how to debug facebook app/django setup (url is not valid...) - django

I'm trying to set up a facebook app using django by following this tutorial: http://www.rkblog.rk.edu.pl/w/p/example-facebook-application-django/ . I get to the point where I start my development server at (manage.py runserver 0.0.0.0:80)
then it says: Now under http://apps.facebook.com/NAME/ you should see a basic Facebook app comming from your server:
I, however, get an error message:
The URL http://my.ip/my_app_name/ is not valid.
I think I've set things up properly:
Canvas Page URL:
http://apps.facebook.com/my_app_name/
Canvas Callback URL
http://my.ip/my_app_name/
Question: how do I go about finding out what's wrong?
Thanks in advance!
Martin
update: when i visit http://my.ip/myappname/, it redirects to http://apps.facebook.com/my_app_name/?auth_token=eac7bf38fb5e591c55ddc458d16dc9b7
where i get the 'url not valid' message... However, when I paste the url with auth_token in it, django serves the requested page as expected... why is facebook saying the url is not valid if in fact it is...?

Is your router set up to forward requests on port 80 to your development machine? If not, you will get an error, as the way Facebook apps work is that Facebook's servers contact your server, get the content, then parse it and re-serve it back to the client.
I actually find with Facebook apps that the easiest thing to do is what you describe in your last sentence - get the auth_token URL, then paste it locally and work from there.

Related

django-rest-framework-social-oauth2: error 400 - redirect_uri_mismatch

I've been trying to add google login to my django app following this tutorial:
https://github.com/RealmTeam/django-rest-framework-social-oauth2
By following exactly the instructions, everything works fine in local.
However, when I try to replicate the same on the server, I get the following error on the redirect page of the login:
Error 400: redirect_uri_mismatch
redirect_uri: http://localhost:8000/auth/complete/google-oauth2/
What is strange to me is, in my google developer console, I have set up the correct redirect url in my app, as follows:
https://mydjangoapp.com/auth/complete/google-oauth2/
And I have also put 'mydjangoapp.com' under 'Authorised JavaScript origins'.
So my question is, why google keeps telling me that the redirect url is
http://localhost:8000/auth/complete/google-oauth2/
which is not the one I have set up in the console? Perhaps there is something obvious that I'm missing here. Thank you!
Why google keeps telling me that the redirect url is
Because your application is sending its in your code the app is running on http://localhost:8000 and if you are using a client library its probably adding the rest automatically.
http://localhost:8000/auth/complete/google-oauth2/
The redirect uri must exactly match what you are sending from your application.
You need to add
http://localhost:8000/auth/complete/google-oauth2/
Javascript origin is only needed if your code is using javascript.
This video will show you how to fix the error. Google OAuth2: How the fix redirect_uri_mismatch error. Part 2 server sided web applications.
If you want your code to send https://mydjangoapp.com then your going to have to be running it from https://mydjangoapp.com probably and you may need to figure out how to configure it so that it is running from the correct host.

Postman cookies not set for subdomain (Postman Inceptor, Postman Native App)

i am playing around with Postman to get some insight on how things work behind the curtain and ran into, what I believe, is an issue but wanted to ask before I create a new issue on GitHub.
I am intercepting the request from my browser to the same site using the Postman Interceptor to use the request values in the native app. I have cookies enabled and the site (the whole domain) whitelisted.
When I use the history to resend the same request that was captured I get an auth error that is caused by the fact that the cookies are not included in the request (found that out by checking the cURL code snippet). I believe the reason for that is, that the cookies are set under another sub domain than that the request is send to.
I will try to include some pictures to clarify. My question here is:
Am I missing something/did I set something up in the wrong way
or is this an issue and I should create an issue in the official Postman Github page
cURL request
Cookies in Postman Native App
you should see if cookie is being send not using code snippet but the console :
its indeed sending cookies ,

My Django app passes authentication on localhost, but not on heroku

So I created a simple "social media website" where by using API I GET data from a database and I can also POST to create a social media post after I register and log in.
On my localhost it all works well. I can register, login, then write a social media post and it displays on the screen.
However, when I use Heroku, GET API works fine, but after I log in (and I am sure I am logged in as I can log in on admin), I cannot write anything on my website. In my IDE I get: Forbidden: /api/posts/action/
In the network page I can see this:
Request URL: http://localhost:8000/api/posts/action/
Request Method: POST
Status Code: 403 Forbidden
Remote Address: 127.0.0.1:8000
Referrer Policy: no-referrer-when-downgrade
Any idea where should I look for an error? If there is any code I should send, let me know. Thank you!
Your server's domain in Heroku shouldn't be localhost:8000
You need to use the correct domain/IP address, and remember to put the domain/IP address in ALLOWED_HOSTS in the setting file.
If you don't set up a custom domain, then the default domain should be like:
https://<dyno name>.herokuapps.com

Django-allauth URL Returns callback error for github despite correct url

I am trying to implement all-auth using Github in my django project. I have set the callback url as per this tutorial. So far, even if the login page for github shows up, it doesn't call back properly and I get this error in the url
http://127.0.0.1:8000/accounts/github/login/callback/?error=redirect_uri_mismatch&error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application.&error_uri=https%3A%2F%2Fdeveloper.github.com%2Fapps%2Fmanaging-oauth-apps%2Ftroubleshooting-authorization-request-errors%2F%23redirect-uri-mismatch&state=exDbVJKNYzUI
This is the github repo of the project.
http://127.0.0.1:8000/accounts/github/login/callback/
is my authorization callback url set as per the tutorial.
Any insight to why the callback url is not working is welcome. Thanks.
For those who are looking for an answer to this,
if you configure the callback url to be from 127.0.0.1, make sure you're requesting the callback from the same url. Although localhost and 127.0.0.1 both point to the same, it is different urls. So you will get url mismatch error.
If you defined authorization callback in the GitHub UI with https protocol than this setting solves the issue:
ACCOUNT_DEFAULT_HTTP_PROTOCOL='https'
This is coming from the answer found here: Django allauth google OAuth redirect_uri_mismatch error

403 Client Error: Forbidden for url: https://api.twitter.com/oauth/request_token

I am trying to add twitter credential to my login system, I keep getting 403 Client Error, I read this but doesn't have an answer. I followed the steps mentioned here no luck.
I tried these patterns with Callback URL no luck:
http://127.0.0.1/
http://127.0.0.1:8000/
http://127.0.0.1/complete/twitter/
http://127.0.0.1/oauth/complete/twitter/
website URL doesn't accept localhost so I put my old website which is not working at the moment. Please help, what's wrong with setting up twitter credential api?