I'm having an issue integrating PayPal into my Rails 3 app using Ryan Bates's screencasts as a guide ( http://railscasts.com/episodes/143-paypal-security).
After payment's complete on the PayPal sandbox, the user's redirected back to the correct URL. Everything from encryption to IPN works great.
For some reason, though, Rails throws a routing error immediately when the user's redirected from PayPal--even though the resource exists. The page repeats the error when I refresh the page, but when I navigate to the URL on my own it renders correctly. The routing error only occurs when PayPal redirects to my app.
I'm using Rails 3.0.10 with Ruby 1.9.2.
Has anyone ever seen this before? What's the cause?
Thanks!
If I remember correctly, the production version of PayPal does a POST of the redirect URL, while the sandox would do a GET. Which is, I know, weird!
Can you change your route for the specific redirect action to match instead of get and try again!?
Also, make sure you exempt it from protect_from_forgery :)
Related
I'm implementing Facebook login on a Rails 5 app with Devise and the omniauth-facebook gem and I'm getting the following error:
URL Blocked: This redirect failed because the redirect URI is not whitelisted in the app’s Client OAuth Settings. Make sure Client and Web OAuth Login are on and add all your app domains as Valid OAuth Redirect URIs.
I followed this tutorial: https://medium.com/#trydelight/facebook-authentication-with-devise-5b53d2f664ed
So for the "Valid OAuth Redirect URIs" it works locally with no URIs whitelisted, but for production I added
https://noora.app/users/auth/facebook and https://www.noora.app//users/auth/facebook (the production domain is noora.app). After getting the error I even added 2 more URIs with a / on the end and added noora.app and www.noora.app as domains, but I'm still getting the same error.
The app is on live mode and the login page is at https://noora.app/users/sign_in. Part of the Facebook settings are here:
Any ideas? Config seems good, but maybe someone sees something I don't? Thanks!
You should whitelist your callback url, not the one that has login button:
https://noora.app/users/auth/facebook/callback
I was looking for this answer for hours, the solution for me was:
When I checked the params in facebook error page, it said:
redirect=mydomain/auth/facebook/callback
and not:
redirect=mydomain/users/auth/facebook/callback
So I add the first one to Valid OAuth Redirect URIs, without users, and problem solved!!!
I have to integrate simple paypal into my app.
I am using following url as tutorial.
paypal tutorial link
before directing to paypal page I print its url in logs, which is
https://www.sandbox.paypal.com/cgi-bin/webscr?amount=12&cmd=_xclick&invoice=19&item_name=testing&item_number=19&personal=omairr.azam-facilitator%40gmail.com&quantity=1&return=http%3A%2F%2Four_ngrok_url%23%3CUser%3A0x0000010a4e1528%3E&upload=1
But when I am redirected to paypal sandbox, the url that i see in my browser is
https://www.paypal.com/myaccount/home
and I cannot see checkout form that will take credentials from buyer and show details about transaction.
NOTE: I am on localhost at this stage and have not deployed my app
Please help me in this, Thanks.
I think this is due to your return url, which may be improperly set. It seems to be appending a User instance to your ngrok url. Changing the url to something else takes me to: https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_flow&SESSION=GcW-vpSKb2wALSTAyNuU29ltNqKyVjVwIuNy3mqgKDM_Df2abfo9PWP6KXm&dispatch=50a222a57771920b6a3d7b606239e4d529b525e0b7e69bf0224adecfb0124e9b61f737ba21b08198163eee001d8a5bd337af8e5197b2a388 where I was informed that there's a problem with your email
I'm attempting to sign in users with the LinkedIn Omniauth 2 gem. I have tried a few different possibilities for the redirect, read several articles and nothing is working.
I'm trying to test this locally.
Rails 4 app
Gems include:
omniauth
omniauth-linkedin-oath2
A few attempts of the redirect URL to put in the box includ:
https://www.linkedin.com/uas/oauth2/authorization?client_id=759dczzx23nyic&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Flinkedin%2Fcallback&response_type=code&scope=r_basicprofile+r_emailaddress&state=8da572e31a8e66e6b1de54acddd14937d976ed06d7ed3217&client_id=*
= API Key that needs to stay private
http://localhost:3000
http://localhost:3000/
http://www.localhost:3000
https://localhost:3000
https://localhost:3000/
https://www.localhost:3000
I read both of these articles the entire way through, but still couldn't attempt to find the correct way to redirect it.
https://developer.linkedin.com/forum/register-your-oauth-2-redirect-urls
https://developer.linkedin.com/forum/oauth-20-redirect-url-faq-invalid-redirecturi-error
Any help in what I need to change would be great.
They need to match exactly what you are sending:
http://localhost:3000/auth/linkedin/callback
In case of Linkedin Authorized Redirect URLs should be in form of:
http://localhost:8080/your-project-name/auth/linkedin
After authentication if you want to redirect to a specific page then
http://localhost:8080/your-project-name/that-page-url
I was having a similar issue and kept getting "Invalid redirect_uri. This value must match a URL registered with the API Key." error when using Auth0
I added URL below to LinkedIn's list of allowed callback then it worked.
https://"Insert your Client Domain Name from Auth0"/login/callback
Edit: This is a mostly Rails question
I'm trying to implement instant payment notification API (IPN), which calls your server if the Paypal payment goes through. The problem I'm seeing now is when Paypal IPN hits the url I designated, it is failing with the following error:
> Started POST "/checkout/complete?id=1&amount=3445&authenticity_token=NkOwgJ1H2TEmwO6T+hROu96kWr4yGcTzHD6MbTswgyU="
> ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
The authenticity_token it uses is the one I passed during the initial phase while redirecting to Paypal. Apparently, that's not a valid option. When I leave that blank, though, it's throwing the same error.
I wonder if I can disable authenticity_token requirement or get around it somehow, so that when Paypal posts to my app it can go through without any errors.
Sounds like the csrf is causing the issue, adding skip_before_filter :verify_authenticity_token to your controller should allow it to process.
If your using that authenticity_token as a security measure, then store and check it manually in your controllers.
I am trying to connect facebooker and authlogic using this http://github.com/kalasjocke/authlogic_facebook_connect
I was having problems so began to debug the facebooker gem code. I realized that no params are getting set using the facebook login that have anything to do with facebook. I can push the facebook login button, it brings up the facebook window as it should and I accept/sign into facebook. Then in facebooker/rails/controller.secure_with_facebook_params! I print out params, this is what shows:
authenticity_token<pulled out token number>actioncreatecontrollerperson_sessions
person_sessions is the name of my user_sessions. Not sure if this makes a difference though...
This is it. Clearly there should be other parameters here. I checked to make sure that my application numbers are all OK with facebooker.yml (although honestly I don't understand why that would matter as I'm not yet making a facebook app, just want to use connect).
Any ideas?? I would be SOOOO thankful if someone could help me out... any clues would be useful!
K
Argh I think I finally figured it out! Since I don't have an app yet then set_asset_host_to_callback_url in facebooker.yml should be set to false. However, after this is done, you have to close browser as it seems to store previous session. Now to fix my next problem!
I had this same issue, my problem was that I had set a Site Domain on my application settings page on Facebook itself... I wasted lots of time fiddling with my code and my settings in my rails app when it was a facebook setting all along. Big up to Alex Neth on the authlogic google group in the end. So what I had was
Application ID 150132505999999
Application Secret e7fb8001d80e99999999999999999999
Site URL http:// localhost:3000
Site Domain localhost
and what I should have had was
Application ID 150132505999999
Application Secret e7fb8001d80e99999999999999999999
Site URL http:// localhost:3000
Site Domain
duh, probably an obvious one but I hope this helps someone out somewhere.
(I've had to break up the site url there for spam issues on this site)