1. 技术文章
  2. Rails + omniauth + facebook - csrf detected

Rails + omniauth + facebook - csrf detected

浪子不回头ぞ 提交于 2020-01-11 03:16:06

问题


I'm working on logging in a site via existing facebook account. So I registered a facebook application and stored api and secret in development.rb and production.rb files. Then I used omniauth-facebook gem + devise gem to implement this. It works perfect.

By the way, an user can login either by internal authentication (by devise) or by usig facebook account.

However there is a weird issue. It works perfect only if I login into facebook account in that I registered an application.

So I registered another facebook account that didn't have an application used in my Rails application and tried to login. It caused an error "An error occurred. Please try again later." ... "Could not authenticate you from Facebook-Account because "Csrf detected""

I tried to use 1.4.0 omniauth-facebook gem instead of 1.4.1 one but it also caused an error "must pass either acodeparameter or a signed request (viasigned_requestparameter or afbsr_XXXcookie)"

Gems

oauth2 (0.8.0) 
omniauth (1.1.0) 
omniauth-oauth2 (1.1.0) 
omniauth-facebook (1.4.1) 
warden (1.2.1)
devise (2.1.2)

Your ideas?


回答1:


I had this issue as well, turns out I still had "sandbox" mode enabled in my Facebook application. Sounds like this may be your issue as well :)

If not, could you please post any related log entries?




回答2:


For me, I needed to add provider_ignores_state: true to my Omniauth config:

config.omniauth :facebook, ENV['FACEBOOK_APP_ID'], ENV['FACEBOOK_APP_SECRET'], {
  strategy_class: OmniAuth::Strategies::Facebook,
  provider_ignores_state: true
}

This is on omniauth-facebook gem version 1.6.0.

There is more info also at https://github.com/mkdynamic/omniauth-facebook/issues/73




回答3:


I solved this issue when I deleted 'omniauth.rb' because I already have this config below in devise.rb:

  config.omniauth :facebook, ENV["FB_ID"], ENV["FB_SECRET"],
    scope: 'email',
    info_fields: 'email, first_name, last_name',
    image_size: 'large',  # 50x50, guaranteed ratio
    secure_image_url: true

Remember to restart the sever to test.



来源:https://stackoverflow.com/questions/11970977/rails-omniauth-facebook-csrf-detected

标签
facebook
ruby-on-rails-3.2
omniauth
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!