Getting a Facebook callback error even after turning on the “Built-in OAuth Login Browser” and specifying a callback URL

Question

Getting a Facebook callback error even after turning on the “Built-in OAuth Login Browser” and specifying a callback URL

I have a rails application (4.2.0) that uses Facebook login features. The main gems are being developed (3.4.0) and omniauth-facebook (2.0.0). I registered the application on Facebook and used its test application for development. Facebook login functionality is in development.

When I try to use the facebook login function on the production server, I get an error: "The specified URL is not allowed in the application configuration: one or more of the specified URLs are not allowed in the application settings. It must match the website URL or URL canvas, or the domain must be a subdomain of one of the application domains.

Details for the parameters of the test application used in dev env are -

Settings: Basic: App Domains: 'localhost' Website: Site URL: 'http://localhost:3000' Advanced: OAuth Settings: Embedded browser OAuth Login: Yes Valid OAuth redirect URIs: "http://localhost:3000/users/auth/facebook/callback"

configuration information for the registered application used in production env is -

 Settings: Basic: App Domains: 'www.mysite.co' Website: Site URL: 'http://www.mysite.co' Advanced: OAuth Settings: Embedded browser OAuth Login: Yes Valid OAuth redirect URIs: "http://www.mysite.co/users/auth/facebook/callback"

I have indicated the following in my secrets.yml

 development: secret_key_base: some_secret_key facebook: app_id: test_app_id app_secret: test_app_secret production: secret_key_base: some_secret_key facebook: app_id: registered_app_id app_secret: registered_app_secret

And used creds from secrets.yml in the development initializer as

 # ==> OmniAuth # Add a new OmniAuth provider. Check the wiki for more information on setting # up on your models and hooks. # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo' require 'omniauth-facebook' config.omniauth :facebook, Rails.application.secrets.facebook['app_id'], Rails.application.secrets.facebook['app_secret'], scope: ['user_photos', 'email', 'public_profile']

basic settings for test app callback url for test app basic settings for app callback url for app

The actual domain name (blackened) has no typos anywhere and is no different from where it is used.

Contains route.rb related to omniauth, as

  cat config/routes.rb Rails.application.routes.draw do root 'home#index' devise_for :users, controllers: { omniauth_callbacks: "users/omniauth_callbacks" } # routes related to other controllers end

Routes below

 bundle exec rake routes | grep user new_user_session GET /users/sign_in(.:format) devise/sessions#new user_session POST /users/sign_in(.:format) devise/sessions#create destroy_user_session DELETE /users/sign_out(.:format) devise/sessions#destroy user_omniauth_authorize GET|POST /users/auth/:provider(.:format) users/omniauth_callbacks#passthru {:provider=>/facebook/} user_omniauth_callback GET|POST /users/auth/:action/callback(.:format) users/omniauth_callbacks#:action

The only omniauth code throughout the application is

 $ cat app/controllers/users/omniauth_callbacks_controller.rb class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController def facebook #You need to implement the method below in your model (eg app/models/user.rb) @user = User.from_omniauth(request.env["omniauth.auth"]) if @user.persisted? sign_in_and_redirect @user, event: :authentication #this will throw if @user is not activated set_flash_message(:notice, :success, kind: "Facebook") if is_navigational_format? else session["devise.facebook_data"] = request.env["omniauth.auth"] redirect_to new_user_registration_url end end end

+5

ruby-on-rails-4 omniauth-facebook

prasad.surase Jun 19 '15 at 5:10

source share

3 answers

I don't have enough reputation for comment. You need to change your settings in the Facebook Developer Center so that it matches the URL of your production site instead of the local one.

Update your URL here:

+2

dabecks Jun 24 '15 at 20:15

source share

Ok, so I assume you have a web application not running on Facebook that just uses the OAuth stream for login functions, right? If so, you should enable "Client OAuth Login" in the settings of your application for the working environment. If you do not, then the OAuth network stream will not work. See this article: https://developers.facebook.com/docs/facebook-login/security

0

Ben t Jun 28 '15 at 21:28

source share

prasad.surase · Accepted Answer · 2015-06-30T08:38:11+0000

Upon further digging the problem, it was noted that the error did not occur when “www.example.com” was specified in the URL, and therefore the callback worked. When "example.com" was specified in the address bar and the facebook login tried, the login failed with the above error.

So, I fixed the above problem by making some changes to the settings for the facebook application. I don't know if this is the right approach, but it worked. Just making changes, as in paragraph 2, did not solve the problem.

Changes:

1) Points “Application Domains” to “example.com” and “www.example.com” 2) Enabled “OAuth Login Client” to “Yes” 3) Defined “Valid OAuth Redirect URIs” from “ http: // example. com / users / auth / facebook / callback 'and http://www.example.com/users/auth/facebook/callback

Getting a Facebook callback error even after turning on the “Built-in OAuth Login Browser” and specifying a callback URL

More articles: