ruby-on-rails – Ruby on Rails设计Oauth-facebook OmniAuth :: Strategies :: OAuth2 :: CallbackError

前端之家收集整理的这篇文章主要介绍了ruby-on-rails – Ruby on Rails设计Oauth-facebook OmniAuth :: Strategies :: OAuth2 :: CallbackError前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我正在用facebook和devise实现oauth登录,当从接受应用程序(弹出窗口)返回时,我收到以下错误

无法通过Facebook验证您,因为“Csrf已检测到”.

这是日志:

Started GET “/users/auth/facebook/callback” for 127.0.0.1 at 2014-01-23 23:59:58 +0100
ActiveRecord::SchemaMigration Load (0.3ms) SELECT “schema_migrations”.* FROM “schema_migrations”
(facebook) Callback phase initiated.
(facebook) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError,csrf_detected | CSRF detected

我的用户模型

  1. class User < ActiveRecord::Base
  2. devise :token_authenticatable,:database_authenticatable,:registerable,:recoverable,:rememberable,:trackable,:validatable,:confirmable,:omniauthable,:omniauth_providers => [:facebook]
  3. before_save :ensure_authentication_token
  4.  
  5. has_one :user_settings
  6. has_many :predictions
  7. has_many :user_leagues
  8. has_many :leagues,through: :user_leagues # this wasn't working,solution found: https://stackoverflow.com/questions/1781202/could-not-find-the-association-problem-in-rails
  9.  
  10. valid_email_regex = /\A[\w+\-.]+@[a-z\d\-]+(\.[a-z]+)*\.[a-z]+\z/i
  11. validates :email,format: { with: valid_email_regex }
  12.  
  13. validates :firstName,:lastName,:username,presence:true
  14. acts_as_voter
  15.  
  16. def self.find_for_facebook_oauth(auth)
  17. where(auth.slice(:provider,:uid)).first_or_initialize.tap do |user|
  18. user.provider = auth.provider
  19. user.uid = auth.uid
  20. user.email = auth.info.email
  21. user.password = Devise.friendly_token[0,20]
  22. user.firstName = auth.info.name # assuming the user model has a name
  23. # user.image = auth.info.image # assuming the user model has an image
  24. user.save!
  25. end
  26. end
  27. end

我有我的facebook id和我在devise.rb的秘密

  1. require "omniauth-facebook"
  2. OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE if Rails.env.development?
  3. config.omniauth :facebook,ENV["APP_ID"],ENV['FACEBOOK_SECRET']

我正在通过javascript进行验证

  1. jQuery ->
  2. $('body').prepend('<div id="fb-root"></div>')
  3.  
  4. $.ajax
  5. url: "#{window.location.protocol}//connect.facebook.net/en_US/all.js"
  6. dataType: 'script'
  7. cache: true
  8.  
  9. window.fbAsyncInit = ->
  10. FB.init(appId: '123512341234',cookie: true)
  11.  
  12. $('#sign_in').click (e) ->
  13. e.preventDefault()
  14. FB.login (response) ->
  15. #console.log(response)
  16. window.location = '/users/auth/facebook/callback' if response.authResponse
  17.  
  18. $('#sign_out').click (e) ->
  19. FB.getLoginStatus (response) ->
  20. FB.logout() if response.authResponse
  21. true

以及bundle install中的gem列表

  1. rake (10.1.1)
  2. i18n (0.6.9)
  3. minitest (4.7.5)
  4. multi_json (1.8.4)
  5. atomic (1.1.14)
  6. thread_safe (0.1.3)
  7. tzinfo (0.3.38)
  8. activesupport (4.0.0)
  9. builder (3.1.4)
  10. erubis (2.7.0)
  11. rack (1.5.2)
  12. rack-test (0.6.2)
  13. actionpack (4.0.0)
  14. mime-types (1.25.1)
  15. polyglot (0.3.3)
  16. treetop (1.4.15)
  17. mail (2.5.4)
  18. actionmailer (4.0.0)
  19. activemodel (4.0.0)
  20. active_model_serializers (0.8.1)
  21. activerecord-deprecated_finders (1.0.3)
  22. arel (4.0.1)
  23. activerecord (4.0.0)
  24. acts_as_votable (0.8.0)
  25. addressable (2.3.5)
  26. bcrypt-ruby (3.1.2)
  27. coderay (1.1.0)
  28. better_errors (1.1.0)
  29. sass (3.2.13)
  30. bootstrap-sass (2.3.2.2)
  31. mini_portile (0.5.2)
  32. nokogiri (1.6.1)
  33. xpath (2.0.0)
  34. capybara (2.1.0)
  35. certified (0.1.1)
  36. ffi (1.9.3)
  37. childprocess (0.4.0)
  38. coffee-script-source (1.6.3)
  39. execjs (2.0.2)
  40. coffee-script (2.2.0)
  41. thor (0.18.1)
  42. railties (4.0.0)
  43. coffee-rails (4.0.1)
  44. diff-lcs (1.2.5)
  45. gherkin (2.12.2)
  46. multi_test (0.0.3)
  47. cucumber (1.3.10)
  48. bundler (1.5.1)
  49. hike (1.2.3)
  50. tilt (1.4.1)
  51. sprockets (2.10.1)
  52. sprockets-rails (2.0.1)
  53. rails (4.0.0)
  54. cucumber-rails (1.4.0)
  55. orm_adapter (0.5.0)
  56. warden (1.2.3)
  57. devise (3.0.4)
  58. launchy (2.4.2)
  59. email_spec (1.5.0)
  60. factory_girl (4.3.0)
  61. factory_girl_rails (4.3.0)
  62. faker (1.2.0)
  63. multipart-post (2.0.0)
  64. faraday (0.9.0)
  65. hashie (2.0.5)
  66. jbuilder (1.0.2)
  67. jquery-rails (3.0.4)
  68. json (1.8.1)
  69. jwt (0.1.11)
  70. multi_xml (0.5.5)
  71. oauth2 (0.9.3)
  72. omniauth (1.2.1)
  73. omniauth-oauth2 (1.1.2)
  74. omniauth-facebook (1.6.0)
  75. pg (0.17.1)
  76. rack-cors (0.2.9)
  77. rails_serve_static_assets (0.0.2)
  78. rails_stdout_logging (0.0.3)
  79. rails_12factor (0.0.2)
  80. rdoc (3.12.2)
  81. rspec-core (2.13.1)
  82. rspec-expectations (2.13.0)
  83. rspec-mocks (2.13.1)
  84. rspec-rails (2.13.1)
  85. rubyzip (0.9.9)
  86. sass-rails (4.0.1)
  87. sdoc (0.3.20)
  88. websocket (1.0.7)
  89. selenium-webdriver (2.35.1)
  90. turbolinks (1.1.1)
  91. uglifier (2.1.1)

Rails 4.0.0

非常感谢先进!

解决方法

我将其添加到我的app_name / config / initializers / devise.rb中
  1. { provider_ignores_state: true }

所以最终成了

  1. require "omniauth-facebook"
  2. config.omniauth :facebook,ENV["FACEBOOK_APP_ID"],ENV['FACEBOOK_SECRET'],provider_ignores_state: true

希望这有助于其他人!

猜你在找的Ruby相关文章