Facebook OmniAuth throwing parameter app_id required when deployed on Heroku - ruby-on-rails

So, I've been developing my app locally for sometime now and I decided today that I would like to deploy it on Heroku to start getting initial feedback for the app. I went through the guide on Heroku to help deploy my Rails 5 app to heroku.
Deployment was smooth and I was shown my login page. I clicked on Login Via FB and I was returned a white page with the following error response
The parameter app_id is required
Now, my obvious plan of action was to follow the trail, refer SO and hopefully come up with a solution for this. I tried every plausible resource on the web but I still get this error.
I've even updated my APP_ID and APP_SECRET variables on heroku. I've even updated Valid OAuth Redirect URIs section in my fb developer settings with the appropriate Heroku URL.
The funny bit is that everything works smoothly on my localhost but fails on heroku which is strange.
I strongly believe that Facebook would through appropriate errors and that app_id is in fact not being sent to fb. If this is the case, how do I solve this?
If you need code snippets to look at, do ask what might be needed to be looked at and I shall update my post accordingly.
Thank you!

the solution turned out to be a pretty simple one. In my application.yml file I had saved my Facebook vars as facebook_app_id and facebook_secret_key. But in my Heroku config vars I had included them as FACEBOOK_APP_ID and FACEBOOK_SECRET_KEY. I was under the impression keys aren't case sensitive. When I changed them to lowercase for Heroku, it worked.

Related

Sign in with apple "invalid_client" on the first redirect to apple of the Oauth2 code grant flow using service identifier

At this point I might be missing something really obvious in the configuration panel for apple, but after spending a day on this with several other people and reverting back to vanilla node (no third party dependencies).
We had 2 app identifiers in our account with Sign in with Apple and Push Notifications checked. I added at some point a service identifier to one of them and whitelisted a redirect URI. Everything went fine locally.
I got to production, and I kept getting wrong redirect uri for the exact same config, although the uri was whitelisted. I thought it might be because there's 2 uris, so I deleted the one that worked in the hopes that the one in production will start working.
None of them work anymore.
I have added a new set of app id + service id + secret key to use for the whole flow and I never get passed the "invalid_client" during the very first redirect to apple.
Code:
const url = new URL("https://appleid.apple.com/auth/authorize");
url.searchParams.append("state", "fdbd287b1f");
url.searchParams.append("response_type", "code");
url.searchParams.append("scope", "name email");
url.searchParams.append("response_mode", "form_post");
url.searchParams.append(
"redirect_uri",
"https://raiseitupdev.com/auth/apple/redirect",
);
url.searchParams.append("client_id", "com.myname.auth");
return res.redirect(url.toString());
We got this resolved by going into the More > Configure and adding our domain, making sure the SPF tick is green (if its not green, do a quick google to find out how to fix it for your config). After this, we stopped getting invalid_client errors.
The thing that made us stumble on this was it didn't appear important on account of it saying it was for the emails - we skimmed over it thinking we could come back to it later..

HEAD request from Trello API to Heroku app not working

I am trying to make a webhook for my trello account. Below is the ruby code.
callbackurl=root_url + 'cards'
response= HTTParty.post("https://api.trello.com/1/tokens/#{Rails.application.secrets.trello_user_key}/webhooks/?key=#{Rails.application.secrets.trello_api_key}&idModel=#{#tunnel.from_list_id}&callbackURL=#{callbackurl}")
This essentially authenticate with my app's api_key and user token and create a webhook with the call back URL specified. When I hard code the appropriate Heroku app root_url and run this code on local machine it works. But when I deploy it and run the code it doesn't work. It returns an error
URL (https://thawing-tundra-5116.herokuapp.com/cards) not reachable. Error: ETIMEDOUT
This seems very odd. The URL exists. Can anyone explain me why this is happening? As per Trello API, a HEAD request should return 200 and it does.
I have found the solution myself. The request from heroku to trello , to app took too much time , so heroku aborted it. It was mainly because I was using webrick in production. Changed it to puma and things are fine.

Unauthorized Access with Paypal REST API

Everything works fine in a development/localhost environment.
When deploying to heroku, using sandbox/test credentials on a new app, and creating a new payment I am getting
A PayPal::SDK::Core::Exceptions::UnauthorizedAccess occurred in orders#create:
Failed. Response code = 401. Response message = Unauthorized.
Again, everything thing works in a development environment
Should I permit any specific domains (like in Facebook integration)?
If you are running a Rails application on a public server, there is quite a chance that the Rails environment is set to "production".
If you further use the config/initializers/paypal.rb and config/paypal.yml generated by the Paypal API SDK's standard generator, then:
the initializer loads configuration for the current Rails environment, which is "production"
and in the production configuration one important line presumes that you want to run on the live API
So most probably you are attempting to communicate with the live API without knowing it. Changing the line to mode: sandbox should make you happy.
I had this problem and I called Paypal. It was a config problem in my account.
To resolve I went to https://developer.paypal.com, logged in, Then clicked on Dashboard Then on my account (left) The Direct credit cards has a grey x next to it so you have to click the link next to it that reads Enable live credentials Once you do this you have to answer some verification questions then they approve your account then your live and the unauthorized error goes away.

Dropbox throws "Invalid redirect_uri" error, although exactly the same url is specified in the app

I want to start my Dropbox-app by linking to a dropbox account as specified here:
https://www.dropbox.com/developers/datastore/tutorial/js
However, dropbox won't redirect back to my website and throws "Invalid redirect_uri"
I specified various redirect urls and double checked my app_key, but i could not get it to work. What am i doing wrong?
Thanks in advance!
When I had this issue, I realized that when refreshing the dropbox app console page, it hadn't saved my domain value. Apparently, ONLY HTTPS prefixed domains will work. When I added https it worked fine and saved my value, then I was able to get that to work with my javascript, but I was wishing that I didn't have to setup a server with a cert just to test. Security security, I guess.
http://blah.com // didn't work
https://blah.com // did work
Make sure the full, exact URL is registered as a redirect URI. (E.g. https://www.mydomain.com/mypage.html) The error message in the browser should tell you the exact URI that was attempted, so you should be able to match it perfectly.
I am brand new on this and ran into the same issue today attempting to follow the "Dropbox Datastores and Drop-Ins" tutorial on net.tutsplus.com
My setup is on a local system as well with the solution in a sub directory called "todo".
By trial and error, I got through to the authorisation screen by adding this URI in the Dropbox Developer Console: "http://LH.LH/todo/" (without quotes, AND because of comment restrictions on this board, please replace "LH.LH" with "localhost")
Btw I can see in the console, that there are some other issues with the code, but I will be looking into that.
I'm facing the same issue. It works fine locally, but not on production. I find it to be because of the redirection URI: it adds the 'http://' bit, while you can't add this to the list of supported URI in the Dropbox app list.
Try changing the url manually from the browser, removing the http:// and leaving only the domain. Does it work? If so, you have the same problem as I do... which I still don't know how to fix :(

Facebooker params empty

I am trying to connect facebooker and authlogic using this http://github.com/kalasjocke/authlogic_facebook_connect
I was having problems so began to debug the facebooker gem code. I realized that no params are getting set using the facebook login that have anything to do with facebook. I can push the facebook login button, it brings up the facebook window as it should and I accept/sign into facebook. Then in facebooker/rails/controller.secure_with_facebook_params! I print out params, this is what shows:
authenticity_token<pulled out token number>actioncreatecontrollerperson_sessions
person_sessions is the name of my user_sessions. Not sure if this makes a difference though...
This is it. Clearly there should be other parameters here. I checked to make sure that my application numbers are all OK with facebooker.yml (although honestly I don't understand why that would matter as I'm not yet making a facebook app, just want to use connect).
Any ideas?? I would be SOOOO thankful if someone could help me out... any clues would be useful!
K
Argh I think I finally figured it out! Since I don't have an app yet then set_asset_host_to_callback_url in facebooker.yml should be set to false. However, after this is done, you have to close browser as it seems to store previous session. Now to fix my next problem!
I had this same issue, my problem was that I had set a Site Domain on my application settings page on Facebook itself... I wasted lots of time fiddling with my code and my settings in my rails app when it was a facebook setting all along. Big up to Alex Neth on the authlogic google group in the end. So what I had was
Application ID 150132505999999
Application Secret e7fb8001d80e99999999999999999999
Site URL http:// localhost:3000
Site Domain localhost
and what I should have had was
Application ID 150132505999999
Application Secret e7fb8001d80e99999999999999999999
Site URL http:// localhost:3000
Site Domain
duh, probably an obvious one but I hope this helps someone out somewhere.
(I've had to break up the site url there for spam issues on this site)

Resources