Facebook ?error_code with no ?error => infinite redirect loop #16

hitsthings opened this Issue Mar 17, 2013 · 1 comment


None yet
2 participants

I'm using passport-facebook which relies on passport-oauth.

Here are my routes:

        app.get('/auth/facebook', passport.authenticate('facebook'));
        app.get('/auth/facebook/callback', passport.authenticate('facebook', authOpts));

The problem is in the route for '/auth/facebook/callback'. I'm using Facebook sandbox mode and am not authorized. The req.query I get is:

{ error_code: '901',
  error_message: 'This app is in sandbox mode.  Edit the app configuration at http://developers.facebook.com/apps to make the app publicly visible.' }

The oauth2 authenticate function checks for req.query.error which is not present. So it sees no callback response params and acts as if this is another request to begin authenticating facebook at redirects back to Facebook.

My current workaround is to set error=true when error_code is present:

        app.get('/auth/facebook', passport.authenticate('facebook'));
        app.get('/auth/facebook/callback', function(req, res, next) {
            if (req.query && !req.query.error && req.query.error_code) {
                req.query.error = true;
        }, passport.authenticate('facebook', authOpts));

bratanon referenced this issue in jaredhanson/passport-facebook Jul 29, 2015


Change authenticate error behavior #130

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment