I integrated omniauth-facebook using https://github.com/plataformatec/devise/wiki/OmniAuth%3a-Overview. But I am getting error of :
Could not authenticate you from Facebook because "Invalid credentials".
And in logs, getting this:
Authentication failure! invalid_credentials: OAuth2::Error, : {"error":{"message":"This authorization code has been used.","type":"OAuthException","code":100}}
I have devise installed. When i click on facebook sign in link, it comes back to devise sign "www.mealnut.com/user/sign_in#=" and gives above error. I checked the solution for "Invalid credentials" on https://github.com/plataformatec/devise/wiki/OmniAuth%3a-Overview and as mentioned there, my app is header set for App Type = Web. Not getting why it is not working.
Also my app is pending review from facebook. But i don't think it is related to this error. Following are the things i did for omniauth-facebook:
Gemfile contains:
gem "omniauth", "~> 1.1.4"
gem 'omniauth-facebook', '1.4.1'
In user model, added:
devise :omniauthable, :omniauth_providers => [:facebook]
attr_accessible :provider, :uid
def self.find_for_facebook_oauth(auth, signed_in_resource=nil)
user = User.where(:provider => auth.provider, :uid => auth.uid).first
unless user
user = User.create(name:auth.extra.raw_info.name,
provider:auth.provider,
uid:auth.uid,
email:auth.info.email,
password:Devise.friendly_token[0,20]
)
end
user
end
devise.rb
require "omniauth-facebook"
config.omniauth :facebook, "APP_ID", "APP_SECRET", :scope => "offline_access, email"
omniauth.rb:
OmniAuth.config.logger = Rails.logger
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET'], {:provider_ignores_state => true}
end
route.rb:
devise_for :user, :controllers => { :omniauth_callbacks => "omniauth_callbacks" }
Omniauth controller:
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
def facebook
@user = User.find_for_facebook_oauth(request.env["omniauth.auth"], current_user)
if @user.persisted?
sign_in_and_redirect @user, :event => :authentication #this will throw if @user is not activated
set_flash_message(:notice, :success, :kind => "Facebook") if is_navigational_format?
else
session["devise.facebook_data"] = request.env["omniauth.auth"]
redirect_to new_user_registration_url
end
end
end
Can anybody help in this?
Thought I'd chip in here since this came up for me when trying to search for a solution for Could not authenticate you from Facebook because “Invalid credentials”
The problem is with Facebook API version >=2.3 you need to set {token_params: {parse: :json}}
to your provider config.
devise.rb
config.omniauth :facebook,
APP_ID,
APP_SECRET,
token_params: { parse: :json } # <----- this line is NB
Answer found on this issue for omniauth-oauth2
UPDATE Aug 2018: The "invalid credentials" issue reoccurred, I had to remove the token_params
setting for it to work again - so this may not be an issue anymore