Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP


Omniauth /auth/failure callback is executed twice when user chooses "Cancel" on Facebook authorization screen #606

weyus opened this Issue · 3 comments

5 participants

oauth2 (0.5.2)
  faraday (~> 0.7)
  multi_json (~> 1.0)
omniauth (0.3.2)
  oa-basic (= 0.3.2)
  oa-core (= 0.3.2)
  oa-enterprise (= 0.3.2)
  oa-more (= 0.3.2)
  oa-oauth (= 0.3.2)
  oa-openid (= 0.3.2)

Rails 3.0.7
Rack 1.2.5
Strategy: Facebook

I am using omniauth to authorize users into my Facebook canvas app.

When my user is redirected to "/auth/facebook" and gets the FB authorization screen, and clicks "Cancel" (e.g. declines the request from FB to authorize the application), the callback to "/auth/failure" happens twice, which is bad for me as I am attempting to count these occurrences and don't want to double count.

Here is my /auth/failure callback action:

  def failure
    if params[:message] =~ /invalid_credentials/
      if params[:error] == 'access_denied' &&
         params[:error_reason] == 'The user denied your request.'
      redirect_to ""
      flash[:error] = "You must grant us the proper permissions to be able to use RedFlag."
      redirect_to "/"

Here is my OmniAuth setup from the omniauth initializer:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :facebook, "#{OMNIAUTH_APP_ID}", "#{OMNIAUTH_APP_SECRET}", {:scope=>"list_of_permissions", :client_options=>{:grant_type => 'authorization_code', :ssl => {:ca_file => "#{Rails.root}/certs/curl-ca-bundle.crt"}},:iframe =>true}

And here is my overridden (so that I can get the FB error details) on_failure Proc from the omniauth initializer:

OmniAuth.config.on_failure do |env|
  message_key = env['omniauth.error.type']
  error = env['omniauth.error'].error
  error_reason = env['omniauth.error'].error_reason
  new_path = "#{OmniAuth.config.path_prefix}/failure?message=#{message_key}&error=#{error}&error_reason=#{error_reason}"
  [302, {'Location' => new_path, 'Content-Type'=> 'text/html'}, []]

Here is the relevant section of my development log file:

Started GET "/auth/facebook" for at 2012-05-15 18:01:56 -0500

Started GET "/auth/facebook/callback?error_reason=user_denied&error=access_denied&error_description=The+user+denied+your+request." for at 2012-05-15 18:02:22 -0500

Started GET "/auth/failure?message=invalid_credentials&error=access_denied&error_reason=The%20user%20denied%20your%20request." for at 2012-05-15 18:02:22 -0500
Processing by AuthorizationsController#failure as HTML
Parameters: {"message"=>"invalid_credentials", "error"=>"access_denied", "error_reason"=>"The user denied your request."}

And then I get another

Started GET "/auth/failure?message=invalid_credentials&error=access_denied&error_reason=The%20user%20denied%20your%20request." for at 2012-05-15 18:02:29 -0500
Processing by AuthorizationsController#failure as HTML
Parameters: {"message"=>"invalid_credentials", "error"=>"access_denied", "error_reason"=>"The user denied your request."}

about 5-10 seconds after the first one.

Any ideas what is happening here - or some advice on how to debug it?



I would say the first thing would be to break out into a basic app with just the omniauth facebook gem and see if the same thing happens.

It could be a number of things that is causing this, like maybe a redirect in your existing app that is causing it to happen twice. I would start with a basic facebook auth in a base rails app and just make sure its not the gem. If the new app works fine, then you know its internal to your app and you need to debug where its coming from.

If you can get this to do the same thing on a basic app, then link to it in this ticket so that someone can look and use it for troubleshooting and fixing the issue.


I am still facing the same issue when I tried with both github and instagram.


I have a same issue over here when I tried with twitter, facebook, linkedin and google

@tmilewski tmilewski closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.