Facebook Redirect Url in Ruby on Rails Open Ssl Error

Facebook Redirect url in ruby on rails open ssl error

In one project, we had to add this code to config/environments/development.rb to get Facebook connect working for local development:

OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE

OmniAuth & Facebook: certificate verify failed

The real problem is that Faraday (which Omniauth/Oauth use for their HTTP calls) is not wasn't setting the ca_path variable for OpenSSL. At least on Ubuntu, most root certs are stored in "/etc/ssl/certs". Since Faraday isn't wasn't setting this variable (and currently does not have a method to do so), OpenSSL isn't wasn't finding the root certificate for Facebook's SSL certificate.

I've submitted a pull request to Faraday which will add support for this variable and hopefully they will pull in this change soon. Until then, you can monkeypatch faraday to look like this or use my fork of Faraday. After that, you should specify version 0.3.0 of the OAuth2 gem in your Gemspec which supports the passing of SSL options through to Faraday. All you need to do now is upgrade to Faraday 0.6.1, which supports passing of the ca_path variable and upgrade to OmniAuth 0.2.2, which has the proper dependencies for OAuth2. You'll then be able to properly fix this issue by just adding the following to your Omniauth initializer:

Rails.application.config.middleware.use OmniAuth::Builder do
    provider :facebook, FACEBOOK_KEY, FACEBOOK_SECRET, {:client_options => {:ssl => {:ca_path => "/etc/ssl/certs"}}}
end

So, to recap:

  1. Faraday needs to be updated to support SSL ca_path. Install Faraday 0.6.1
  2. Your app needs to use OAuth2 version 0.3.0. You may need to fork omniauth since it currently has a minor version dependency in the 0.2.x tree. Upgrade to OmniAuth 0.2.2
  3. Modify your provider initializer to point to your system's certificate path ("/etc/ssl/certs" on Ubuntu et al)

Hopefully the next releases of both Faraday and Omniauth will incorporate this solution.

Thanks to KirylP above for setting me on the right path.

Error when I try to authenticate through Facebook with omniauth

That error appears when your server runs on http protocol. You need to add this piece of code in your_project/script/rails before APP_PATH

require 'rubygems'
require 'rails/commands/server'
require 'rack'
require 'webrick'
require 'webrick/https'

module Rails
    class Server < ::Rack::Server
        def default_options
            super.merge({
                :Port => 3000,
                :environment => (ENV['RAILS_ENV'] || "development").dup,
                :daemonize => false,
                :debugger => false,
                :pid => File.expand_path("tmp/pids/server.pid"),
                :config => File.expand_path("config.ru"),
                :SSLEnable => true,
                :SSLVerifyClient => OpenSSL::SSL::VERIFY_NONE,
                :SSLPrivateKey => OpenSSL::PKey::RSA.new(
                       File.open("/path_to_your/privatekey.pem").read),
                :SSLCertificate => OpenSSL::X509::Certificate.new(
                       File.open("/path_to_your/servercert.crt").read),
                :SSLCertName => [["CN", WEBrick::Utils::getservername]]
            })
        end
    end
end

To generate self-signed certificates read this tutorial http://www.akadia.com/services/ssh_test_certificate.html (steps 1 to 4) or this www.tc.umn.edu/~brams006/selfsign.html

After updating your rails script change the url from http://127.0.0.1:3000 to https://127.0.0.1:3000

How to test Facebook-Connect on local host using ssl

OK. Got it working. Here's what I did so that I can test fb and twitter registration/login over ssl on localhost:3001.

First, I set my app's FB site url to http://localhost:3001. Then I modified the omniauth initializer as follows:

if RAILS_ENV == "production"
  full_host = 'https://www.mydomain.com'
  Rails.application.config.middleware.use OmniAuth::Builder do
    provider :facebook, 'myfbappid', 'myfbsecret', {:scope => 'email, publish_stream'}
    provider :twitter, 'mytwitterappid', 'mytwittersecret'
  end
  Twitter.configure do |config|
    config.consumer_key = 'myconsumerkey'
    config.consumer_secret = 'myconsumersecret'
    config.oauth_token =    'myoauthtoken'
    config.oauth_token_secret = 'myoauthtokensecret'
  end
elsif RAILS_ENV == "development"
  full_host = 'https://localhost:3001'
  Rails.application.config.middleware.use OmniAuth::Builder do
    provider :facebook, 'myfbdevappid', 'myfbdefappsecret', {:scope => 'email, publish_stream'}
    provider :twitter, 'mytwitterdevappid', 'mytwitterdevappsecret'
  end
  Twitter.configure do |config|
    config.consumer_key = 'mytwitterconsumerkey'
    config.consumer_secret = 'mytwitterconsumersecret'
    config.oauth_token =    'mytwitteroauthtoken'
    config.oauth_token_secret = 'mytwitteroathtokensecret'
  end
end
OmniAuth.config.full_host = full_host

Related Topics

Broken Rails Routes After Implementing Single Table Inheritance

String Concatenation Error

How to Use The "Self" Keyword in Rails

Why Can't The Mail Block See My Variable

How to Evaluate a Block Inside a Proc

One or More Params in Model Find Conditions with Ruby on Rails

Asynchronously Iterating Over The Response of a Request Using Thin and Sinatra

How to Use Variable Arguments with Ruby's Optionparser

Prawn Doesn't Seem to Push Layout Down When Using Repeat(:All)

Install Ree-1.8.7 with Rvm on Mountain Lion

Interpolation Within Single Quotes

Can You Specify The Http Method to Use with Sinatra's Redirect

How to Access Sinatra App on Host Machine with Vagrant Forwarded Ports

Converting Escaped Xml Entities Back into Utf-8

Set Ruby 2.0 Keyword Arguments with Attr_Accessor on Initialize

Dry Controllers in Rails 3.2

Do I Need to Install Passenger as a Regular Gem Even Though My App Uses Bundler

Save PDF File Shown by Pdfkit Middleware


Leave a reply



Submit