-
Notifications
You must be signed in to change notification settings - Fork 331
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Announcement] Facebook 3.0.1 and lower no longer work #38
Comments
Thanks for this, noticed this wasn't working this morning. Looks like a few other sites have been hit by this also. |
This stopped working also for my website |
This saved me even more pain. I noticed that Facebook Login on my site stopped to work two days ago. After hours of investigating an error that came out of nowhere, installing 3.1.0 RC1 resolved the issue. The middleware now handles the JSON response properly. |
Been debugging this myself today. The problem is in FacebookAuthenticationHandler line 90: The code make a request to https://graph.facebook.com/oauth/access_token and then tries to parse the response and ParseForm method expects a parameter with query string like format - key1=value&key2=value , It looks like an easy fix, any chance someone will update the repo and push a new version to nugget? |
@andrei, you can get the updated version at https://www.nuget.org/packages/Microsoft.Owin.Security.Facebook/3.1.0-rc1, or go to Tools > nuget package manager > manage packets for solution, click on "updates" and check "include prerelease". Cheers |
@wizzar, awesome, thanks. |
This doesn't seem to be fixed. I still get the same error with Facebook. |
Still not working, I updated to the latest version 3.1.0-rc1 and made sure all DLLs got updated, I'm using it like this:
Any ideas? UPDATE: I spent hours on this today, not resolved yet, I deleted my facebook web app (it was API 2.4) and created a new one (2.8) that is not approved yet, but I think test app should be working, so far I'm getting a 302 error=access_denied UPDATE 2: new facebook app is approved, still not working. not even without using the FacebookAuthenticationProvider The net traffic looks like this: https://localhost:44300/external-providers |
@YovavGad, it seems that 3.1.0 RC1 has fixed it for most people in this thread, so I assume it comes down to your personal configuration. Remember this is a place to track issues, not to troubleshoot custom setups. If you think the latest release doesn't work as intended, it might be useful for the project owners to provide additional information, i.e. what do you mean with "still not working"? Some debug logs would be helpful to further investigate the issue. Tip: Try it without specifying the Provider. After upgrading to 3.1.0 RC1, I literally went back to the most basic setup where I only specify the App ID, Secret, and UserInformationEndpoint and it worked. In your case: |
@embee8 Fields can be specified on Options now, just like Scope. |
Fantastic news, @Tratcher! What I have struggled with in the past is to find documentation of all the different options. The boilerplate code in the standard MVC template only outlined the app secret and id. Is there an official and complete documentation out there? |
@embee8 nothing extensive, start with the Options doc comments. AspNetKatana/src/Microsoft.Owin.Security.Facebook/FacebookAuthenticationOptions.cs Line 138 in f3a8d84
|
Hi, I use webpages and use the following Microsoft.Web.WebPages.OAuth and call function OAuthWebSecurity.VerifyAuthentication to verify facebook logins. In Nuget it is still 3.2.3 dated 9th February 2015. what can be the solution please? |
@arinray73 that package ultimately uses the 3rd-party DotNetOpenAuth library to do all the actual OAuth protocol implementation. Can you share more info about what isn't working for you? |
I can confirm that the 3.1.0-rc1 works now if you remove the custom FacebookAuthenticationProvider. My config looks like this now. I have added email in scope.
|
Greetings, Just updated Microsoft.Owin.Security.Facebook package to 3.1.0-rc1.
All goes fine according to Fiddler: HTTP/1.1 302 Found GET http://localhost:59735/signin-facebook?code=longlongcodeHTTP/1.1 HTTP/1.1 302 Found CONNECT graph.facebook.com:443 HTTP/1.1 GET https://graph.facebook.com/v2.8/oauth/access_token?grant_type=authorization_code&code=somecodehere&redirect_uri=http%3A%2F%2Flocalhost%3A59735%2Fsignin-facebook&client_id=1111111111111111&client_secret=some_secret_here HTTP/1.1 GET https://graph.facebook.com/v2.8/me?access_token=some_token_here&%26appsecret_proof=proof_here HTTP/1.1 GET http://localhost:59735/Account/ExternalLoginCallback HTTP/1.1 So workflow should be fine. But when I do:
in my ExternalLoginCallback controller I get null. Why is that? |
@Tratcher, I just noticed and wanted to let you know that the |
@embee8 what's the problem? Fields is a list you add to, just like scope. Neither let you assign the whole collection. |
Gotcha @Tratcher, my bad. I tried to assign the whole thing at once. Thanks! |
@dnovhorodov I assume your /Account/ExternalLoginCallback request included the cookie? |
I find out that it returns null only when I use HTTP protocol, but when I use HTTPS it works. |
Noticed that scopes doesn't return info from FB. Earlier we had:
which works fine before. Now it should be changed to:
|
I haven't tested it @dnovhorodov, but I don't think that the fields are a replacement for the scope - those are two different things. In my view, you need to specify both, but the Katana middleware might take care of the scope if you specify the fields. |
Okay folks, here is a configuration that works for me. The authentication itself works with minimal configuration. To retrieve specific fields, I still needed to use the
With this configuration you can get and read from the user info like this:
|
@Eilon These lines of code var result = OAuthWebSecurity.VerifyAuthentication(Href("~/Account/RegisterService", new { returnUrl })); -- never returns success after the fb API change and moves to the following log in failure block else { I have updated the OWIN packages as described here but had no impact as I think it does not use these packages but uses the following which was last updated in February 2015 https://www.nuget.org/packages/Microsoft.AspNet.WebPages.OAuth/ |
I'm still unable to get it to work, even in the most simple way and without the provider, I am using https, I wonder if anyone else experiencing the same issues... |
@YovavGad what errors do you get? |
@YovavGad @erikarenhill This should be fixed in the latest packages on https://dotnet.myget.org/f/katana-release/. We're doing final verification for release now, so please give these a try. |
@Tratcher what is this link? I get XML, are you going to create a RC2 nuget? |
@YovavGad it's a NuGet package feed with the fixes. You can browse the feed here: https://dotnet.myget.org/gallery/katana-dev And click on "Connect to feed" to see how to use the feed from your NuGet.config. |
This is not fixed, I used 4.0.0-alpha1-60323-110-rel, I double checked - all my references are updated. (it does work correctly with the BackchannelHttpHandler from @erikarenhill that fixes the %26 character) |
@YovavGad try with version 4.0.0-alpha1-60405-127-dev instead which is the latest, should work for you there as well. |
Sorry about that, I need to purge some stale packages from the feed. We were working on 4.0.0 in the release branch before we went back to do 3.1.0. Be right back... |
Cleared. You're looking for 3.1.0-rtm-60405-128-rel on https://dotnet.myget.org/f/katana-release/. |
Yes, I can confirm that 3.1.0-rtm-60405-128-rel is working. @Tratcher are you planning to release v4 soon? |
@Tratcher I'm just curious, are you releasing this fix before 4.0 as a nuget package? 3.1.0-rtm? |
Yes, 3.1.0 will be released any day now. Just finishing the verification. |
3.1.0 has been released: https://www.nuget.org/packages/Microsoft.Owin.Security.Facebook/ |
My Facebook login works great after upgrading to version 3.1.0 but when register, the email will not return automatically. This because the new Facebook API version requires me to request specific fields by name. app.UseFacebookAuthentication(
appId: " xxxxx ",
appSecret: " xxxxx "); to app.UseFacebookAuthentication(new FacebookAuthenticationOptions
{
AppId = Environment.GetEnvironmentVariable("xxxxx "),
AppSecret = Environment.GetEnvironmentVariable("xxxxx "),
Scope = { "email" },
Fields = { "name", "email" },
CookieManager = new SystemWebCookieManager()
}); But then i get the error
when loading page. |
Change or define system environment variables facebook:appid=xxxx, facebook:appsecret=yyyy and set
|
Thanks @Tratcher, the application no longer provide error, but the application does not seem to return the email, instead my URL looks like this: |
I have problem with reading the identity from FB. My return url looks like this: And I need to call facebook graph api with user id, but I can't read that from How to set properties = new AuthenticationProperties() { RedirectUri = this.ActualUrl(), IsPersistent = true};
Context.GetOwinContext().Authentication.Challenge(properties, "Facebook"); and when I apply the Facebook dialog, page is returned back with code param in query. How can I read user information here? |
@t00thy can you share a Fiddler trace of your login flow? |
@Tratcher Hi, I finally got it work by using Now I have problem with login in on HTTPS. Getting 401 Unauthorized. But think, it would be problem with certificate on DEV machine. So my working code is:
When click on login button:
When returning from FB:
|
I got it working thanks to : https://stackoverflow.com/questions/43058355/version-deprecation-facebook-graph-api-v2-2/43148543#43148543 I also updated to 3.1.0 and added the following properties:
and the back channel class:
|
@MichaelaIvanova you really shouldn't need any of that stuff with 3.1. |
@Tratcher I tried but works only with them |
What doesn't work without them? Do you get a specific error in the logs? |
@Tratcher in the callback action method (ExternalLoginCallback) loginInfo is always null if I haven't included the following properties:
|
Did you try the new Fields API shown above? #38 (comment) |
Facebook as deprecated their old OAuth endpoints that were used by Katana 3.0.1 and lower.
Here's a Fiddler trace of a failing auth flow:
Note the /Account/ExternalLoginCallback?error=access_denied request.
If you enable logging here's the message (caused by a change in Facebook's response format):
https://github.com/aspnet/AspNetKatana/wiki/Debugging#logging
This has been fixed in Katana 3.1.0-RC1 which is now available on nuget.org.
The text was updated successfully, but these errors were encountered: