search

jaredhanson / passport-facebook

Facebook authentication strategy for Passport and Node.js.
https://www.passportjs.org/packages/passport-facebook/?utm_source=github&utm_medium=referral&utm_campaign=passport-facebook&utm_content=about
MIT License
1.29k stars 445 forks source link

Facebook Strict Mode Breaks Passport Facebook Authentication. #239

Open divyanshu-rawat opened 6 years ago

divyanshu-rawat commented 6 years ago

Since March, Facebook requires Strict Mode, and since the "Valid OAuth redirect URIs" field does not allow for dynamically generated data, dynamic data should be passed with a state parameter (according to the facebook docs). As it stands now, facebook login in my application is failing completely due to these restrictions:

"Can't Load URL: The domain of this URL isn't included in the App's domains. To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings."

The strange thing is that the documentation (https://developers.facebook.com/docs/facebook-login/security#strict_mode) states the following:

"For apps using only the Facebook SDK, redirect traffic is already protected. No further action is needed."

For More information - https://developers.facebook.com/blog/post/2017/12/18/strict-uri-matching/

Passport is not working anymore to authenticate via Facebook before March my app was working fine. Kindly, let me know the workaround for this to make my app functional again.

AshishkrGoyal commented 6 years ago

@divyanshu-rawat facebook has change it's privacy policy and due to it you can not access now it by localhost or any other http:// domain, for accessing facebook api SSL certified domain is compulsory. Hope it Helps 👍 Thanks

divyanshu-rawat commented 6 years ago

@AshishkrGoyal Cool So, any workaround for this? and wouldn't it be great if you can point me to a resource where you have read that

accessing facebook api SSL certified domain is compulsory.

AshishkrGoyal commented 6 years ago

@divyanshu-rawat i am happy to help you! https://developers.facebook.com/docs/facebook-login/access-tokens over this link you can find out that all the client - server connections for facebook api can be done only for https not http

it is the screenshot for this issue image

hope it helps 👍

divyanshu-rawat commented 6 years ago

Ya cool, but if you have hosted your application on Heroku server then it uses https: protocol even it is not working there as well.

AshishkrGoyal commented 6 years ago

@divyanshu-rawat generally heroku provide us http:// domain but if you add an SSL certificate to heroku then http:// convert into secure domain i.e https:// would you like to tell me that are you using an SSL certificate to it ?? if you are using then in my thought it will work fine .. tell me i will always there for you 😄 Thanks