OAuth2::Error in OauthsController#callback

[kentarohorie]

I try facebook login referring this external wiki .
but I get this error

OAuth2::Error in OauthsController#callback

if @user = login_from(provider)
{"access_token":"xxxxxxx", "token_type":"bearer","expires_in":5183999}

What should I do?

this is log

/Users/horiekentarou/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/fog-xenserver-0.2.3/lib/fog/utilities.rb:4: warning: constant ::Fixnum is deprecated
Started GET "/oauth/callback?provider=facebook&code=AQBOQE_RUqzhWDcY41CIHtghbVu98NHYzS14nEcK5HPZQBsKCol3h1_f79HaUTb3NVGXc1PvOVjEfc_wZcT_xISBNiibW3gygu1Z3zT1O4vSFPXm1l6B_jZAy7WwkEe-GfsteRrQmbIcmxA5pICQs85PEb_S5QyDsBUDoEaj_qXm7cmJp_kajq4FiP9iIU388MWwvkE-8v3Rx4MqE4GsSdlB4-B9jrX8cBNmDF7Ehs_xxDBwbRK-izHUSUaIl8LSjLlt3M7jFzskjH0uupiytbZ9KorLWdRGdweuZnYfuKsRt7V75qOWajI9kEr5GEkDjnC5f28WrB_Y5Igk38FZu5I6IU38agfYeP4XHC2uKYqOqA" for 127.0.0.1 at 2017-07-12 06:46:18 +0900
Processing by OauthsController#callback as HTML
  Parameters: {"provider"=>"facebook", "code"=>"AQBOQE_RUqzhWDcY41CIHtghbVu98NHYzS14nEcK5HPZQBsKCol3h1_f79HaUTb3NVGXc1PvOVjEfc_wZcT_xISBNiibW3gygu1Z3zT1O4vSFPXm1l6B_jZAy7WwkEe-GfsteRrQmbIcmxA5pICQs85PEb_S5QyDsBUDoEaj_qXm7cmJp_kajq4FiP9iIU388MWwvkE-8v3Rx4MqE4GsSdlB4-B9jrX8cBNmDF7Ehs_xxDBwbRK-izHUSUaIl8LSjLlt3M7jFzskjH0uupiytbZ9KorLWdRGdweuZnYfuKsRt7V75qOWajI9kEr5GEkDjnC5f28WrB_Y5Igk38FZu5I6IU38agfYeP4XHC2uKYqOqA"}
Completed 500 Internal Server Error in 204ms (ActiveRecord: 0.0ms)


  
OAuth2::Error (: 
{"access_token":"EAAb0SDXOsEABAGo44x3CS18CSVNlQkrsarKmVTnRySt6OYOI8XF2tOlHP8nyv9tovSJKKS0YpFQElciGF4jRnmcYxNzJu339Uy7JZAE9edTZBuqbP5Lu4lOrI1WDs2M9nSb6StopxccnrYhnQkZCcJHQEkPkrnPpHOaUP1ZBIwZDZD","token_type":"bearer","expires_in":5183999}):
  
app/controllers/oauths_controller.rb:12:in `callback'
  Rendering /Users/horiekentarou/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/actionpack-5.0.2/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb within rescues/layout
  Rendering /Users/horiekentarou/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/actionpack-5.0.2/lib/action_dispatch/middleware/templates/rescues/_source.html.erb
  Rendered /Users/horiekentarou/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/actionpack-5.0.2/lib/action_dispatch/middleware/templates/rescues/_source.html.erb (4.6ms)
  Rendering /Users/horiekentarou/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/actionpack-5.0.2/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb
  Rendered /Users/horiekentarou/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/actionpack-5.0.2/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb (2.2ms)
  Rendering /Users/horiekentarou/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/actionpack-5.0.2/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb
  Rendered /Users/horiekentarou/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/actionpack-5.0.2/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb (1.2ms)
  Rendered /Users/horiekentarou/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/actionpack-5.0.2/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb within rescues/layout (97.4ms)

OauthsController#callback

[1] pry(#<OauthsController>)> params
=> <ActionController::Parameters {"provider"=>"facebook", "code"=>"AQD6WCCmUNBYJAU6dRHaWPGZW2gXujz8iMUl9iYVKgmteOUMPH7ODl65pvOmsoY-z4LcM6Ja1w88D6PsbgQxxPiZRf6TdPHKoF-UKnYOiKqfcduIM72agsaVaUXrzVIeIhuc1lYupzuGxncSJnktBBsxXlw_5cAd-jMyeu1E-_XzL9UCnJ1EZBA_ys6QIKdzSjKAAmKvhXw5yj0cJ8Qq5rlzAuHkGUCsgCSpjcUV1HoiOjEZBew6BNXWbhg3rubs0-GAYtvSFiew0l2HbapaN9yAeQfnOEDnvujMjyQaXi3wEafR3SGb0E9bVl3FgpHd-BiVPmQ1OxemIPZX5ffH50B6r-j9VwjTuZ8MBdiZ7Tsbdg", "controller"=>"oauths", "action"=>"callback"} permitted: false>
[2] pry(#<OauthsController>)> login_from("facebook")
OAuth2::Error: : 
{"access_token":"EAAb0SDXOsEABAPtuab8FYwF7yESinN48E2fSuYEqZBQOPbD4TUzvOhZBr4xyGlFpQVWqzkyckfD3JbPsemKimYcE9dCy9faBr3spoL5C36vpughq9HWGuKlJ15e8XxjdakmAkfOoYyprpWCSYZAU8ncvSf9u9K7yskotIrxPgZDZD","token_type":"bearer","expires_in":5182749}
from /Users/horiekentarou/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/oauth2-1.3.0/lib/oauth2/client.rb:149:in `get_token'
[5] pry(#<OauthsController>)> 

get_token method in Oauth2's client.rb
options[:raise_errors]
=> true

and I get error get_access_token in sorcery's oauth2.rb

    20:       def get_access_token(args, options = {})
 => 21:         binding.pry
    22: 		client = build_client(options)
    23:         client.auth_code.get_token(
    24:           args[:code],
    25:           {
    26:             redirect_uri: @callback_url,
    27:             parse: options.delete(:parse)
    28:           },
    29:           options
    30:         )
    31:       end

[1] pry(#<Sorcery::Providers::Facebook>)> options
=> {:token_url=>"oauth/access_token", :mode=>:query, :param_name=>"access_token", :parse=>:query}
[2] pry(#<Sorcery::Providers::Facebook>)> build_client(options)
=> #<OAuth2::Client:0x007fbdb3762118
 @id="1957440837824576",
 @options=
  {:authorize_url=>"/oauth/authorize",
   :token_url=>"oauth/access_token",
   :token_method=>:post,
   :auth_scheme=>:request_body,
   :connection_opts=>
    {:ssl=>
      {:ca_file=>
        "/Users/horiekentarou/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/sorcery-0.10.2/lib/sorcery/controller/submodules/../../protocols/certs/ca-bundle.crt"}},
   :connection_build=>nil,
   :max_redirects=>5,
   :raise_errors=>true,
   :mode=>:query,
   :param_name=>"access_token",
   :parse=>:query},
 @secret="****",
 @site="https://graph.facebook.com">

[kentarohorie]

NoamB/sorcery#811

[kentarohorie]

raise error at first, when OAuth2::Client.new

[6] pry(#<Sorcery::Providers::Facebook>)> defaults = {site: @site, ssl: { ca_file: Sorcery::Controller::Config.ca_file } }
=> {:site=>"https://graph.facebook.com",
 :ssl=>
  {:ca_file=>
    "/Users/horiekentarou/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/sorcery-0.10.2/lib/sorcery/controller/submodules/../../protocols/certs/ca-bundle.crt"}}
[7] pry(#<Sorcery::Providers::Facebook>)> ::OAuth2::Client.new(@key, @secret, defaults.merge!(options))
=> #<OAuth2::Client:0x007fcf05e5e080
 @id="1957440837824576",
 @options=
  {:authorize_url=>"https://www.facebook.com/v2.9/dialog/oauth",
   :token_url=>"oauth/access_token",
   :token_method=>:post,
   :auth_scheme=>:request_body,
   :connection_opts=>
    {:ssl=>
      {:ca_file=>
        "/Users/horiekentarou/.rbenv/versions/2.4.0/lib/ruby/gems/2.4.0/gems/sorcery-0.10.2/lib/sorcery/controller/submodules/../../protocols/certs/ca-bundle.crt"}},
   :connection_build=>nil,
   :max_redirects=>5,
   :raise_errors=>true},
 @secret="****",
 @site="https://graph.facebook.com/v2.9">
[8] pry(#<Sorcery::Providers::Facebook>)> options
=> {:site=>"https://graph.facebook.com/v2.9",
 :authorize_url=>"https://www.facebook.com/v2.9/dialog/oauth",
 :token_url=>"oauth/access_token"}

[ebihara99999]

@kentarohorie Sorry, it's the right project..athix advised you, and you moved the issue. Deleted the commment.

[kentarohorie]

@ebihara99999 should I delete this comment?

[ebihara99999]

@kentarohorie
No, I meant I report I "deleted the comment" not to bother you by deleting mine. No need to delete your comments, sorry for confusing:pray:

[joshbuker]

Hi @kentarohorie,

Could you please post your full callback method and Sorcery config file? (Make sure to delete/omit any keys/secrets if they aren't environment variables! Also, I believe @secret from your most recent comment might be the facebook secret, if so I would recommend regenerating the secret just to be safe.) I can't quite tell where the issue is, it might just be a bad configuration and the wiki needs to be updated.

[kentarohorie]

ops...I forget hide my secret! thank you!!

[kentarohorie]

sorcery.rb

Rails.application.config.sorcery.submodules = [:remember_me, :reset_password, :external]
Rails.application.config.sorcery.configure do |config|
  config.external_providers = [:facebook]
  config.facebook.key = "****"
  config.facebook.secret = "****"
  config.facebook.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=facebook"
  config.facebook.user_info_mapping = { email: "email", gender: "gender" }
  config.facebook.user_info_path = "me?fields=email, name, gender"
  config.facebook.access_permissions = ["email", "publish_actions"]
  config.facebook.display = "popup"
  config.facebook.api_version = "v2.9"
  config.user_config do |user|
    user.reset_password_mailer = UserMailer
    user.authentications_class = Authentication
  end
  config.user_class = 'User'
end

[kentarohorie]

my callback method

class OauthsController < ApplicationController

  def oauth
    login_at(params[:provider])
  end

  def callback
    provider = params[:provider]
    if @user = login_from(provider)
      redirect_to root_path, :notice => "Logged in from #{provider.titleize}!"
    else
      begin
        @user = create_from(provider)
        reset_session 
        auto_login(@user)
        redirect_to root_path, :notice => "Logged in from #{provider.titleize}!"
      rescue
        redirect_to root_path, :alert => "Failed to login from #{provider.titleize}!"
      end
    end
  end


  private
  def auth_params
    params.permit(:code, :provider)
  end
end

[kentarohorie]

Thank you for your help
@athix @ebihara99999

[kentarohorie]

@athix
Hi!
Were there something my careless miss?

[ebihara99999]

@kentarohorie
Looking over your codes, I found one strange point: config.facebook.user_info_path = "me?fields=email, name, gender". Would you try config.facebook.user_info_path = "me?fields=email,name,gender", removing spaces?

@user_info_path seems string object expressing query added to url.
https://github.com/Sorcery/sorcery/blob/master/lib/sorcery/providers/facebook.rb#L21

The link is the issue of adding config.facebook.user_info_path, and the expected value is without speces.

Seeing the official document, it also expects query without spaces:
https://developers.facebook.com/docs/graph-api/using-graph-api?locale=en

It's an example written in the page:

GET graph.facebook.com
  /me?
    fields=albums.limit(5),posts.limit(5)

I hope this helps!

[kentarohorie]

@ebihara99999
thanks for your help!
I tried, but result is same...

[joshbuker]

@kentarohorie,

provider = params[:provider] should be provider = auth_params[:provider]

Not sure if that's the cause of the issue. Probably isn't, although it is good practice to use strong params.

[kentarohorie]

@athix
I did! thanks!
It's actually good practice.

Do you have any idea about this facebook login error?

[joshbuker]

Here is my current configs for reference:

  config.facebook.user_info_path = 'me?fields=name,email,locale,timezone'
  config.facebook.user_info_mapping = { realname: 'name',
                                        email: 'email',
                                        locale: 'locale',
                                        timezone: 'timezone' }
  config.facebook.access_permissions = ['public_profile', 'email']
  config.facebook.display = 'page'
  config.facebook.api_version = 'v2.8'

Perhaps try changing the display to page, and including 'public_profile' in your permissions? Other than that, it might just be that Facebook is broken again. (They like to make breaking changes it seems...)

[kentarohorie]

I tried with your advice.

  config.facebook.key = "REGENERATE_ME"
  config.facebook.secret = "REGENERATE_ME"
  config.facebook.callback_url = "http://0.0.0.0:3000/oauth/callback?provider=facebook"
  config.facebook.user_info_mapping = { email: "email" }
  config.facebook.user_info_path = "me?fields=email,name,gender"
  config.facebook.access_permissions = ['public_profile', 'email']
  config.facebook.display = "page"
  config.facebook.api_version = "v2.9"

but result is same...
and I confirm facebook setting, but not work

[joshbuker]

Hm. Have you tried using any other OAuth providers and seeing if they give the same error? That would at least narrow it down a little bit more. I would recommend trying twitter, it seems to be the easiest to get setup.

Possibly related? Intridea/OAuth2 #75

[ebihara99999]

Umh...is it a personal app and open to anybody? Then I can debug in this weekend if I have time.

[kentarohorie]

I try with twitter. and It work!!
Perhaps, is it cause by facebook config?

[joshbuker]

@kentarohorie what version of Sorcery are you using? Just realized your config doesn't have parse in it, and the error looks like the new response format Facebook uses. Could be #53 causing issues due to an outdated version.

[kentarohorie]

@athix
my sorcery version is sorcery (0.10.3, 0.10.2)
Should i update to 0.11?

[joshbuker]

Haha, mystery solved.

@kentarohorie Yes, please update to 0.11 and that should hopefully solve the issue. If it does, I'll make sure to update the changelog, wiki, and any other relevant places to make sure users know to use 0.11.0+ if they need Facebook.

[kentarohorie]

It's work with 0.11!!!!
thanks a lot!!!!!!
@athix

[joshbuker]

No problem @kentarohorie!

I've updated the wiki and Changelog, closing this issue.