Open yourtallness opened 6 years ago
I tried to pre-pend a Plug that would extract the code from the cookie and redirect to /auth/facebook/callback?code=
defmodule MyAppWeb.Plugs.ParseFbsrCookie do
import Plug.Conn
require IEx
def init(_params) do
end
def call(conn, _params) do
if conn.params["code"] == nil do
fbsr = conn.cookies["fbsr_#{System.get_env("FACEBOOK_APP_ID")}"]
if fbsr do
[signature, encoded_payload] = String.split(fbsr, ".")
# TODO: validate signature
decoded_payload = Poison.decode!(Base.decode64!(encoded_payload))
code = decoded_payload["code"]
if code do
conn
|> Phoenix.Controller.redirect(to: "#{conn.request_path}?code=#{code}")
|> halt()
end
end
else
conn
end
end
end
However this still fails because the jssdk iniated flow does not specify a redirect_uri and there is a mismatch:
OAuth "Facebook Platform" "invalid_code" "Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request"
Omniauth handles this by setting the request_uri to ''.
There is also the question of the state params.
Hello,
While navigating to /auth/facebook works fine, I cannot make a client side flow work properly. The reason for preferring a client side flow is to authorize FB in a popup so that the user never leaves our site.
I have initialized the FB JS app with the app id and cookie set to true.
However in my case the failure callback is getting called on my auth controller because ueberath cannot find the code.
Line of code in current project
The issue is that ueberauth_facebook does not read the code from the fb signed request cookie in case it cannot find it in the params.
Omniauth extracts the authorization code from the cookie like this:
omniauth code that extracts code either from params or cookie
omniauth cookie parsing logic
The cookie value is Base64 encoded and signed with HMAC-SHA256.
Could this be done here as well to support the client-initiated flow?
Omniauth client side flow documentation
Thanks in advance,
Mark