How to stop omniauth client_options from being passed to facebook? - ruby-on-rails

My initializer/devise.rb uses:
config.omniauth :facebook, Facebook::APP_ID, Facebook::SECRET, {:scope => Facebook::SCOPE, :client_options => { :ssl => { :ca_file => '/usr/lib/ssl/certs/ca-certificates.crt' }}}
and Generates:
https://graph.facebook.com/oauth/authorize?response_type=code&client_id=123&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fusers%2Fauth%2Ffacebook%2Fcallback&parse=query&scope=user_about_me%2Cuser_birthday%2Cuser_location%2Cemail&client_options=%7B%3Assl%3D%3E%7B%3Aca_file%3D%3E%22%2Fusr%2Flib%2Fssl%2Fcerts%2Fca-certificates.crt%22%7D%7D
The strategy file facebook.rb for oa-oauth shows this:
def initialize(app, client_id=nil, client_secret=nil, options = {}, &block)
client_options = {
:site => 'https://graph.facebook.com/',
:token_url => '/oauth/access_token'
}
options = {
:parse => :query
}.merge(options)
super(app, :facebook, client_id, client_secret, client_options, options, &block)
end
Question:
It seems like it's not possible to set the :client_options by passing in a value, so why does the omniauth wiki show this code? I don't want this info being passed over the wire if it doesn't need to be and FB just ignores it as unsupported anyway. So is there a way to set the ssl options or is it even needed?

I ended up just removing the client_options parameter since it seems the config.omniauth initializer wasn't accepting it. That way it doesn't pass the value to facebook.

I know this is old, but I googled and this was the first result came up first.
I have a facebook.yml file with my config per env. I was getting this error because I didn't have client_options set up for dev. I solve it by merging in client_options if they weren't nil.
I hope this helps someone else.
FACEBOOK = YAML.load_file("#{::Rails.root}/config/facebook.yml")[::Rails.env]
config.omniauth :facebook, FACEBOOK['app_id'], FACEBOOK['secret'], { scope:FACEBOOK['scope'] }
config.omniauth['scope'].merge(client_options:FACEBOOK['client_options']) if FACEBOOK['client_options']

Related

omniauth-facebook does not return set scope

In my omniauth.rb
OmniAuth.config.logger = Rails.logger
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, Rails.application.secrets[:facebook_app_id], Rails.application.secrets[:facebook_secret], :scope => 'email,public_profile', :display => 'popup', :info_fields => 'email,public_profile'
end
Client side, javascript:
return FB.login(function(response) {
if (response.authResponse) {
return window.location = '/auth/facebook/callback;
}
}, {scope: 'email,public_profile'});
as per the FB API docs.
When the FB popup opens to ask for permissions, it correctly asks for email and public_profile. I hit OK and this is what request.env['omniauth.auth] provides me with only:
{"provider":"facebook","uid":"XXXXXXX","info":{"name":"XXXXXXX
XXXXXXX","image":"http://graph.facebook.com/XXXXXXX/picture"},"credentials":{"token":"XXXXXXX","expires_at":1444467600,"expires":true},"extra":{"raw_info":{"name":"XXXXXXX
XXXXXXX","id":"XXXXXXX"}}}
I see neither the email address nor any public info except the full name and the profile picture.
I have no clue what I'm doing wrong as I follow exactly the guidelines of the omniauth-facebook gem here: https://github.com/mkdynamic/omniauth-facebook and also the FB developer docs.
Any hints?
You are on the right path just need to update the info fields with the fields you want to pull from facebook, public_profile won't work
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, Rails.application.secrets[:facebook_app_id], Rails.application.secrets[:facebook_secret], :scope => 'email', :display => 'popup', :info_fields => 'email,first_name,last_name'
end

Dynamic omniauth.rb file rails

I am using the omniauth-magento gem: http://rubydoc.info/gems/omniauth-magento/0.0.6/frames
Setting my omniauth.rb file in initializers as such:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :magento, "TOKEN", "SECRET", :client_options => { :authorize_path => "/su", :site => "https://store.magento.com" }
end
The store needs to be dynamic though. How can I make it such OR how can I do the same thing in a controller?
Thanks!
I should mention there is another gem: https://github.com/Contiamo/omniauth-magento which allows to set dynamically but i have no clue where to put this.

Conditionals app_id for omniauth.rb. Localhost and heroku without changing omniauth.rb

I've got a rails 4 application with facebook authentication and I've deployed it on heroku.
Sometimes i debug my app using localhost. That's why I create two apps on facebook developers page - the first using heroku_address (app_id 1 and app_secret 1) and the second one using localhost_address (app_id 2 and app_secret 2).
My question is how should I configure my omniauth.rb so that my_rails_app will use app_id 1 set if heroku_adress or app_id 2 set if localhost. I would like my appliction_authentication to work both on localhost and on heroku_url without changing omniauth.rb.
Here is my omniauth.rb:
OmniAuth.config.logger = Rails.logger
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, '229517473864398', '88c42ceadf5ac4baeb36333a5fc990ac' #, {:client_options => {:ssl => {:ca_path => "/etc/ssl/certs"}}}
# provider :facebook, '1397526230476094', '5fd1171c4781525b9e5a873c095f4d6e' #, {:client_options => {:ssl => {:ca_path => "/etc/ssl/certs"}}}
end
end
Thanks in advance for your attention!
The best way is to put those information in ENV. It's easy to do with heroku, use the figaro gem if needed.

Omniauth Stripe Connect – How Can I Add Scope?

I'm using the Omniauth Stripe-Connect gem and I'd like to add a scope, but the documentation does not cover this. Here's what I'm trying right now, but the scope and stripe-landing parameters are not being included:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :stripe_connect, ENV['STRIPE_CONNECT_CLIENT_ID'], ENV['STRIPE_SECRET'], { :scope => 'read_write', :stripe_landing => 'register' }
end
The gem/strategy: https://github.com/isaacsanders/omniauth-stripe-connect
With the above gem, adding scope and stripe_landing to the Builder does not work.
Instead use just this:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :stripe_connect, ENV['STRIPE_CONNECT_CLIENT_ID'], ENV['STRIPE_SECRET']
end
And then add in the parameters in your Omniauth link:
<a href='http://exampleapp.com/auth/stripe_connect?scope=read_write&stripe_landing=register'>Connect With Stripe</a>

How do I NOT require user's email when using Rails Omniauth gem and Google OpenID

My current /config/initializers/omniauth.rb file contains:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :open_id, nil, :name => 'google', :identifier => 'https://www.google.com/accounts/o8/id'
end
When I login via Google by going to /auth/google, Google reports:
DOMAIN is asking for some information from your Google Account EMAIL
- Email address: NAME (EMAIL)
My application doesn't need the user's email and so I'd like to remove this barrier to entry. Is there anyway to remove this requirement. For Facebook, I've found I can add the "scope" property of options, for example:
provider :facebook, 'APP_ID', 'APP_SECRET', {:scope => ''}
Based on a quick review of the source for the OpenID strategy (which Google Aps auth inherits from), you can pass in options specifying which attributes are optional vs. required for an Attributes Exchange (AX) auth.
See source code here for options: https://github.com/intridea/omniauth/blob/master/oa-openid/lib/omniauth/strategies/open_id.rb
Based on that, I think you could change the options like so to remove email as a required attribute:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :open_id, nil, :name => 'google', :identifier => 'https://www.google.com/accounts/o8/id', :required => [], :optional => []
end
Good luck. I didn't test this, just reading the source.

Resources