Hi guys

I'm confused by the purpose of the "popup" option, I have it set yet the FB dialog still takes over the whole window?
I can't see any JS decoration in the code of this gem or Omniauth - do I have to implement the JS myself? Seems what people have done when I Google..

Bit confused as I'm using the out-of-the-box Omniauth config with this FB strategy, following this:

https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview

I can see the example code to use FB JS API instead but that seems to conflict with this option.
Any clarification appreciated.

Cheers

Matt

Hello!

I tried to implement the canvas application login by redirecting the user to the authentication path with the signed_request as an url parameter when the user enters to my application canvas url. This results with an error message "RuntimeError (A refresh_token is not available):".

Any idea why this is happening?

I believe this issue is succinctly explained http://stackoverflow.com/questions/7174162/facebook-omniauth-callback-and

In short, if you don't pass certain things to facebook, they append #= to the url. Has anyone else encountered this? And if so, is there a work around? Tonight, I'll see if I can't hack up the code a bit...

Hello

I would like to authorize and use my application only inside the Facebook. Is it possible?

I tried to use this configuration:

    provider :facebook, app_id, app_secret, {:scope => "publish_stream, offline_access, email" , :iframe => true}
    OmniAuth.config.full_host = "http://apps.facebook.com/yourapp/"

But it didn't work. :(

When I try to access the application inside Facebook (iframe) I get nil for env["omniauth.auth"].

If I comment the full_host

    provider :facebook, app_id, app_secret, {:scope => "publish_stream, offline_access, email" , :iframe => true}
    # OmniAuth.config.full_host = "http://apps.facebook.com/yourapp/"

It works very well, but just outside Facebook.

If I remove the iframe parameter

    provider :facebook, app_id, app_secret, {:scope => "publish_stream, offline_access, email"}

I can use the application in both ways, inside and outside the Facebook. But... I can't authorize the application inside the Facebook, just outside. Inside (iframe) I receive the Facebook logo problem. Facebook shows me the logo instead of the auth permissions box.

- iframe = true
    - authorization works inside and outside Facebook 
    - the application opens always outside the Facebook even if I try to access http://apps.facebook.com/yourapp/

- iframe = true (I want to use this one)
    - OmniAuth.config.full_host = "http://apps.facebook.com/yourapp/"
    - I get nil for env["omniauth.auth"]

- iframe = false
    - authorization works ONLY outside Facebook. Inside I receive Facebook logo problem
    - I can access the app inside and outside Facebook

My environment

* omniauth (1.0.0) 
* omniauth-oauth2 (1.0.0) 
* omniauth-facebook (1.0.0.rc1)

Cheers

As of May 1st 2012 Facebook deprecated the 'offline_access' feature.

source: https://developers.facebook.com/roadmap/offline-access-removal/

As described here: https://developers.facebook.com/docs/beta/authentication/

If this is mentioned somewhere, my appologies. I couldn't find a reference

I have set up a canvas application, with the following initializer:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET'], :iframe => true
end

OmniAuth.config.full_host = 'http://apps.facebook.com/myapp'

This breaks out of the iframe for authentication, then returns the user to the app inside Facebook, as expected. However, because Facebook sends a signed_request parameter with an access token to canvas apps, this is used instead of completing the OAuth flow with the code from Facebook.

The problem is that as far as I can tell, the access token in the signed request is always short-lived (up to 2 hours), whereas the access token returned from the full server-side OAuth flow has the long-lived expiry (60 days). According to Facebook this will be automatically extended up to once a day when requested.

Has anyone else experienced this issue? I propose to introduce another initialization option, perhaps :always_refresh_access_token, to force a server-side refresh of the access token on authentication.

when we use your gem.It turn me to https://graph.facebook.com/oauth/authorize?response_type=code&client_id=234847626576442&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fusers%2Fauth%2Ffacebook%2Fcallback

and page show bellow error. Can not goto facebook login page.

Fetch Server Info

GET 'https://graph.facebook.com:443/oauth/authorize?response_type=code&client_id=234847626576442&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fusers%2Fauth%2Ffacebook%2Fcallback'

Return Code: 500

Message: Urlfetch error: ["GET 'https://graph.facebook.com:443/oauth/authorize?response_type=code&client_id=234847626576442&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fusers%2Fauth%2Ffacebook%2Fcallback' return 400", "GET 'https://graph.facebook.com:443/oauth/authorize?response_type=code&client_id=234847626576442&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fusers%2Fauth%2Ffacebook%2Fcallback' return 400", "GET 'https://graph.facebook.com:443/oauth/authorize?response_type=code&client_id=234847626576442&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fusers%2Fauth%2Ffacebook%2Fcallback' return 400"]

I've looked all over the Facebook docs and can't seem to figure out why, even if I require the email permission, I still sometimes get users who are authorized, but do not have email included in the extra hash. Does anyone have any clue how this is possible and how I can absolutely require an email from Facebook?

With this gemfile:

source 'http://rubygems.org'
gem 'rails', '3.1.6'
gem 'omniauth-facebook'

A bundle update results in:

Bundler could not find compatible versions for gem "multi_json":
  In Gemfile:
    rails (= 3.1.6) ruby depends on
      multi_json (< 1.3, >= 1.0) ruby

    omniauth-facebook (>= 0) ruby depends on
      multi_json (1.3.6)

I recently upgrade to version 1.3 before upgrading to Rails 3.1.5. After upgrading I received this error :

OmniAuth::Strategies::Facebook::NoAuthorizationCodeError: must pass either a code parameter or a signed request (via signed_request parameter or a fbsr_XXX cookie)

Can you confirm this is unrelated to changes between 1.2 and 1.3 ? I looked over the commits and nothing raised my brow.

Hey guys,

I've been using OmniAuth-Facebook successfully on my web app.

However, the same server is also serving pages to a PhoneGap app. I started out authenticating successfully with the FB js sdk, with no interaction with the backend.

However, I'm now trying to save the authentication on the backend, and I'm getting an error in the vincinity of the OmniAuth-Facebook or OAuth2 gems.

{"message":"An unknown error has occurred.","type":"OAuthException","code":1}

(The complete ruby inspect is at the end)

Now the FB Connect plugin for PhoneGap is pretty up to date, except that I think it doesn't use OAuth2 yet...

In my FB.login callback, I try to post to "/users/auth/facebook/callback?format=json", my Omniauth callback controller. At this point, the user is successfully authentified on the PhoneGap front-end. But the backend fails to authenticate the user because of that error.

Any hint as to how I could fix or circumvent this would be welcome.

Thanks in advance!

#<OAuth2::Response:0x007fc9941ef900 
  @response=#<Faraday::Response:0x007fc9941ef810 
  @env={:method=>:post, 
        :body=>"{\"error\":{\"message\":\"An unknown error has occurred.\",\"type\":\"OAuthException\",\"code\":1}}",
        :url=>#<Addressable::URI:0x3fe4ca0dc2f0 URI:https://graph.facebook.com/oauth/access_token>,
        :request_headers=>{"Content-Type"=>"application/x-www-form-urlencoded"},
        :parallel_manager=>nil,
        :request=>{:proxy=>nil},
        :ssl=>{},
        :status=>500,
        :response_headers=>{"access-control-allow-origin"=>"*", 
                            "cache-control"=>"no-store",
                            "content-type"=>"text/javascript; charset=UTF-8", 
                            "expires"=>"Sat, 01 Jan 2000 00:00:00 GMT", 
                            "pragma"=>"no-cache", 
                            "www-authenticate"=>"OAuth \"Facebook Platform\" \"unknown_error\" \"An unknown error has occurred.\"", 
                            "x-fb-rev"=>"510648", 
                            "x-fb-debug"=>"WW95nFNcWVopyziu+VJeKnm1aoaSV5A2Wz6eexzkzWA=", 
                            "connection"=>"close", 
                            "date"=>"Thu, 16 Feb 2012 22:05:57 GMT", 
                            "content-length"=>"87"}, 
        :response=>#<Faraday::Response:0x007fc9941ef810 ...>}, 
  @on_complete_callbacks=[]>, 
  @options={:parse=>:query}, 
  @parsed={"{\"error\":{\"message\":\"An unknown error has occurred.\",
              \"type\":\"OAuthException\",\"code\":1}}"=>nil},
  @error=#<OAuth2::Error: OAuth2::Error>>

Every one in a while, this is all I get fromrequest.env['omniauth.auth']:

#<OmniAuth::AuthHash credentials=#<Hashie::Mash expires=false token="...VALID TOKEN FROM FACEBOOK..."> extra=#<Hashie::Mash raw_info="false"> info=#<OmniAuth::AuthHash::InfoHash image="http://graph.facebook.com//picture?type=square"> provider="facebook" uid=nil>

For the most part, all this hash has from my Facebook account is then token. Everything else from (this example](https://github.com/mkdynamic/omniauth-facebook) is missing.

This is happening during a "successful" omniauth transaction. Also, even with the same user, this problem only happens about 1/10 times.

I was trying to run the example with my app ID and secret, but it failed to load the initial page with the following error:

NoMethodError at /
undefined method `include?' for nil:NilClass
Ruby /Users/ftaher/.rvm/gems/ruby-1.9.2-p290@air/gems/omniauth-1.0.1/lib/omniauth/builder.rb: in call, line 33
Web GET localhost/

I'm using unicorn to run the example.

Can you suggest what I am doing wrong?

Hi,

I can't get omniauth to ask Facebook for additional permissions.
Only offline and email are being passed on and asked for.
Here is my initializer code.

Rails.application.config.middleware.use OmniAuth::Builder do

  provider  :facebook,
            'xxx',
            'xxx',
            {
              :client_options => {
                :scope    => 'offline_access,
                              email,
                              manage_notifications,
                              photo_upload,
                              publish_stream,
                              status_update,
                              publish_actions,
                              share_item,
                              video_upload,
                              read_stream,
                              user_about_me
                              user_birthday,
                              user_hometown,
                              user_interests,
                              user_location',
                :display  => 'page',
                :ssl      => {
                  :ca_path => "/etc/ssl/certs"
                }
              }
            }

end

when using omniauth-facebook 1.2.0 within a rails 3.1. application - a request for /auth/facebook will result in
error: (as reported also in issue #21)

{
"error": {
"message": "Missing client_id parameter.",
"type": "OAuthException"
}
}

downgrade to omniauth-facebook 1.1.0 made things working.

The URL is : https://graph.facebook.com/oauth/authorize?response_type=code&client_id=...
Response:
The requested URL "/oauth/authorize?r... " , is invalid.

In this page: http://developers.facebook.com/docs/authentication/
the url should be: https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL

Which URL is correct now?

I know there is a similar closed issue, but I tried several versions of omniauth-facebook gem, it does not help. App works with rails 3.1. I can authenticate with LinkedIn, Twitter, but not Facebook.

And when I changed the URL manually, to "https://www.facebook.com/dialog/oauth", I got redirect call from facebook, but I ran into "OpenSSL::SSL::SSLError (hostname was not match with the server certificate)" error.

I am facing the same issue as descibed in omniauth/omniauth#558

Upgrading from omniauth 0.3 to 1.2.0 and now using omniauth-facebook. I used to receive the user's email address here:

request.env["omniauth.auth"]["user_info"]["email"]

Now i'm getting a hashie back, but request.env["omniauth.auth"].info.email is nil.

I haven't changed any facebook settings with my account, so this tells me the gem is filtering the email for some reason?

Hi I'm sorry if this isn't the right place but I didn't see a mail list.

I'm allowing my users to log in with with facebook and am using this strategy. I'm having my users fill out a form with their email and password however before creating an account (yes I know, you might say whats the point of using this then, well it's so my users doesn't have to enter all their info in and I can share content with their friend now).

Because my sign up process works like this, I need two call back paths. One path for a use that just wants to sign in, and another for a user creating an account from an invite.

How can I use two of these call backs and point them to my respective controllers?

ie:
match '/auth/:provider/register/callback' => "users#new"
match '/auth/:provider/callback' => "sessions#create"

Thanks and sorry if this isn't the right place to ask.

I have modified the code of the Facebook Strategy class to use https:// or http:// for the URL of the Facebook user image inside the Authentication hash.
I use a new boolean parameter (eg. :secure) passed on provider declaration:

provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET'], :secure => true

The code of the Facebook Strategy class that I've changed is in this gist: https://gist.github.com/2014580

I hope that you can implement something similar for the next version of the gem, it's useful (IMHO) for websites that use SSL to avoid browser complaints about inclusion of unsafe resources! ;)

The /me page can be localized with ?locale=de_DE for example. This way things like hometown are sent in the right language, which is very nice for any project that is not confined to English. I suggest you make the locale configurable.

You may also want to provide a :auto setting, that gets and uses the locale of the user:

      def raw_info
        if @raw_info.nil?
          @raw_info = access_token.get('/me').parsed || {}
          @raw_info = access_token.get("/me?locale=#{@raw_info[:locale]}").parsed || {}
        end
        @raw_info
      end

I am having this issue: http://stackoverflow.com/questions/10901106/omniauth-facebook-how-to-set-the-configurations-variables-in-controller

Where I have to authenticate for multiple apps, and therefor need to set the APP id and the APP secret in the controller.

With this gemfile:

source 'http://rubygems.org'
gem 'rails', '3.1.5'
gem 'omniauth-facebook'

A bundle update results in:

Bundler could not find compatible versions for gem "multi_json":
  In Gemfile:
    rails (= 3.1.5) ruby depends on
      multi_json (< 1.3, >= 1.0) ruby

    omniauth-facebook (>= 0) ruby depends on
      multi_json (1.3.6)

Hi, I have this controller to deal with omniauth auth:

class AuthenticationsController < ApplicationController
  def create
    omniauth = request.env["omniauth.auth"]
    authentication = Authentication.find_by_provider_and_uid(omniauth['provider'], omniauth['uid'])

  if authentication
    flash[:notice] = "Logged with #{omniauth['provider']}."
    sign_in_and_redirect(:user, authentication.user)
  elsif current_user
    current_user.authentications.create!(:provider => omniauth['provider'], :uid => omniauth['uid'])
    flash[:notice] = "Connected with #{omniauth['provider']}."
    redirect_to edit_user_registration_url
  else
    if session[:active_promocode]
      user = User.new
      user.promo_code_id = session[:active_promocode]
      user.apply_omniauth(omniauth)
      if user.save
        flash[:notice] = "New user with #{omniauth['provider']}."
        sign_in_and_redirect(:user, user)
      else
        session[:omniauth] = omniauth.except('extra')
        redirect_to "#{new_user_registration_url}"
      end
    else
      redirect_to promocode_path
    end
  end
end

def destroy
  @authentication = current_user.authentications.find(params[:id])
  @authentication.destroy
  flash[:notice] = "Logout."
  redirect_to edit_user_registration_url
end
end

The problem is sometimes when two users login in the same time with Facebook, one user get logged in with the account of another user..

Session problem? Omniauth problem? Devise problem?

versions:
devise (2.0.4)
omniauth (1.1.0)
omniauth-facebook (1.2.0)
omniauth-twitter (0.0.10)
unicorn (4.3.0)

So I've run into a conflict with facebook and secure cookies.

I'm currently using AuthLogic, with secure = true, which means the cookie is flagged secure and therefore is only transmitted over a secure connection.

If I enter https://www.mydomain.con (read: that's httpS) as my Site URL in facebook's app config, then I ultimately get an error about having an invalid redirect URL.

My Facebook authentication is therefore not SSL.... So here's what's happening:

1. User clicks my facebook link, which takes them over to FB where they authenticate
2. After successful authentication there they are rediected to the not SSL /auth/facebook/callback?blah=whatever
3. Everything is peachy inside this method, I do a find or create by user, and use AuthLogic's UserSession.create(user, true) to force-create a session.
   -- If I debug out after that statement at the very end of this action there is a session - so AuthLogic has done its job.
4. The user then gets redirected back to root_url (also not SSL (but it doesn't really matter))
5. User is not logged in.
6. Frowny face.

I'm pretty sure the issue is the cookie's secure setting and the fact that /auth/facebook/callback isn't secure, so the client/server refuses to accept the new cookie since it's not a secure connection. Therefore, the next action has no cookie to use to retrive the perfectly valid and created session.

It seems I cannot set my facebook site url to SSL, since FB throws an error on that ( not really sure why - it seems lame that they do this).

Even going always-on-ssl doesn't really solve this, since it seems that the facebook auth method must be non-ssl.

What's a FB hacker to do?

I've got this in my initializer:

        provider :facebook, Facebook::APP_ID, Facebook::SECRET_KEY, :display => 'popup', :scope => 'email'
end

And yet, the display param gets ignored and it defaults to 'page'. I've even tried 'touch' instead of 'popup'. No dice.

I'm testing my app in localhost.
When I click on the "login facebook" link from my app, this is the result:

{
"error": {
"message": "Missing client_id parameter.",
"type": "OAuthException"
}
}

in the URL there isn't the client_id parameter

Hello!
I'm not receiving the extras hash that should come in omniauth.auth:

omniauth.auth   
{"info"=>{"name"=>"my name", "nickname"=>"nickname ok", "first_name"=>"Me", "email"=>"[email protected]"}, "uid"=>"xxxxxx", "provider"=>"facebook"}

This is my configuration:

:facebook, "XXXXXX", "YYYYYY", scope: 'user_birthday,email'

Did I miss anything?

omniauth-oauth2 has been updated to prevent CSFR as described here: http://homakov.blogspot.com/2012/07/saferweb-most-common-oauth2.html
(Pull request: omniauth/omniauth-oauth2#18 and Discussion: omniauth/omniauth#612)

It would be good to update the gemspec dependency to support omniauth-oauth2 ~>1.1.0

I'm getting the following exception when trying to implement dynamic providers with Facebook, as described on: https://github.com/intridea/omniauth/wiki/Dynamic-Providers

undefined method `consumer_key=' for <OmniAuth::Strategies::Facebook>

Here is my setup method:

def setup
  if params[:provider] == "facebook"
    site = Site.where(:name => 'whitegallery').first
    request.env['omniauth.strategy'].consumer_key = site.facebook_app_id
    request.env['omniauth.strategy'].consumer_secret = site.facebook_app_secret
  end
  render :text => "Setup complete.", :status => 404
end

I have also tried with client_id and client_secret but simply get an undefined method 'client_key=' instead.

This is the error I get when I try starting the server...

thank you!

/Users/aa/.rvm/gems/ruby-1.9.2-p318@fb-demo1/gems/omniauth-1.1.0/lib/omniauth/builder.rb:38:in rescue in provider': Could not find matching strategy for :facebook. You may need to install an additional gem (such as omniauth-facebook). (LoadError) from /Users/aa/.rvm/gems/ruby-1.9.2-p318@fb-demo1/gems/omniauth-1.1.0/lib/omniauth/builder.rb:35:inprovider'
from /Users/aa/rails_projects/facebook-invitations-demo/config/initializers/omniauth.rb:3:in block in <top (required)>' from /Users/aa/.rvm/gems/ruby-1.9.2-p318@fb-demo1/gems/rack-1.2.5/lib/rack/builder.rb:46:ininstance_eval'
from /Users/aa/.rvm/gems/ruby-1.9.2-p318@fb-demo1/gems/rack-1.2.5/lib/rack/builder.rb:46:in initialize' from /Users/aa/.rvm/gems/ruby-1.9.2-p318@fb-demo1/gems/omniauth-1.1.0/lib/omniauth/builder.rb:10:ininitialize'
from /Users/aa/.rvm/gems/ruby-1.9.2-p318@fb-demo1/gems/actionpack-3.0.9/lib/action_dispatch/middleware/stack.rb:33:in new' from /Users/aa/.rvm/gems/ruby-1.9.2-p318@fb-demo1/gems/actionpack-3.0.9/lib/action_dispatch/middleware/stack.rb:33:inbuild'
from /Users/aa/.rvm/gems/ruby-1.9.2-p318@fb-demo1/gems/actionpack-3.0.9/lib/action_dispatch/middleware/stack.rb:79:in block in build' from /Users/aa/.rvm/gems/ruby-1.9.2-p318@fb-demo1/gems/actionpack-3.0.9/lib/action_dispatch/middleware/stack.rb:79:ineach'
from /Users/aa/.rvm/gems/ruby-1.9.2-p318@fb-demo1/gems/actionpack-3.0.9/lib/action_dispatch/middleware/stack.rb:79:in inject' from /Users/aa/.rvm/gems/ruby-1.9.2-p318@fb-demo1/gems/actionpack-3.0.9/lib/action_dispatch/middleware/stack.rb:79:inbuild'
from /Users/aa/.rvm/gems/ruby-1.9.2-p318@fb-demo1/gems/railties-3.0.9/lib/rails/application.rb:162:in app' from /Users/aa/.rvm/gems/ruby-1.9.2-p318@fb-demo1/gems/railties-3.0.9/lib/rails/application/finisher.rb:35:inblock in module:Finisher'
from /Users/aa/.rvm/gems/ruby-1.9.2-p318@fb-demo1/gems/railties-3.0.9/lib/rails/initializable.rb:25:in instance_exec' from /Users/aa/.rvm/gems/ruby-1.9.2-p318@fb-demo1/gems/railties-3.0.9/lib/rails/initializable.rb:25:inrun'
from /Users/aa/.rvm/gems/ruby-1.9.2-p318@fb-demo1/gems/railties-3.0.9/lib/rails/initializable.rb:50:in block in run_initializers' from /Users/aa/.rvm/gems/ruby-1.9.2-p318@fb-demo1/gems/railties-3.0.9/lib/rails/initializable.rb:49:ineach'
from /Users/aa/.rvm/gems/ruby-1.9.2-p318@fb-demo1/gems/railties-3.0.9/lib/rails/initializable.rb:49:in run_initializers' from /Users/aa/.rvm/gems/ruby-1.9.2-p318@fb-demo1/gems/railties-3.0.9/lib/rails/application.rb:134:ininitialize!'
from /Users/aa/.rvm/gems/ruby-1.9.2-p318@fb-demo1/gems/railties-3.0.9/lib/rails/application.rb:77:in method_missing' from /Users/aa/rails_projects/facebook-invitations-demo/config/environment.rb:5:in<top (required)>'
from /Users/aa/rails_projects/facebook-invitations-demo/config.ru:3:in require' from /Users/aa/rails_projects/facebook-invitations-demo/config.ru:3:inblock in

Here are my gems...

[facebook-invitations-demo (master)]$ bundle
Using rake (0.9.2.2)
Using abstract (1.0.0)
Using activesupport (3.0.9)
Using builder (2.1.2)
Using i18n (0.5.0)
Using activemodel (3.0.9)
Using erubis (2.6.6)
Using rack (1.2.5)
Using rack-mount (0.6.14)
Using rack-test (0.5.7)
Using tzinfo (0.3.33)
Using actionpack (3.0.9)
Using mime-types (1.18)
Using polyglot (0.3.3)
Using treetop (1.4.10)
Using mail (2.2.19)
Using actionmailer (3.0.9)
Using arel (2.0.10)
Using activerecord (3.0.9)
Using activeresource (3.0.9)
Using daemons (1.0.10)
Using multipart-post (1.1.5)
Using faraday (0.8.1)
Using gem_plugin (0.2.3)
Using hashie (1.2.0)
Using json (1.7.3)
Using rdoc (3.12)
Using thor (0.14.6)
Using railties (3.0.9)
Using jquery-rails (1.0.19)
Using multi_json (1.3.6)
Using koala (1.5.0)
Using mongrel (1.2.0.pre2)
Using omniauth (1.1.0)
Using bundler (1.1.3)
Using rails (3.0.9)
Using sqlite3 (1.3.6)
Your bundle is complete! Use bundle show [gemname] to see where a bundled gem is installed.

I'm having trouble authenticating within Facebook's canvas... currently, I detect for the signed request like so:

def signed_facebook_request?
    if params[:signed_request]
      session[:canvas] = true
      fb_data = parse_signed_request(FB_CONFIG['secret'], params[:signed_request])
      uid = fb_data['user_id']
      unless @auth = Authorization.find_by_provider_and_uid('facebook', uid)
        redirect_to "/auth/facebook/callback?code=#{fb_data['oauth_token']}"
      else
        self.current_user = @auth.user
      end
    end
  end

But, I get an invalid credentials response ... I thought, looking through the code, the callback would take the oauth token from the signed request and go from there, but is that not the case? Or am I doing something clearly wrong in the redirect?

I couldn't find any documentation on how to do this using this gem, but it would be nice to be able to remove the original application added through this gem from the facebook user's application list.

Hello,
is there a way to obtain additional info about the user, for example his birthdate ?

According to the hash schema documentation, there is a required name field within the info hash. OmniAuth::Facebook is supplying first_name and last_name, but not the generated name field.

As per:
7bede2d#L0L20

For some reasons I don't see the website key populated in the raw_info hash, with the result that I'm not able to get a user's personal website even if it's available on Facebook (i.e. urls=#<Hashie::Mash Facebook="http://www.facebook.com/nwieland">>).

Is it happening only to me? How can I double check / debug this? If I look at Facebook the website is correctly inserted.

see comments questions at the bottom. problem not resolved
thx

I am attempting to use the per-request scope described on the main page so I can ask for extended permissions for some users/features. As an example, I redirect the user to a URL such as "/auth/facebook?scope=email" (dropping the default offline_access perm). The user is actually redirected to:

https://www.facebook.com/dialog/permissions.request?app_id=[snip]&display=page&next=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Ffacebook%2Fcallback&response_type=code&perms=email%2Coffline_access&fbconnect=1

My app is configured to use Facebook's Enhanced Auth Dialog. You can see at the end of the URL 'offline_access' is still in the request. No matter what I put in scope it is always "perms=email%2Coffline_access" which are the defaults.

My configuration is very plain vanilla:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :facebook, my_api_key, my_secret_key
end

Relevant gem versions:

omniauth (1.0.2)
  hashie (~> 1.2)
  rack
omniauth-facebook (1.2.0)
  omniauth-oauth2 (~> 1.0.0)
omniauth-oauth2 (1.0.0)
  oauth2 (~> 0.5.0)
  omniauth (~> 1.0)

Getting this with Rails 3.2:

https://gist.github.com/385110c1a04fd49dbba8

As soon as I revert back to Rails 3.1 the issue goes away and my app runs fine.

Using omniauth-facebook in my Rails app raises this issue. How do I fix this?
{
"error": {
"message": "Missing client_id parameter.",
"type": "OAuthException",
"code": 101
}
}

It takes me back to /oauth/authorize and fails with a 404

https://developers.facebook.com/docs/plugins/registration/

You can add custom fields to be passed along with your authentication when users register. How to catch these gracefully into the omniauth.auth hash?

On developers.facebook.com we've set the sign-in callback url to "https://oursite.com/auth/facebook/callback", and that's worked great for using Facebook to sign in. However, whenever someone finds our app on Facebook, and clicks to visit us, Facebook uses that same url to send people to our site. So people arrive at our site via a GET with no parameters, and our app raises OmniAuth::Strategies::Facebook::NoAuthorizationCodeError (see below).

Would it be okay to patch omniauth-facebook that so it only raised an exception on POST?

• Daniel

A OmniAuth::Strategies::Facebook::NoAuthorizationCodeError occurred in #:

must pass either a code parameter or a signed request (via signed_request parameter or a fbsr_XXX cookie)
omniauth-facebook (1.3.0) lib/omniauth/strategies/facebook.rb:179:in `with_authorization_code!'

When I use omniauth facebook login in dev it works great fast and snappy. However, as soon as deploy to production running on Ubuntu and Nginx the callback takes forever to process. It works but takes a LONG time when I turn on debugging in rails 3.2.1 prod log it hangs here forever:

Started GET "/users/auth/facebook/callback?code=xxx" for 127.0.0.1 at 2012-03-01 21:50:48 -0800
Processing by Users::OmniauthCallbacksController#facebook as HTML

then after 1-5 seconds it process as normal. Only in production mode on Nginx. Any tips or suggestions where to look? It works just the login delay is too much. Rails 3.2.1, Nginx, Postgres, Devise 2, Omni 1.0.2, omni-fb 1.2

When I hit /auth/facebook, the browser isn't bouncing over to Facebook. Instead, the location bar still reads http://localhost:3000/auth/facebook, and there is text in the browser window reading "Redirecting to https://graph.facebook.com/oauth/authorize?redirect_uri=http%3A%2F%2Flocalhost%3A3000[... etc.]"

Other strategies are working fine.

I'm worried that this is some trivial issue, but a whole lot of searches aren't turning up any common causes for redirects to get treated this way. Any help is appreciated.

It looks like Facebook started deprecating offline_access as of Friday the 20th:

https://developers.facebook.com/docs/offline-access-deprecation/

OAuth tokens can now be exchanged via arguments passed to Facebook:

https://graph.facebook.com/oauth/access_token?             
client_id=APP_ID&
client_secret=APP_SECRET&
grant_type=fb_exchange_token&
fb_exchange_token=EXISTING_ACCESS_TOKEN