sorcery
sorcery copied to clipboard
NoamB
Facebook error: redirect_uri isn't an absolute URI
When specifying a relative URL as the callback_url for facebook, the following error comes up from time to time:
{"error":{"message":"redirect_uri isn't an absolute URI. Check RFC 3986.","type":"OAuthException","code":191}}
in sorcery.rb:
config.facebook.callback_url = '/oauth/callback?provider=facebook'
The callback_url is fixed during the login phase with the method sorcery_fixup_callback_url. It appends the request scheme and host to the relative url in order to form the full absolute URI facebook is expecting.
During the callback phase, another request is made to facebook to get_access_token, this uses the callback_url again. However it doesn't make sure to fix it like it does during the login phase. This works fine usually because the sorcery_fixup_callback_url overrides the facebook config parameter permanently. It does however fail when the callback request is handled by another rails instance, or if the rails instance was restarted.
Current workaround is to correctly set the callback_url in a controller around_filter. This is the case for a multi-host app where the request host is not fixed. The HostConfig class takes care of setting the host everytime.
around_filter :set_callback_url
def set_callback_url
relative_callback_url = Sorcery::Controller::Config.send(params[:provider]).callback_url
Sorcery::Controller::Config.send(params[:provider]).callback_url = "#{HostConfig.base_url}#{relative_callback_url}"
yield
Sorcery::Controller::Config.send(params[:provider]).callback_url = relative_callback_url
end
There's already a comment saying that the sorcery_fixup_callback_url method should be somewhere else. Any plans to move refactor this part?
Hi @salimhb
I didn't have any plans to refactor it so far. I will do it, but not within the next few weeks. If you can help, though, I'll be very happy to discuss the idea and merge the PR!
