Facebook authentication not working with custom callback
I am using devise / omniauth to authenticate my Rails app against Facebook. I'm trying to change callback_path
to be something normal, but no matter what I set it, the request variable is omniauth.auth
returned as null. For example, here I am setting the callback_path
exact value if it is not set:
Devise.setup do |config |
require "omniauth-facebook"
config.omniauth :facebook,
ENV['FACEBOOK_APP_ID'],
ENV['FACEBOOK_APP_SECRET'],
scope: "email",
:setup => lambda { |env|
env['omniauth.strategy'].options[:callback_path] = "user/auth/facebook/callback"
}
end
If I don't set :callback_path
, then authentication is done and I return the data in a request variable omniauth.auth
. But I have to override it because I need to support passing the attribute back to the callback.
I have looked at the Omniauth :: Strategy code to see what might be wrong, but I cannot figure out what is going wrong.
My questions:
- Why doesn't it work?
- Is there a better way to solve the problem?
source to share
The parameter state
should not be used to transfer data (in fact, just think about it, you trust a third party with your data!). This parameter should only be used to mitigate CSRF attacks.
So what you need to do is pass any parameter you like in the link, for example:
link_to user_omniauth_authorize_path(:facebook, :some_key => 'some_data')
Omniauth will automatically add this data to the session, and on callback, remove this data from the session , giving you access to it like this:
request.env['omniauth.params']['some_key']
source to share