I'm using omniauth-facebook to allow users to login through Facebook on my rails app.
My site is SSL, and the authentication works perfectly in a local environment, but in production I get the following error: "Insecure Login Blocked: You can't get an access token or log in to this app from an insecure page. Try re-loading the page as https://"
I see a lot of similar questions but none of the solutions there work, so I resort to asking. Can anyone help?
Related
I'm implementing Facebook login on a Rails 5 app with Devise and the omniauth-facebook gem and I'm getting the following error:
URL Blocked: This redirect failed because the redirect URI is not whitelisted in the app’s Client OAuth Settings. Make sure Client and Web OAuth Login are on and add all your app domains as Valid OAuth Redirect URIs.
I followed this tutorial: https://medium.com/#trydelight/facebook-authentication-with-devise-5b53d2f664ed
So for the "Valid OAuth Redirect URIs" it works locally with no URIs whitelisted, but for production I added
https://noora.app/users/auth/facebook and https://www.noora.app//users/auth/facebook (the production domain is noora.app). After getting the error I even added 2 more URIs with a / on the end and added noora.app and www.noora.app as domains, but I'm still getting the same error.
The app is on live mode and the login page is at https://noora.app/users/sign_in. Part of the Facebook settings are here:
Any ideas? Config seems good, but maybe someone sees something I don't? Thanks!
You should whitelist your callback url, not the one that has login button:
https://noora.app/users/auth/facebook/callback
I was looking for this answer for hours, the solution for me was:
When I checked the params in facebook error page, it said:
redirect=mydomain/auth/facebook/callback
and not:
redirect=mydomain/users/auth/facebook/callback
So I add the first one to Valid OAuth Redirect URIs, without users, and problem solved!!!
I have a Rails 5 (Ruby 2.3.3) app with OmniAuth (1.6.1; omniauth-oauth 1.1.0) and omniauth-twitter (1.4.0). When a user is directed to Twitter for the OAuth flow, they see the following error after tapping the "Authorize application" button:
Whoa there!
There is no request token for this page. That's the special key we need from applications asking to use your Twitter account. Please go back to the site or application that sent you here and try again; it was probably just a mistake.
The most unfortunate problem about this error is it doesn't happen locally—I have a an identically configured app in Twitter's app management console, save for a different URL (127.0.0.1 for the local app, a Heroku URL for the server).
Additionally, we have other OmniAuth strategies that work without issue locally and in production.
Verify that your system clock is set correctly and that all of your keys are entered correctly. Ensure you're using the right paths (api.twitter.com/oauth/*) and make sure that you're actually sending a request token to the oauth/authorize page and not an access token.
I have a Facebook app page and a rails application. My rails application loads a dynamic page based on a key that is given. This works fine and dandy outside of my facebook app:
https://app.eventsent.net/event_lists/3d40ba2a4a10947c17c2337fba3421dd406cceb5?frame=true
However inside of Facebook the page is pulling up as a 404 error:
https://www.facebook.com/reynoldsdesignstudio/app_419134091467471
I have gotten around this issue by creating a static file within my system to be able to have facebook view it however this is not ideal as deploying the rails app with updates makes modifying these static pages a pain.
Any help on this would be great.
We got this figured out by changing the routes file to allow for a post request instead of just a get request
Your problem is not related to dynamic/static content. Also Facebook is showing a 501 error, not a 404. In short, your SSL cert is not valid for the staging.app subdomain you are pointing your Facebook page at.
Visiting your Facebook page (https://www.facebook.com/reynoldsdesignstudio/app_419134091467471) yields this error:
This webpage is not available
The webpage at https://staging.app.eventsent.net/event_lists/3d40ba2a4a10947c17c2337fba3421dd406cceb5.html might be temporarily down or it may have moved permanently to a new web address.
Error 501 (net::ERR_INSECURE_RESPONSE): Unknown error.
Note that the subdomain is staging.app. If you happen to be using Firefox, you get a nice error message the spells everything out:
This Connection is Untrusted
You have asked Firefox to connect securely to staging.app.eventsent.net, but we can't confirm that your connection is secure.
staging.app.eventsent.net uses an invalid security certificate.
The certificate is only valid for the following names:
app.eventsent.net , www.app.eventsent.net
(Error code: ssl_error_bad_cert_domain)
The easiest solution would be to get a WildCard SSL certificate that is valid for *.eventsent.net.
FYI, if you visit https://staging.app.eventsent.net/event_lists/3d40ba2a4a10947c17c2337fba3421dd406cceb5?frame=true, you will get a rather dire-looking warning from your browser. If you ignore the warning and tell the browser to accept the certificate, your Facebook page will then load fine in the same browser.
I'm trying to set up Omniauth login for Twitter/FB. I created my own authentication system
and was able to get my Twitter log in to work on localhost following http://railscasts.com/episodes/241-simple-omniauth.
However, upon deploying to Heroku, I get the following error when I try to log in via Twitter on production:
The page you were looking for doesn't exist.
Heroku logs:
ActionController::RoutingError (No route matches [GET] "/auth/twitter"):
This should be handled by omniauth automatically.
I changed my callback url (with a custom domain) to http://www.mysite.com/auth/twitter/callback on my Twitter Dev page. This still does not fix the production log in, but development log in still works.
I've looked through several stackoverflow questions and it seems like there is some issue with Heroku custom domains and Omniauth. There are several solutions where people use devise, but I'm not using devise.
I've also added the key onto heroku using: heroku config:add CONSUMER_KEY=key CONSUMER_SECRET=secret --app myapp
Does anyone have any suggestions? I can also post relevant code if needed.
I have developed a CMS using casein plugin. When I run locally (localhost:3000), everything works fine (login, logout, navigation, etc.). When I push to my main site, and try to login, I get this error:
The webpage at http://.com/admin has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.
I have tried clearing my cache/cookies and no luck. I even tried deploying to dev..com and same issue resides. The weird thing is, if I run script/server on .com or dev..com and go to .com:3000 or dev..com:3000, it works fine and the redirect issue does not exists... Before I post any code, has anyone ever seen this before? For some reason my before_filter is not picking up the session when not running script/server. Any thoughts?
One case that might cause this:
Your authentication mechanism redirects unauthenticated users to root_path
root_path tries to authenticate a user and redirects to the sign in page