Facebook Authentication not Working in Obsidian Login Block

[mikedotmundy]

Please go through all the tasks below

• Check this box only after you have successfully completed both the above tasks

Please provide a brief description of the problem. Please do not forget to attach the relevant screenshots from your side.

Facebook and Google authentication are not working properly in the Obsidian Login Block.

Screenshots of errors from our production instance:

To make sure it wasn't an issue with the URI, I added both the Login and Obsidian Login blocks to the same page (/login). The Login block works fine. The Obsidian Login block does not.

Expected Behavior

Obsidian Login block should work with Facebook and Google Authentications.

Actual Behavior

Obsidian Login block does not work with Facebook and Google Authentications.

Steps to Reproduce

• Setup Facebook and Google Authentications per instructions in Admin Hero Guide.
• Add the Obsidian Login block to the /Login page, and enable Facebook and Google authentication in the block settings.
• Try to login with either, and notice that it does not work.
• You can also test on the same page with the Regular Login block, and see that it does work.

Rock Version

v15.1

Client Culture Setting

en-US

[mikedotmundy]

Changed title because Google Authentication is working for me now. I believe the Google issue I was seeing was a cacheing issue. Facebook is still not working for me.

[joshuahenninger]

@mikedotmundy I attempted to use Facebook authentication in the old Login block on your live site to get a look at the redirect_uri query parameter. The old Login block tries to redirect to https://bedfordalliance.church:443/page/207 during Facebook authentication and results in the same error that you're experiencing with the Obsidian Login block.

Assuming that the Obsidian Login block is passing along the same redirect_uri value, can you please verify that https://bedfordalliance.church:443/page/207 (including the port) is in your Facebook app's list of Valid OAuth Redirect URIs? It should look something like this.

If it is not in the list, please add it and click "Save changes".

Once the redirect URI is in the list, can you please also verify that the "Redirect URI Validator" tool at the bottom of the settings page shows that https://bedfordalliance.church:443/page/207 is valid as shown in the following screenshot?

Please let me know that addresses the issue with Facebook authentication.

[mikedotmundy]

@joshuahenninger helped me figure out what the issue is here (Thanks Josh!)

The Rock Admin Manual explains you should include :443 in the URI on FB's Valid OAuth Redirect URIs section (for example: https://rockrms.com:443/login). However, the code that creates the redirect_uri for the new Obsidian block excludes the port number if it is the default for the scheme. Since 443 is the default port for the https scheme, it is being excluded.

The workaround currently is to add URI's without :443 in the Valid OAuth Redirect URIs section of FB's Client OAuth Settings. So, instead of https://rockrms.com:443/login it needs to be https://rockrms.com/login.

Instituting this change has FB Authentication working in the Obsidian block in our environment.

[joshuahenninger]

@mikedotmundy This issue has been fixed in 5f22257. The Obsidian Login block will now include the port number in the redirect URI like the WebForms Login block did.

This fix will be included in v15.2. Once you are on v15.2 or above, please feel free to remove the whitelisted redirect URIs without the 443 port.