I set local environment variables for facebook key / secret in a file to use with omniauth-facebook and everything works perfectly.
Thought it might be a good idea to have 2 facebook apps, one for dev, one for the live app. Unfortunately, when I swap out the keys in the environment_variables.rb, I get the following error on every auth attempt:
OmniAuth::Strategies::Facebook::Authorization Code Error at /auth/facebook/callback
All of the settings for the two apps are identical. I swapped back in the live app credentials, and it works again.
# only change to app is changing these values
ENV['FACEBOOK_KEY'] = '*******************'
ENV['FACEBOOK_SECRET'] = '***********************************'
What I've tried:
restarting server (of course)
removing sandbox mode for dev app
resetting secret key for dev app
clearing all browsing data from browser
manually deleting cookies
What could be the problem?
Well this was stupid as anything, but I forgot to change the appId in the javascript. Now I pass the appId in as meta content:
<!-- head partial -->
<meta name="facebook-app-id" content="<%= ENV['FACEBOOK_KEY'] %>">
And then grab it with jquery
// facebook setup script
window.fbAsyncInit = function() {
FB.init({
appId : $('meta[name="facebook-app-id"]').attr('content'),
status : true, // check login status
cookie : true, // enable cookies to allow the server to access the session
xfbml : true // parse XFBML
});
};
Related
I have a React (CRA) + Node JS application already deployed locally (using the create-react-app build script), I've implemented Google OAuth signin with passportjs and cookieSession for persistence.
The login works fine but there is a strange bug when I Logout and then try to log in again with google OAuth, it just redirects me to a blank page.
This is how I make the request to my google oauth endpoint:
window.open('https://localhost:3000/auth/google', "_self")
That endpoint then is taken by my API:
app.get('/auth/google', passport.authenticate('google', { scope: ['profile', 'email'] }));
Doing some troubleshooting it seemed at first the culprit were the cookies because when I delete the site data before trying to login again... then the login works just fine.
However if I delete the cookies only (through the storage panel -> cookies -> delete all, in firefox) the bug still persists, it only disappears when I delete the site data entirely.
Moreover, The second time I try to login the request don't event reach my server.
What I've alredy tried:
Wrapping my login button inside an anchor tag and setting the anchor's tag href to the endpoint url.
Creating an anchor tag and assigning an href with the endpoint url and then clicking that new element programmatically.
None of this worked, the issue still persists.
Fresh firefox profile: this is even weird, the bug appears the very first time I try to login with google in a newly created profile. Again I have to first click the clear cookies and site data button for it to work.
Incognito mode: The issue persists, again the first time I login it works but the second time it redirects me to a blank page and the request is not even reaching my server.
What could be the problem here?
The issue was the service worker that cames with the creat-react-app template, however I didn't want to disable it completely as I want my app to be a PWA, so the next best thing was to disable the service-worker caching specifically for the page from which the user initiates the Google login (the page where the google button is).
For this I had to install the sw-precache package which allows you to modify the default service-worker that came with the create-react-app template (as you cannot directly modify it).
Then you have to create a config file at the root of your project and add these lines, in this case I call it sw-precache-config.js:
module.exports = {
runtimeCaching: [
{
urlPattern: /<the route to ignore>/,
handler: 'networkOnly'
}
]
};
and then in the build script from your package json:
"build": "react-scripts build && sw-precache --config=sw-precache-config.js"
Our QA build stays on the login page after adding the following lines of code. The website has a http URL. It is not SSL Enabled.
It always redirects to /AccountLogin/SignIn?ReturnUrl=/
builder.Services.AddSession(options =>
{
options.Cookie.HttpOnly = true;
options.Cookie.IsEssential = true;
options.Cookie.SecurePolicy = builder.Environment.IsDevelopment()
? CookieSecurePolicy.SameAsRequest
: CookieSecurePolicy.Always;
});
How do I troubleshoot this? When I point code to the QA environment, cookie policy is being set to 'SameAsRequest'. Can I somehow see this setting on a browser?
I tried to make our development environment point to http not ssl but I cannot reproduce this issue. I also tried to use the QA build environment and run our code. Either way I am able to login. It does not work when going to the QA build website. How do I know what is causing the problem?
After entering the credentials, it just stays on the sign page as if its not processing something
I have create a Polymer based Dashboard which I want to integrate with my Laravel site. My Dashboard is working fine but I have issues with routing in Polymer.
I want my Dashboard to reside at:
http://example.com/dashboard
I have set up my Laravel route as follows:
Route::get('dashboard',function(){
return View::make('polymer.dashboard');
});
and my dashboard urls should be like:
http://example.com/dashboard/#!/feedbacks
But, I am confused about what setting to make in app.js. Current app.js:
// Sets app default base URL
app.baseUrl = '/';
if (window.location.port === '') { // if production
// Uncomment app.baseURL below and
// set app.baseURL to '/your-pathname/' if running from folder in production
//app.baseUrl = '/dashboard/';
}
Under these settings, when I navigate to http://example.com/dashboard, when Polymer finishes loading, the url changes to http://example.com/.
If you haven't told the router to not use hashbangs then navigating to /dashboard won't work, it's expecting #!. You'll need to go into app/elements/routing.html and remove the line that says hashbangs: true. You'll also need to set the baseUrl to /dashboard/. Your server will also need to always return the index.html for any URL that starts with dashboard. So if the user tries to go to example.com/dashboard/feedback it should send down the index.html page again.
After you've made the change to routing.html, go into the devtools settings and enable Disable cache (with dev tools open). Then reload the app to make sure it isn't serving a cached version of the file.
TL;DR; Mixpanel doesn't set its cookie provoking the distinct_id to change constantly
I have 3 mixpanel projects: local/staging/pro. In local mixpanel tracking is working just fine, but in staging even with the code being identical (except the mixpanel token), events are being sent properly, but always with a disting_id changed. So, I see every event in mixpanel as if it were coming from a different device?!
I checked it and the problem is probably coming from the fact that mixpanel is not setting its cookie at all in my browsers.
The source code for staging looks like this:
<head>
...
<script type="text/javascript" async="" src="//cdn.mxpnl.com/libs/mixpanel-2-latest.min.js"></script>
before
<script>
(function(e,b){if(!b.__SV){var a,f,i,g;window.mixpanel=b;b._i=[];b.init=function(a,e,d){function f(b,h){var a=h.split(".");2==a.length&&(b=b[a[0]],h=a[1]);b[h]=function(){b.push([h].concat(Array.prototype.slice.call(arguments,0)))}}var c=b;"undefined"!==typeof d?c=b[d]=[]:d="mixpanel";c.people=c.people||[];c.toString=function(b){var a="mixpanel";"mixpanel"!==d&&(a+="."+d);b||(a+=" (stub)");return a};c.people.toString=function(){return c.toString(1)+".people (stub)"};i="disable time_event track track_pageview track_links track_forms register register_once alias unregister identify name_tag set_config people.set people.set_once people.increment people.append people.union people.track_charge people.clear_charges people.delete_user".split(" ");
for(g=0;g<i.length;g++)f(c,i[g]);b._i.push([a,e,d])};b.__SV=1.2;a=e.createElement("script");a.type="text/javascript";a.async=!0;a.src="undefined"!==typeof MIXPANEL_CUSTOM_LIB_URL?MIXPANEL_CUSTOM_LIB_URL:"file:"===e.location.protocol&&"//cdn.mxpnl.com/libs/mixpanel-2-latest.min.js".match(/^\/\//)?"https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js":"//cdn.mxpnl.com/libs/mixpanel-2-latest.min.js";f=e.getElementsByTagName("script")[0];f.parentNode.insertBefore(a,f)}})(document,window.mixpanel||[]);
mixpanel.init("xxxxxx3ecxxx68a2ff74xxxx", {debug:true});
</script>
and finally I track
<script>
mixpanel.track('Visit');
</script>
If it is your staging site, you might be using a top level domain that don't allow cross subdomain cookies (think heroku, aws, etc), for example, yoursubdomain.herokuapp.com. You can either:
Map your staging yousubdomain.topleveldomain.com to staging.yourdomain.com using a CNAME record in your DNS settings
or
Manually enable cookies in mixpanel.init
mixpanel.init(PROJECT_TOKEN, {cross_subdomain_cookie : false});
Here is the mixpanel doc that explains: https://mixpanel.com/help/questions/articles/mixpanel-and-herokuappcom-subdomains-and-other-common-top-level-domains
And here is the list of top level urls that breaks cookies: https://publicsuffix.org/list/effective_tld_names.dat
I'm building a PHP site that uses Facebook OAuth as the login mechanism. The problem is that when the user logs out and is directed back to my site, the site is still effectively logged (at least in appearance) in until the user manually refreshes the page.
I suspect the reason for this is because the Facebook cookies are removed only once the return page has finished rendering. I accept I'm not fully versed in the way sessions work.
User logs out
-> Redirect to Facebook
-> Redirect back to site (logout.php)
-> Clear local session
-> Redirect to home page (index.php)
-> Page renders (still logged in)
-> Cookies removed
-> Manual refresh (index.php)
-> Page renders (no longer logged in).
I had a similar issue with an ASP.NET MVC site a little while ago. My fix then was to parse the page with JavaScript after the page had loaded and once the cookies had finally been removed.
I am working on the assumption that I'm doing something wrong. I simply want index.php to recognise that Facebook is logged out without having to refresh.
I use header() to redirect from logout.php to index.php.
header("Location: index.php");
EDIT:
I have tried appending the current time to the redirect url in order to side step caching problems. This has not helped.
EDIT:
Watching cookie activity in FireCookie backs up my suspision that the Auth cookie is removed after the page is rendered. This is obviously not conclusive as FireCookie doesn't show me what's happening server side.
JS Workaround:
My current workaround is to run the following snippet on page load, where $fbUid is the Facebook User ID. It's not ideal though, because it relies on JavaScript.
FB.getLoginStatus(function(response) {
if (<?php echo $fbUid ? "true" : "false" ?> && response.session == null)
window.location.reload();
});
Rich
Probably a cacheing issue. Add some randomly generated value to the query string in the redirect, so it'll appear as a "new" page to the browser, something like:
header('Location: index.php?cachebuster=' . microtime(true));
That should force the browser to fetch a fresh copy, which would then not have the "logged in" content anymore.
Cracked it with help from Delete facebook session cookie from my application on users logout and the SDK source.
Adding this code snippet to the logout page ensures that the authentication is properly removed.
$facebook = new Facebook(array(
'appId' => FB_APP_ID,
'secret' => FB_SECRET,
'cookie' => true,
));
$fbCookieName = 'fbs_' . $facebook->getAppId();
$domain = $facebook->getBaseDomain();
if ($domain) {
$domain = '.' . $domain;
}
setcookie($fbCookieName, '', time() - 3600, '/', $domain);
$facebook->setSession();
The code empties the cookie and expires it at the same time. The session is then explicitly removed.
Rich
hi i have same this issue but i resolve this issue
buy using this
FB.Event.subscribe('auth.login', function(response) {
window.location.reload();
});
FB.Event.subscribe('auth.logout', function(response) {
window.location.reload();
});
please add this script where you have to write your login code. and enjoy