In our Java EE app we are invoking the fb oauth flow to get accessToken.
For this purpose we make a call with the callback url to the fb server with app key and secret.
At this moment the same url is provided in the fb app url section.
However, is it possible if we can some how change the redirect url to go to a different server ? I have seen just changing the callback url in the code does not work. Looks like it has to be same in the code as well as in the fb application.
This make very difficult to test or use the same app to try things from two different web servers.
Any advise on this?
This is unfortunately not possible. Just redirect user to your redirect_uri which will redirect you to the correct location
The URL to redirect to after the user clicks a button in the dialog.
The URL you specify must be a URL of with the same Base Domain as
specified in your app's settings, a Canvas URL of the form
https://apps.facebook.com/YOUR_APP_NAMESPACE or a Page Tab URL of the
form https://www.facebook.com/PAGE_USERNAME/app_YOUR_APP_ID
https://developers.facebook.com/docs/reference/dialogs/oauth/
For security reasons you can't change the redirect url. Facebook check that you provide the same redirect url as you gave when you registered the application. The way I solved this was to register one application on facebook for each server.
Here is Solution from Promo Group
One of the options - to add a 2nd domain (address mirror the primary site) in
Settings » Basic tab at the top» Mobile Site URL
Related
Hope you are doing good. i am new to Django so basically i want an idea of how we can access page that required login but i want one time login not every time.or just by pass this authentication by any mean i don't know?
i-e: i have chat bot i want to give that page specific url to some client and that client add that url in his website so his clients just use my chatbot by click my chatbot url that are present in my client website.but i want that by clicking that url does not require to login first but i want the secure access only that client domain only access my url . not other domain or from chrome brower.
if you give any idea it will be very kindness of you thanks alot.
my-sloution:
i used django-cors but i dont know that using cors will restrict access to other domain accept the allowed one?
i experence from cors-test websites i just send post request but cannot access my site when i allowed that domain in cors then they can get post response .
so basically when i search that url from chrome on same LAN ( by using ngrok to make local server global ) we can access pages but cannot make post request. i had added ngrok url in not allowed domain in cors. so this confused me.
the chatbot url page has login so how we by pass the login required by any method for every client that click from my client website so they can easly access my chatbot??
I have been through the allauth setup, using default settings, and solved problems like the https issue::
ACCOUNT_DEFAULT_HTTP_PROTOCOL = "https"
DEFAULT_HTTP_PROTOCOL = "https"
And using ngrok so that I can access my development environment using::
https://7fff461c.ngrok.io/ (not real code)
And checking that the full callback works::
https://7fff461c.ngrok.io/accounts/facebook/login/callback/
And settings up Facebook with Valid OAuth Redirect URIs set to https://7fff461c.ngrok.io/ so when I enter https://7fff461c.ngrok.io in the Redirect URI Validator at the bottom of the facebook page it works...
When I try to signup link I get an error from facebook:
URL Blocked: This redirect failed because the redirect URI is not whitelisted in the app’s Client OAuth Settings. Make sure Client and Web OAuth Login are on and add all your app domains as Valid OAuth Redirect URIs
Doubled check that the redirect url being passed is correct, which it is::
decoded: &redirect_uri=https://7fff461c.ngrok.io/accounts/facebook/login/callback/&scop
What else is there to try?!
Well this is embarrassing, but I'll leave this question/answer here in case it helps anyone else.
When putting in the the Valid OAuth Redirect URIs in Facebook Login > settings it needs THE WHOLE URL!
So in this case:
https://7fff461c.ngrok.io/accounts/facebook/login/callback/
Now it's all working.
I am trying to implement fb login on my game https://ski-jumps.pl.
I prepared the application (settings below) and the script here: https://ski-jumps.pl/facebook.php
Unfortunately when I try to log in this app, a message is displayed: "Can't Load URL: The domain of this URL isn't included in the app's domains. To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings."
What am I doing wrong? Some ideas?
application settings
I had the same problem, struggled for hours. I fixed it by providing following url in the Valid OAuth Redirect URIs of the Facebook Login product
https://mysubdomain.azurewebsites.net/signin-facebook
Regard the signin-facebook, which isn't something I provide. I found this is the url of the Facebook error page.
I am developing a web application using Django and python-social-auth. I want users to login with Facebook.
I have this in my python settings:
SOCIAL_AUTH_FACEBOOK_KEY = '...'
SOCIAL_AUTH_FACEBOOK_SECRET = '...'
SOCIAL_AUTH_FACEBOOK_SCOPE = ['email']
When my users enter the facebook page where they should provide credentials they see an error like this:
Can't Load URL: The domain of this URL isn't included in the app's domains.
To be able to load this URL, add all domains and subdomains of your
app to the App Domains field in your app settings.
In Facebook for Developers dashboard I have added "Facebook Login" product and added redirect url:
http://localhost:8000/complete/facebook/
In settings, Website Site URL is set to: http://localhost:8000/ and App Domains is set to localhost.
What am I doing wrong?
BTW this is the url that my users see when the facebook page opens:
https://www.facebook.com/v2.9/dialog/oauth?scope=email&state=HSfkstGUR5028DMhUzfWOSgo6fpPx29E&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2Fcomplete%2Ffacebook%2F%3Fredirect_state%3DHSfkstGUR5028DMhUzfWOSgo6fpPx29E&client_id=...&return_scopes=true
Disable the 'Use Strict Mode for Redirect URIs' setting in your Facebook login app.
OR
Note the redirect_uri=http%3A%2F%2Flocalhost%3A8000%2Fcomplete%2Ffacebook%2F%3Fredirect_state%3DHSfkstGUR5028DMhUzfWOSgo6fpPx29E parameter of generated url.
For some inexplicable reason Facebook requires Valid OAuth redirect URIs setting to be exactly the same as the redirect url.
So use a tool like https://meyerweb.com/eric/tools/dencoder/, decode the url and set Valid OAuth redirect URIs to the full url. I.E:
http://localhost:8000/complete/facebook/redirect_state=HSfkstGUR5028DMhUzfWOSgo6fpPA59E
Upgrading social-auth-core to at least version 1.6.0 should help to resolve this. Among other changes it includes this one:
Default REDIRECT_STATE to False in FacebookOAuth2 backend.
This was changed as a result of issue 141, and it causes redirect URLs to be generated without the redirect_state argument, whose dynamic value makes whitelisting impossible.
Once you've done this, add https://<your-domain>/complete/facebook/ to your OAuth redirect whitelist in the Facebook developer portal.
Facebook doesn't like localhost in the Redirect URI field in the app setup or in the redirect_uri parameter. To workaround it just set something in the field (I use http://myapp.com:8000, then add the entry 127.0.0.1 myapp.com in your /etc/hosts and access the app through the new URL (http://myapp.com:8000).
As of the 4th April 2018, day i face the same issue, the only solution i found is:
Valid OAuth redirect URIs must be set to be exactly the same as the redirect url
More info here: https://developers.facebook.com/blog/post/2017/12/18/strict-uri-matching/
I am using Twitter OAuth to login users. The login takes users to Twitter and upon successful OAuth returns them to a specified url. From this url I would like to redirect users back to the page they were on before logging in.
What is a good way to do this?
Two ways:
Craft your OAuth URL so it sends them back to the right page, or at least says next=url in the querystring. This is most reliable but can break (and does look ugly but who's copying and pasting OAuth URLs anyway?)
Store a session containing the last requested "real" page. I say "real" like that because I don't count any auth/registration pages as real. So every hit, check to see what URL they're on, if it's not auth-related, store it in session. When they hit your OAuth-auccess page, redirect them to the session value. You can do this in a context processor or some middleware. Requires cookies and logout will nuke it.
i am using redirect url in twitter auth url and its working for me ..