there, I ended up on this issue on Github and this question on StackOverflow.
I recommend updating to
1.6.0
and to2.0.0
when it finally comes out. In the meantime, make sure you aren't making any of these mistakes:Defining your app credentials in two different initializers, usually
omniauth.rb
anddevise.rb
. sourceHaving a domain name mismatch between your live site and the site url configured within your facebook application. source
Leaving the facebook application in sandbox mode, so the domain name doesn't match the production one. source
Adding a
before_filter :authenticate
to the OmniauthCallbacksController or ApplicationController (since OmniauthCallbacksController inherits from ApplicationController). sourceUsing
omniauth-facebook
in conjunction with Facebook's client-side flow. sourceMessing with the
state
param.