We Keep Coding

APEX and Keycloak integration - redirect problem after login

I'm trying to upgrade my APEX application (APEX 20.2.0.00.20) with a Keycloak authorization procedure.
What I am doing:
A - On Keycloak:
Realm: we already have a realm configured, which is used by other apps, in other development technologies.
1 - Client configuration - first attempt:
Root URL: ${authBaseUrl}
Valid Redirect URIs: /realms/[realm]/[client]/*
Base URL: /realms/[realm]/[client]/
Web Origins: *
2 - Client configuration - second attempt:
Root URL: empty
Valid Redirect URIs: http://[APEX app IP]:7020/*
Base URL: http://[APEX app IP]:7020/ords/[workspace]/r/[app_name]/
Web Origins: *
APEX configuration:
Authentication Scheme:
Credential Store: [APEX webcredential configured to keycloak client]
Authentication Provider: generic oauth2 provider.
Authorization Endpoint URL:
https://[keycloak address]/auth/realms/[realm]/protocol/openid-connect/auth
Token Endpoint URL:
https://[keycloak address]/auth/realms/[realm]/protocol/openid-connect/token
User Info Endpoint URL:
https://[keycloak address]/auth/realms/[realm]/protocol/openid-connect/userinfo
Token Authentication Method: basic authentication and client id in body
Scope: email
Authentication URI Parameters: empty
Username: #sub# (#APEX_AUTH_NAME#)
Convert Username To Upper Case: no
Verify Attributes: yes
** Tests **
I run my APEX app URL in workspace.
Test result of Client configuration nr. 1:
The following URL is shown as result:
https://[keycloak host]/auth/realms/[realm]/protocol/openid-connect/auth?response_type=code&client_id=[client_name]&scope=email&redirect_uri=http://[APEX address]:7020/ords/apex_authentication.callback&state=[A TOKEN/HASH]
And on the screen, the keycloak background image with the message:
Invalid parameter: redirect_uri. and a return to application link.
Test result of Client configuration nr. 2:
The keycloak login URL is activated and the login form is shown.
I type my user and password (keycloak user, configured on the client) and submit.
The following URL is shown as result:
https://[keycloak host]:7020/ords/apex_authentication.callback?state=[A TOKEN/HASH]
And on the screen, a APEX grey background (I know is a apex screen because a error with the icon is shown here) with the message:
Error processing request.
Contact your application administrator.
Question:
I think the second configuration is better, because I can do the Login on keycloak, but the redirect by keycloak to APEX fails, I think I APEX side.
Maybe any information sent by keycloak is wrong or it is missed.
Anyone knows what is the right configuration in APEX and keycloak?

.NET Core Facebook - "Please make sure your redirect_uri is identical"

I'm out of ideas. I have a .NET Core 2.1 web app using Facebook Login. Facebook Login worked just fine until I upgraded from .NET Core 1.1 to 2.1. This works fine locally (localhost), but fails on our staging server (Apache on CentOS, EC2).
Our Facebook Login redirect URI is set up correctly in the Facebook app's login settings: http://example.com/ and https://example.com/ (see screenshot below).
What's interesting is in our .NET Core 1.1 branch, the request to http://example.com/signin-facebook?code=SOME_CODE shows up in the log once. In our .NET Core 2.1 branch, the request shows up twice, back-to-back.
Any idea how to dig more into the Facebook middleware that IdentifyFramework is using under the hood?
Facebook Login Settings:
Debug Log:
.NET Core 2.1.802, CentOS (Linux), EC2 instance
// debug ouput
AuthenticationScheme: Facebook was challenged.
Executed action Foobar.Controllers.AccountController.FacebookLogin
Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 2.1144ms 302
Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET http://example.com/signin-facebook?code=SOME_LONG_CODE
Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET http://example.com/signin-facebook?code=SOME_LONG_CODE
Error from RemoteAuthentication: OAuth token endpoint failure: Status: InternalServerError;
Headers: WWW-Authenticate: OAuth "Facebook Platform" "invalid_code"
"Error validating verification code.
Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request"
Error from RemoteAuthentication: OAuth token endpoint failure: Status: InternalServerError;
Headers: WWW-Authenticate: OAuth "Facebook Platform" "invalid_code"
facebook-api-version: v2.12

Ruby gem facebook_ads exception_with_response: 400 Bad Request

I'm trying to query the Facebook Marketing API Insights using the facebook_ads Ruby gem. https://github.com/tophatter/facebook-ruby-ads-sdk
I created an app and have Editor permissions on the relevant pages for my company.
Next, I generated a user access token from this page after selecting ads_management permissions.
Next, I followed the instructions on this page to get a permanent page access token.
With the code below I get this error:
/var/lib/gems/2.3.0/gems/rest-client-/var/lib/gems/2.3.0/gems/rest-client-2.0.2/lib/restclient/abstract_response.rb:223:in exception_with_response': 400 Bad Request (RestClient::BadRequest)
from /var/lib/gems/2.3.0/gems/rest-client-2.0.2/lib/restclient/abstract_response.rb:103:inreturn!'
from /var/lib/gems/2.3.0/gems/rest-client-2.0.2/lib/restclient/request.rb:809:in process_result'
from /var/lib/gems/2.3.0/gems/rest-client-2.0.2/lib/restclient/request.rb:725:inblock in transmit'
from /usr/lib/ruby/2.3.0/net/http.rb:853:in start'
from /var/lib/gems/2.3.0/gems/rest-client-2.0.2/lib/restclient/request.rb:715:intransmit'
from /var/lib/gems/2.3.0/gems/rest-client-2.0.2/lib/restclient/request.rb:145:in execute'
from /var/lib/gems/2.3.0/gems/rest-client-2.0.2/lib/restclient/request.rb:52:inexecute'
from /var/lib/gems/2.3.0/gems/rest-client-2.0.2/lib/restclient.rb:67:in get'
from /var/lib/gems/2.3.0/gems/facebook_ads-0.6.6/lib/facebook_ads/base.rb:15:inget'
from /var/lib/gems/2.3.0/gems/facebook_ads-0.6.6/lib/facebook_ads/ad_account.rb:10:in `all'
I have also tried this code with my temporary user access code but get the same result.
Here is my code
#!/usr/bin/ruby
require 'facebook_ads'
MY_PAGE_PERMANENT_ACCESS_CODE = 'my access code'
APP_SECRET = 'my app secret'
FacebookAds.access_token = MY_PAGE_PERMANENT_ACCESS_CODE
FacebookAds.app_secret = APP_SECRET
accounts = FacebookAds::AdAccount.all

It turns out that I was using the page permanent access token which was out of scope for the API call. I needed to use my temporary user access code.
E, [2019-01-19T00:08:49.366067 #19868] ERROR -- : GET /me/adaccounts
OAuthException / 100: (#100) Tried accessing nonexisting field
(adaccounts) on node type (Page) RestClient::BadRequest: 400 Bad
Request
In the pry console for the gem I ran this command to set the account variable:
pry(main)> account = FacebookAds::AdAccount.find('act_MY_ACCOUNT_ID')
and I get this error:
E, [2019-01-19T00:12:24.760545 #20188] ERROR -- : GET /me/adaccounts
OAuthException / 2635: (#2635) You are calling a deprecated version of
the Ads API. Please update to the latest version: v3.2.
RestClient::BadRequest: 400 Bad Request
So, I ran this command:
pry(main)> FacebookAds.base_uri = 'https://graph.facebook.com/v3.2'
"https://graph.facebook.com/v3.2"
Then pry(main)> account = FacebookAds::AdAccount.find('act_MY_ACCOUNT_ID') again.
Finally, I ran:
pry(main)> account.ad_insights
but the result is an empty array when I know this should not be blank. I'm going to skip the gem and use Ruby net/http to query the API directly.

MicrosoftAzureMobile.MSClient.loginWithProvider with provider and token failed with return Code=-1505 "The token provided was not valid

There
I'm using MicrosoftAzureMobile ios framework to connect to an azure mobile app with authentication enabled. I configured the service with facebook login. I can successfully login with FBSDKLogin as well as MicrosoftAzureMobile.MSClient.loginWithProvider with provider and controller. However when I try the loginwithProvider with token get from FBSDK,
let accessToken = FBSDKAccessToken.currentAccessToken()
client.loginWithProvider("facebook", token: ["access_token":accessToken]){
I got below error
MicrosoftAzureMobile.MSClient.loginWithProvider with provider and token failed with return Code=-1505 "The token provided was not valid.
how do I debug this issue? the azure portal's tools/streaming logs works last week but always shows connecting today
thanks
Joe
problem solved, i have to use accessToken.tokenString because accessToken itself is not serializable to json

ACS/Facebook Integration - ACS40001: An error occurred while attempting to get an access token from Facebook

Getting the following error setting up ACS/Facebook integration:
HTTP Error Code: 502 Message: ACS40000: An error occurred while
processing a Facebook sign-in response. This may be caused by invalid
configuration of the Facebook application. Inner Message: ACS40001:
An error occurred while attempting to get an access token from
Facebook. Inner Message: ACS90005: Web exception Trace ID:
988ec1a7-e02b-4dcf-abab-51812745a121 Timestamp: 2011-07-12 19:59:51Z
I've verified that App ID, App Secret, Site URL and Site Domain have all been set.
For Site Url, we're using https://project.accesscontrol.windows.net
For Site Domain, we're using project.accesscontrol.windows.net
I'm using the following as a guideline:
http://blogs.objectsharp.com/cs/blogs/steve/archive/2011/04/21/windows-azure-access-control-services-federation-with-facebook.aspx?CommentPosted=true#commentmessage
http://www.leastprivilege.com/AccessControlServiceV2AndFacebookIntegration.aspx
Any ideas would be appreciated.

Just checked my (working) settings. Differences I see:
I did not enter a Site Domain over at Facebook
On the ACS side, I have "Application permissions" set to "email" (not sure if you have something entered there?)