The oauth data doesn't go to controller action. Can't understand what's wrong. There is one more auth provider in this controller and it works well the core is absolutely same.
devise 3.5.10
rails 4.2.4
devise.rb
config.omniauth :facebook, Figaro.env.fb_app_id, Figaro.env.fb_app_secret, callback_url: 'https://chotam.ru/users/auth/facebook/callback',
scope: 'email, publish_actions'
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
def facebook
logger.error "fb here" # IT'S NO OUTPUT HERE ON REQUEST!!!
logger.error(request.env['omniauth.auth'])
result = User.find_for_facebook_oauth(request.env["omniauth.auth"], current_user)
@user = result[:user]
status = result[:status]
if @user
token = request.env["omniauth.auth"]["credentials"]["token"]
@user.account.update_attribute(:fb_token, token)
if status[:redirect] == 'added' || status[:redirect] == 'existed'
flash[status[:key]] = status[:value]
render 'devise/registrations/edit'
else
flash[status[:key]] = status[:value]
sign_in_and_redirect @user, event: :authentication
end
else
flash[status[:key]] = status[:value]
redirect_to new_user_registration_url
end
end
UPDATE With logger I can see following:
E, [2017-03-28T23:46:41.255481 #21494] ERROR -- : (facebook) Authentication failure! invalid_credentials: OAuth2::Error, :
{"access_token":"real_token","token_type":"bearer"$
How to find what's wrong? And also I found that users can't change their passwords anymore.
Ok...found a way without updating the gem.
You can add the following in your config/initializers/devise.rb file at the config.omniauth line:
client_options: {
site: "https://graph.facebook.com/v2.3",
authorize_url: "https://www.facebook.com/v2.3/dialog/oauth"
},
token_params: {
parse: :json
}
YMMV with the full config, but it would look something like this:
config.omniauth :facebook, ENV["FACEBOOK_KEY"], ENV["FACEBOOK_SECRET"],
scope: 'email',
secure_image_url: true,
auth_type: 'https',
info_fields: 'email,name,first_name,last_name',
client_options: {
site: "https://graph.facebook.com/v2.3",
authorize_url: "https://www.facebook.com/v2.3/dialog/oauth"
},
token_params: {
parse: :json
}
The main issue is that they upgraded the response format and without the forced version pointer and the token params to parse the new json format (instead of url encoded format), it would break at the response because it didn't recognize what was spit back from the api.