In Facebook login view an user can decline permissions. Perhaps the permissions which were declined affect to the app functionality (you can do less things with this app because some data is not accessible)
I would like warn to the user and re-ask the permissions again. But I don't see what is the way with Omniauth-Facebook. In Facebook documentation shows the way to accomplish this is adding a parameter to the request login called: auth_type=rerequest
https://www.facebook.com/dialog/oauth?
client_id={app-id}&
redirect_uri={redirect-uri}&
auth_type=rerequest&
scope=email
I have not seen the way to do this directly with Omniauth I tried to call this url from 'auth/facebook/callback' after checking the permissions by myself, but I get the following error when the user re-accepts the permission in the new login:
ERROR -- omniauth: (facebook) Authentication failure! invalid_credentials: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected
OmniAuth::Strategies::OAuth2::CallbackError: csrf_detected | CSRF detected
/home/ciro/.rvm/gems/ruby-2.1.3/gems/omniauth-1.2.2/lib/omniauth/failure_endpoint.rb:25:in `raise_out!'
/home/ciro/.rvm/gems/ruby-2.1.3/gems/omniauth-1.2.2/lib/omniauth/failure_endpoint.rb:20:in `call'
/home/ciro/.rvm/gems/ruby-2.1.3/gems/omniauth-1.2.2/lib/omniauth/failure_endpoint.rb:12:in `call'
/home/ciro/.rvm/gems/ruby-2.1.3/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:475:in `fail!'
/home/ciro/.rvm/gems/ruby-2.1.3/gems/omniauth-oauth2-1.2.0/lib/omniauth/strategies/oauth2.rb:73:in `callback_phase'
/home/ciro/.rvm/gems/ruby-2.1.3/gems/omniauth-facebook-1.6.0/lib/omniauth/strategies/facebook.rb:71:in `callback_phase'
/home/ciro/.rvm/gems/ruby-2.1.3/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:227:in `callback_call'
/home/ciro/.rvm/gems/ruby-2.1.3/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:184:in `call!'
/home/ciro/.rvm/gems/ruby-2.1.3/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:164:in `call'
/home/ciro/.rvm/gems/ruby-2.1.3/gems/omniauth-1.2.2/lib/omniauth/builder.rb:59:in `call'
This is my 'auth/facebook/callback'
on get do
on 'auth/facebook/callback' do
on param(:code) do |code|
email = req.env['omniauth.auth']['info']['email']
if email.nil? or email.empty?
res.redirect "https://www.facebook.com/dialog/oauth?client_id=#{ENV['APP_ID']}&redirect_uri=http://localhost:9292/auth/facebook/callback&auth_type=rerequest&scope=email"
end
end
end
end
The solution is to pass the parameters in the OmniAuth request:
if email.nil? or email.empty?
res.redirect "/auth/facebook?scope=email"
end