omniauth-facebook does not return set scope - ruby-on-rails

In my omniauth.rb
OmniAuth.config.logger = Rails.logger
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, Rails.application.secrets[:facebook_app_id], Rails.application.secrets[:facebook_secret], :scope => 'email,public_profile', :display => 'popup', :info_fields => 'email,public_profile'
end
Client side, javascript:
return FB.login(function(response) {
if (response.authResponse) {
return window.location = '/auth/facebook/callback;
}
}, {scope: 'email,public_profile'});
as per the FB API docs.
When the FB popup opens to ask for permissions, it correctly asks for email and public_profile. I hit OK and this is what request.env['omniauth.auth] provides me with only:
{"provider":"facebook","uid":"XXXXXXX","info":{"name":"XXXXXXX
XXXXXXX","image":"http://graph.facebook.com/XXXXXXX/picture"},"credentials":{"token":"XXXXXXX","expires_at":1444467600,"expires":true},"extra":{"raw_info":{"name":"XXXXXXX
XXXXXXX","id":"XXXXXXX"}}}
I see neither the email address nor any public info except the full name and the profile picture.
I have no clue what I'm doing wrong as I follow exactly the guidelines of the omniauth-facebook gem here: https://github.com/mkdynamic/omniauth-facebook and also the FB developer docs.
Any hints?

You are on the right path just need to update the info fields with the fields you want to pull from facebook, public_profile won't work
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, Rails.application.secrets[:facebook_app_id], Rails.application.secrets[:facebook_secret], :scope => 'email', :display => 'popup', :info_fields => 'email,first_name,last_name'
end

Related

omniauth-google-oauth2 calendar sync giving invalid credential

I am using omniauth-google-oauth2 with branch: 'v0.2.10' for below mentioned scopes in code
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, APP_CONFIG['google_oauth2']['client_id'], APP_CONFIG['google_oauth2']['client_secret'], {
access_type: 'offline',
scope: 'https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/calendar',
redirect_uri: "#{APP_CONFIG['site_url']}auth/google_oauth2/callback",
skip_jwt: true,
prompt: 'consent',
provider_ignores_state: true
}
end
But when i try to sync calendar, it gives me invalid_credential error as below
auth/failure?message=invalid_credential?...
No more details available in response.
Please suggest me if i am doing anything wrong.
Does the APP_CONFIG['site_url'] come with slash in the end or not?
anyway i thank it most be like that:
#{APP_CONFIG['site_url']}/auth/google_oauth2/callback
instead of : #{APP_CONFIG['site_url']}auth/google_oauth2/callback

How to receive email, first name, last name and mobile from facebook after login

Devise.rb
require "omniauth-facebook"
# CREDENTIALS_CONFIG = YAML.load_file("#{Rails.root}/config/omniauth.yml")[Rails.env].symbolize_keys
# config.omniauth :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET'], :strategy_class => OmniAuth::Strategies::Facebook, :image_size => 'large'
Rails.application.config.middleware.use OmniAuth::Builder do
if Rails.env == 'production'
provider :facebook, 'sample_key', 'sample_key'
elsif ['staging', 'development'].include? Rails.env
provider :facebook, 'key_sampl', 'key_sdfjkhd',
:scope => 'email', :info_fields => 'email'
end
end
After Login with facebook receiving this hash:
({ extra"=>{"raw_info"=>{"id"=>"846548425", "name"=>"Rakesh PD"}}, "info"=>{"image"=>"http://graph.facebook.com/846548425430988/picture (2KB)
", "name"=>"Rakesh PD"}, "provider"=>"facebook", "uid"=>"846548425"} )
Not receiving logined users email first name, last name, mobile but the account contain all the informations (email first name, last name, mobile etc)
I would recommend you to create a html/js text file for you to understand how Facebook's javascript API works.
It will be quick for you to understand the raw data sent by Facebook after the log-in. In particular the restrictions to the data will be easy to spot.
The response to the omnialth-facebook gem is the same as (or very close to it) the one from the javascript SDK.
So if the javascript SDK responce produces the account parameters you need, omnialth-facebook gem would be able to retrieve it as well. Mind that if the vanilla javascript response does not have all the parameters you need, you will probably have to adjust your facebook app.
After some round of experiments I believe you will be able to adjust your facebook app or perform the necessary changes in your rails app

How to change permission with omniauth facebook and koala

I am using the following gems: omniauth_facebook and koala
When a user logs in they grant the app basic facebook rights
current_user.facebook.get_connection("me", "permissions")
{"installed"=>1, "basic_info"=>1, "email"=>1, "user_friends"=>1}
I want them to click a button that grants the app publish_stream rights. How do I change the scope or permission rights of current user?
Try this, it will work, add into your settings.
config.omniauth :facebook, ENV['FACEBOOK_KEY'],
ENV['FACEBOOK_SECRET'],{:scope => 'publish_stream',
:client_options => { :ssl => { :ca_file =>
"#{Rails.root}/config/ca-bundle.crt" } } }

Omniauth Stripe Connect – How Can I Add Scope?

I'm using the Omniauth Stripe-Connect gem and I'd like to add a scope, but the documentation does not cover this. Here's what I'm trying right now, but the scope and stripe-landing parameters are not being included:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :stripe_connect, ENV['STRIPE_CONNECT_CLIENT_ID'], ENV['STRIPE_SECRET'], { :scope => 'read_write', :stripe_landing => 'register' }
end
The gem/strategy: https://github.com/isaacsanders/omniauth-stripe-connect
With the above gem, adding scope and stripe_landing to the Builder does not work.
Instead use just this:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :stripe_connect, ENV['STRIPE_CONNECT_CLIENT_ID'], ENV['STRIPE_SECRET']
end
And then add in the parameters in your Omniauth link:
<a href='http://exampleapp.com/auth/stripe_connect?scope=read_write&stripe_landing=register'>Connect With Stripe</a>

How do I NOT require user's email when using Rails Omniauth gem and Google OpenID

My current /config/initializers/omniauth.rb file contains:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :open_id, nil, :name => 'google', :identifier => 'https://www.google.com/accounts/o8/id'
end
When I login via Google by going to /auth/google, Google reports:
DOMAIN is asking for some information from your Google Account EMAIL
- Email address: NAME (EMAIL)
My application doesn't need the user's email and so I'd like to remove this barrier to entry. Is there anyway to remove this requirement. For Facebook, I've found I can add the "scope" property of options, for example:
provider :facebook, 'APP_ID', 'APP_SECRET', {:scope => ''}
Based on a quick review of the source for the OpenID strategy (which Google Aps auth inherits from), you can pass in options specifying which attributes are optional vs. required for an Attributes Exchange (AX) auth.
See source code here for options: https://github.com/intridea/omniauth/blob/master/oa-openid/lib/omniauth/strategies/open_id.rb
Based on that, I think you could change the options like so to remove email as a required attribute:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :open_id, nil, :name => 'google', :identifier => 'https://www.google.com/accounts/o8/id', :required => [], :optional => []
end
Good luck. I didn't test this, just reading the source.

Resources