Provide `appsecret_proof` parameter

tt commented 7 years ago

Facebook allows a mean of securing Graph API requests by providing the appsecret_proof parameter.

Developers can (per app) toggle a setting to make this required for all requests. That breaks this library:

** (exit) an exception was raised:
    ** (CaseClauseError) no case clause matching: {:ok, %OAuth2.Response{body: %{"error" => %{"code" => 100, "fbtrace_id" => "...", "message" => "API calls from the server require an appsecret_proof argument", "type" => "GraphMethodException"}}, headers: [{"WWW-Authenticate", "OAuth \"Facebook Platform\" \"invalid_request\" \"API calls from the server require an appsecret_proof argument\""}, {"Access-Control-Allow-Origin", "*"}, {"Pragma", "no-cache"}, {"Cache-Control", "no-store"}, {"Expires", "Sat, 01 Jan 2000 00:00:00 GMT"}, {"Content-Type", "application/json"}, {"x-fb-trace-id", "..."}, {"x-fb-rev", "..."}, {"Vary", "Accept-Encoding"}, {"X-FB-Debug", "..."}, {"Date", "Sun, 20 Nov 2016 21:54:56 GMT"}, {"Transfer-Encoding", "chunked"}, {"Connection", "keep-alive"}], status_code: 400}}
        (ueberauth_facebook) lib/ueberauth/strategy/facebook.ex:141: Ueberauth.Strategy.Facebook.fetch_user/2
        (ueberauth) lib/ueberauth/strategy.ex:299: Ueberauth.Strategy.run_callback/2
        ...

There is no problem providing this parameter consistently so this pull request does that.

doomspork commented 7 years ago

@tt could you resolve the conflicts please?

tt commented 7 years ago

@doomspork, done.

doomspork commented 7 years ago

Thank you @tt 👍

ueberauth / ueberauth_facebook

Provide `appsecret_proof` parameter #28