weavejester / ring-oauth2

OAuth 2.0 client middleware for Ring
146 stars 38 forks source link

Middelware does not work with Facebook? #49

Closed gerdint closed 1 year ago

gerdint commented 1 year ago

In addition to authenticating with Google (with which the middleware works OK in my app) I would like to offer Facebook login as well.

I do not know whether the fault is the middleware but the Facebook authentication fails receiving an HTTP 400 when making the access token request (to https://graph.facebook.com/v17.0/oauth/access_token). The parameters to the request look fine to me but weirdly the Facebook docs says to make a GET request, though it is my understanding that the OAuth2 spec says it MUST be a POST request. Accordingly, IIUC the Facebook docs the parameters should be sent as query parameters instead of as a form-encoded request body.

So it looks like this is not the fault of the middleware code, but I wonder if anyone else have had success authenticating with Facebook using it, or if the code can be adapted to make it work? I understand it not desired to make work-arounds for specific authentication providers (however prominent), but I just think it's weird that one of the top two Oauth2 authentication providers seemingly don't adhere to the spec at all, so perhaps I'm missing something?

I think that officially Facebook recommends using their own JS SDK for oauth-authentication, though it woud be a nuisance to have to resort to it.

gerdint commented 1 year ago

Hmm, seems this was my bad (I had mistaken the client secret key). And contrary to their docs using a POST request as per the spec seems to work fine.