I'm developing an intranet-based web app that integrates with Facebook via the Graph API. I am struggling to get OAuth working, and I think it's because I'm using an IP address rather than a domain.
I've registered three apps with Facebook, one for dev, one for staging and one for live. They are all configured identically, and for each one I've specified the Site URL in the Developer portal accordingly (I've masked some parts - they're real numbers in Facebook):
Dev - http://localhost:XXXX/
Staging - https://192.168.XXX.XXX:XXXX/
The URLs for the OAuth dialog output as you would expect - only the App ID and redirect URL are different on the three systems:
http://www.facebook.com/dialog/oauth/?response_type=code&display=popup&scope=create_event,publish_actions,publish_stream,read_stream,offline_access,manage_pages,read_insights&client_id=XXXXXXXXXXXXXXXX&redirect_uri=http://localhost:XXXX/path/to/redirect
The dev version works fine but staging and live do not - I just get
"An error occurred. Please try later".
Am I right in thinking that Facebook's OAuth doesn't accept using an IP address rather than a domain for Site URL, and if so is there a way around this?
You are correct, you cannot use IP addresses. You can use domains or even subdomains, but IP addresses won't work.
Related
I'm trying to have a Facebook share button which shares the link of the current page. I am using localhost and Facebook is unable to reach my website since I'm using localhost (xampp). Is there any way to get around this? I have seen people mention about using tunnelme, but I don't see a tutorial on how to do it. Any guidance would be appreciated.
My technique to deal with this kind of issue is define some fake domain in /etc/hosts (Linux o MacOS) or C:\Windows\System32\drivers\etc\hosts in Windows.
something like:
127.0.0.1 customdomain.liquidtabs
(Do not use .devel because now is a valid TLD and cause some collisions).
In the last time, I'm using a local DNS server (like dnsmasq) to define multiple custom local fake domains.
Finally, in your Facebook app configuration, you must add your fake domain as an allowed domain to access the API.
In the last time, Google Developers Console requires a valid domain (for example, finished in .com, like mycustomfakedomain.com). I do not remember if Facebook too.
In this case, you must define a "valid" domain and override it in the hosts file. Like:
127.0.0.1 customdomain.local.liquidtabs.com
Now, run your website using your fake domain. You should now be able to access Facebook from the library (or Google or any other domain-restricted library) from "localhost".
I have:
a Node.js app that uses the Box Content API, and...
a Box app, just so I can register an Oauth2 client_id, client_secret and redirect_uri with my Box repo.
My current redirect_uri is "http:/localhost:3000". The app works fine if I run locally, It fails miserably if I deploy to Bluemix (e.g. "https://myapp.mybluemix.net").
I believe you can register multiple redirect_uris for a single Oauth2 client_id/client_secret in Facebook and Google, But I can't see any workaround in Box. Except to create a second app...
These posts are similar, but I don't need to authenticate TO a separate OAuth2 server ... I just need to authenticate FROM two different ENVIRONMENTS (my Node app locally, vs. the same Node app on Bluemix).
Facebook login - how to develop on both localhost and in production?
Using OAuth for both development and production environments
Q: Is there any way that I can register multiple redirect_uris for the same Box app?
ADDENDUM:
Thanks to Murtza Manzur for his reply:
Box does not support multiple domain redirect URIs. To use different
domains (localhost and mybluemix.net), you would have to create a
separate app for each domain.
This means I need two Box apps, and I need to configure my Bluemix/Node app to use one or the other.
Here is an excellent discussion about how to do that efficiently and securely in Bluemix:
Keeping secrets – how your cloud application should access credentials and other private data, Patrick Mueller
Box does not support multiple domain redirect URIs. To use different domains (localhost and mybluemix.net), you would have to create a separate app for each domain.
I want to create and test an app initially from localhost (were I run Ruby on Rails or Glassfish). I have read many postings about how to do this and NONE work. I have tried all the solutions discussed on stackoverflow and other sites.
Does anyone have a current method that does work (2015)?
Following did not work
1) in Canvas URL http://localhost:3000/users/index/ with and without localhost as domains
2) Tried editing the Advanced tab to add redirect URL to same URL.
What happens is I get a blank screen (I have even tried really simple hello world type apps that run locally so it should work with facebook).
Thank you,
Lynne
you have to configure secure canvas URL for canvas apps . it is mandatory and it has to be a https URL.
edit: This is actually a lot easier than I thought. I found this python script that creates a local https server. The only issue was that facebook is sending a POST request on the canvas page, and this server doesn't support POST requests, so I modified it a bit and now it handles the facebook canvas page correctly.
You don't need a domain, and in the script it tells you how to generate the self signed certificate. In the facebook app settings you can set https://localhost:4443/ as canvas url.
old post:
It is possible but it's a bit of a hassle. You can set a dns to 127.0.0.1 and use that. So if you own example.com, you can create an A DNS record for localhost.example.com and set it to 127.0.0.1.
The difficult part is that you have to find some way to create a certificate for this domain. If you want an official cert, the easiest option out there is Let's Encrypt. Verification of your domain through an https server is going to be difficult, since the Let's Encrypt servers will try to contact 127.0.0.1. So you're probably better of using DNS challenge validation. Another option would be a self signed certificate, which is a whole different story.
The last step is to find a server that can host https and use the certificates you generated.
Want to access data from external service for a facebook application. Not getting a solution on how to do the same.
Facebook apps are iframes inside Facebook. If your application has it's own server-side code, you can access that external service from the server and send the results to the client.
If you don't have your own server-side code, relying on Facebook objects for persistence, than you can access the remote service from the client via JavaScript - but there is a "but". Browsers usually only allow JavaScript to send requests to the domain where the page came from, and obviously your app is not served from the domain of the external service(otherwise it wouldn't be "external"). That means your users will have to set the security options in their browsers to allow access to remote domains - which means you'll have to supply instructions on how to do that, and we all know how good users are at following instructions... Also, having to change security options might scare away some users.
So - if possible, try to do it from your server-side.
The company I work for has recently installed a Apache staging server which uses Apache's mod_access module to prevent unwanted access to our staging environment.
One of the downsides of this is that Facebook, when trying to scrape the page for the opengraph metatags, comes up empty with the following error.
Error Scraping Page Bad response code
Which is to be expected since the scraper bumps into the authentication dialog.
My question now: is there a specific IP range that we can allow access
to the website?
We've looked at allowing certain headers, but that seems a little prone to header manipulation in order to bypass the security layer.
The access log did show one IP address, but I assume that Facebook uses multiple servers to scrape all these pages and I seem to remember reading that these IP addresses tend to change over time.
Any ideas?
Facebook has published their IP range here.