I'm out of ideas. I have a .NET Core 2.1 web app using Facebook Login. Facebook Login worked just fine until I upgraded from .NET Core 1.1 to 2.1. This works fine locally (localhost), but fails on our staging server (Apache on CentOS, EC2).
Our Facebook Login redirect URI is set up correctly in the Facebook app's login settings: http://example.com/ and https://example.com/ (see screenshot below).
What's interesting is in our .NET Core 1.1 branch, the request to http://example.com/signin-facebook?code=SOME_CODE shows up in the log once. In our .NET Core 2.1 branch, the request shows up twice, back-to-back.
Any idea how to dig more into the Facebook middleware that IdentifyFramework is using under the hood?
Facebook Login Settings:
Debug Log:
.NET Core 2.1.802, CentOS (Linux), EC2 instance
// debug ouput
AuthenticationScheme: Facebook was challenged.
Executed action Foobar.Controllers.AccountController.FacebookLogin
Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 2.1144ms 302
Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET http://example.com/signin-facebook?code=SOME_LONG_CODE
Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET http://example.com/signin-facebook?code=SOME_LONG_CODE
Error from RemoteAuthentication: OAuth token endpoint failure: Status: InternalServerError;
Headers: WWW-Authenticate: OAuth "Facebook Platform" "invalid_code"
"Error validating verification code.
Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request"
Error from RemoteAuthentication: OAuth token endpoint failure: Status: InternalServerError;
Headers: WWW-Authenticate: OAuth "Facebook Platform" "invalid_code"
facebook-api-version: v2.12
Related
I'm trying to upgrade my APEX application (APEX 20.2.0.00.20) with a Keycloak authorization procedure.
What I am doing:
A - On Keycloak:
Realm: we already have a realm configured, which is used by other apps, in other development technologies.
1 - Client configuration - first attempt:
Root URL: ${authBaseUrl}
Valid Redirect URIs: /realms/[realm]/[client]/*
Base URL: /realms/[realm]/[client]/
Web Origins: *
2 - Client configuration - second attempt:
Root URL: empty
Valid Redirect URIs: http://[APEX app IP]:7020/*
Base URL: http://[APEX app IP]:7020/ords/[workspace]/r/[app_name]/
Web Origins: *
APEX configuration:
Authentication Scheme:
Credential Store: [APEX webcredential configured to keycloak client]
Authentication Provider: generic oauth2 provider.
Authorization Endpoint URL:
https://[keycloak address]/auth/realms/[realm]/protocol/openid-connect/auth
Token Endpoint URL:
https://[keycloak address]/auth/realms/[realm]/protocol/openid-connect/token
User Info Endpoint URL:
https://[keycloak address]/auth/realms/[realm]/protocol/openid-connect/userinfo
Token Authentication Method: basic authentication and client id in body
Scope: email
Authentication URI Parameters: empty
Username: #sub# (#APEX_AUTH_NAME#)
Convert Username To Upper Case: no
Verify Attributes: yes
** Tests **
I run my APEX app URL in workspace.
Test result of Client configuration nr. 1:
The following URL is shown as result:
https://[keycloak host]/auth/realms/[realm]/protocol/openid-connect/auth?response_type=code&client_id=[client_name]&scope=email&redirect_uri=http://[APEX address]:7020/ords/apex_authentication.callback&state=[A TOKEN/HASH]
And on the screen, the keycloak background image with the message:
Invalid parameter: redirect_uri. and a return to application link.
Test result of Client configuration nr. 2:
The keycloak login URL is activated and the login form is shown.
I type my user and password (keycloak user, configured on the client) and submit.
The following URL is shown as result:
https://[keycloak host]:7020/ords/apex_authentication.callback?state=[A TOKEN/HASH]
And on the screen, a APEX grey background (I know is a apex screen because a error with the icon is shown here) with the message:
Error processing request.
Contact your application administrator.
Question:
I think the second configuration is better, because I can do the Login on keycloak, but the redirect by keycloak to APEX fails, I think I APEX side.
Maybe any information sent by keycloak is wrong or it is missed.
Anyone knows what is the right configuration in APEX and keycloak?
I'm having issues with using the facebook login feature.
At the moment I have yet to deploy and am testing locally on my machine.
I've followed all the steps of:
1) Adding the facebook App ID and App Secret
2) changed the OAuth redirect URI to https://study-buddy-6646a.firebaseapp.com/__/auth/handler
However I am still getting the following error:
{"error":{"code":400,"message":"Error getting access token from
FACEBOOK, OAuth2 redirect uri is:
https://study-buddy-6646a.firebaseapp.com//auth/handler, response:
OAuth2TokenResponse{params:
error=OAuthException&error_description=Error%20validating%20client%20secret.,
httpMetadata: HttpMetadata{status=400, cachePolicy=NO_CACHE,
cacheDuration=null, cacheImmutable=false, staleWhileRevalidate=null,
filename=null, lastModified=null, headers=HTTP/1.1 200 OK\r\n\r\n,
cookieList=[]}}","errors":[{"message":"Error getting access token from
FACEBOOK, OAuth2 redirect uri is:
https://study-buddy-6646a.firebaseapp.com//auth/handler, response:
OAuth2TokenResponse{params:
error=OAuthException&error_description=Error%20validating%20client%20secret.,
httpMetadata: HttpMetadata{status=400, cachePolicy=NO_CACHE,
cacheDuration=null, cacheImmutable=false, staleWhileRevalidate=null,
filename=null, lastModified=null, headers=HTTP/1.1 200 OK\r\n\r\n,
cookieList=[]}}","domain":"global","reason":"invalid"}]}}
Any help would be greatly appreciated!
I am building a flash briefing skill for Alexa. I am using JSON, the JSON feed seems to be working well, went over the checklist and everything checks but when enabling the skill and starting my flash briefing I only get the "Custom Error Message" I have specified in the flash briefing skill definition, with no errors in the CloudWatch logs or anywhere else. No error when checking the feed elsewhere.
I am using AWS API gateway without authentication and the Content-Type is properly set to application/json and I double checked the response with JSONlint.
This is the URL for the feed:
https://l7kjk6dx49.execute-api.us-east-1.amazonaws.com/prod/postedmessage/feed
Following the suggestion of #Bob I updated the feed URL and enabled logging. The feed is called properly from my browser and there seems to be a call when trying to open the flash briefing and the response is OK, from Cloudwatch logs:
2016-11-19
16:15:34
Starting execution for request: 66ac03af-ae73-11e6-8719-1d2a8a213089
16:15:34
HTTP Method: GET, Resource Path: /postedmessage/feed
16:15:35
Successfully completed execution
16:15:35
Method completed with status: 200
I have seen a lot of these errors all over the net with different developer framework
{
"error": {
"message": "Invalid redirect_uri: Given URL is not allowed by the Application configuration.",
"type": "OAuthException",
"code": 191
}
}
I am using Mule ESB to post a comment on a wall but get this error. I have used localhost and the IP address of my PC but nothing seems to work. I am behind a proxy server so not sure if that is the problem. It also seems that Facebook has chaned the UI of the apps page as a lot of sample refer to pages that do not exist anymore.
How do I get my Facebook page to accept my auth and then post using Mule.
Regards.
Jaco.
Have you configured Facebook properly? They tend to change their app system every few months, so any example is usually outdated. The following works with my test app (just tests auth, does not save token):
FB App:
Settings
-> Basic
-> Add Platform
-> App on Facebook
-> Canvas URL: http://localhost:3000/
Mule:
<facebook:config-with-oauth name="Facebook" appId="${id}" appSecret="${secret}" doc:name="Facebook">
<facebook:oauth-callback-config domain="localhost" localPort="3000" remotePort="3000"></facebook:oauth-callback-config>
</facebook:config-with-oauth>
<flow name="authorize">
<http:inbound-endpoint exchange-pattern="request-response" host="localhost" port="3000" path="authorize"></http:inbound-endpoint>
<facebook:authorize config-ref="Facebook"></facebook:authorize>
</flow>
If you have a proxy / port forwarding in your environment, you should add the remotePort option explicitly. I run my Mule inside a virtual machine, and it produces the invalid url error without it.
Getting the following error setting up ACS/Facebook integration:
HTTP Error Code: 502 Message: ACS40000: An error occurred while
processing a Facebook sign-in response. This may be caused by invalid
configuration of the Facebook application. Inner Message: ACS40001:
An error occurred while attempting to get an access token from
Facebook. Inner Message: ACS90005: Web exception Trace ID:
988ec1a7-e02b-4dcf-abab-51812745a121 Timestamp: 2011-07-12 19:59:51Z
I've verified that App ID, App Secret, Site URL and Site Domain have all been set.
For Site Url, we're using https://project.accesscontrol.windows.net
For Site Domain, we're using project.accesscontrol.windows.net
I'm using the following as a guideline:
http://blogs.objectsharp.com/cs/blogs/steve/archive/2011/04/21/windows-azure-access-control-services-federation-with-facebook.aspx?CommentPosted=true#commentmessage
http://www.leastprivilege.com/AccessControlServiceV2AndFacebookIntegration.aspx
Any ideas would be appreciated.
Just checked my (working) settings. Differences I see:
I did not enter a Site Domain over at Facebook
On the ACS side, I have "Application permissions" set to "email" (not sure if you have something entered there?)