Geek Answers Handbook

"Client Security Check Error." 404 with Facebook Oauth and Ruby

I am trying to implement facebook authentication for a supervisor application, after the user allows facebook authentication and redirects my application with a token callback, I get 400 by consuming api. My overseer strategy is this:

class Facebook < Warden::Strategies::Base def client @client ||= OAuth2::Client.new MyApp::Facebook::AppID, MyApp::Facebook::AppSecret, :site => 'https://graph.facebook.com' end def params @params ||= Rack::Utils.parse_query(request.query_string) end def authorize_url client.web_server.authorize_url :redirect_uri => request.url, :scope => 'email,publish_stream' end def authenticate! throw(:halt, [302, {'Location' => authorize_url}, []]) unless params['code'] facebook = client.web_server.get_access_token params['code'], :redirect_uri => request.url rescue OAuth2::HTTPError => e puts e.response.body end end Strategies.add :facebook, Facebook

The result of printing the response body is as follows:

 {"error":{"type":"OAuthException","message":"Error validating client secret."}}

I am pretty sure that the application identifier and application secret are those provided by FB.

Thanks.

+10
ruby facebook
source share
2 answers

I have seen this error message many times. Here is what I would double check:

  • your domain matches what you specified in the facebook callback url
  • The application id is correct (actually print it on the page, sometimes y
  • application secret is correct
+23
source share

Add redirect_uri when creating the facebook object to fix the problem.

Redirect the user to https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL After the user clicks the "Allow" button, he will be sent to our redirected code. At this point we will receive the code and we need to execute HTTP Get Server-side HTTP to exchange code with our oAuth access token:

https://graph.facebook.com/oauth/access_token ? client_id = YOUR_APP_ID & amp; redirect_uri = YOUR_URL & amp;

  client_secret=YOUR_APP_SECRET&code=THE_CODE_FROM_ABOVE

Now in step 3, I continued to receive the Http 400 response.

Therefore, after some research, I found that on the redirect_uri that we presented in step 3, nothing is done except for checking the request. Therefore, the value should match step 2.

0
source share

Source: https://habr.com/ru/post/651325/

More articles:


All Articles