Authentication failure : Devise + OmniAuth + Facebook

Question

I am getting (facebook) Authentication failure! ERROR -- omniauth: (facebook) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected Processing by Members::OmniauthCallbacksController#failure as HTML

Here My app code

Controller

class Members::OmniauthCallbacksController < Devise::OmniauthCallbacksController   
    def facebook     
        @user = Member.find_for_facebook_oauth(request.env["omniauth.auth"], current_user)      
        if @user.persisted?       
            sign_in_and_redirect @user, :event => :authentication #this will throw if @user is not activated
            set_flash_message(:notice, :success, :kind => "Facebook") if is_navigational_format?
        else
             session["devise.facebook_data"] = request.env["omniauth.auth"]
            redirect_to new_user_registration_url
        end
    end
end

Model

class Member < ActiveRecord::Base
  devise :omniauthable, :database_authenticatable, :confirmable, :registerable, :recoverable, :rememberable, :trackable, :validatable
  validates :lastName, :presence => true
  def self.find_for_facebook_oauth(auth, signed_in_resource=nil)
    user = Member.where(:provider => auth.provider, :uid => auth.uid).first
    if user
      return user
    else
      registered_user = Member.where(:email => auth.info.email).first
      if registered_user
        return registered_user
      else
        user = Member.create(name:auth.extra.raw_info.name,
                            provider:auth.provider,
                            uid:auth.uid,
                            email:auth.info.email,
                            password:Devise.friendly_token[0,20],
                          )
      end    end
  end

end

Routes

TestDevice::Application.routes.draw do
  devise_for :members, :controllers => { :omniauth_callbacks => "members/omniauth_callbacks", :sessions => "members/sessions", :passwords => "members/passwords", :registrations => "members/registrations" }
  root "home#index"

  get "boot/new"
  get "boot/show"

  devise_scope :members do

  end

end

Layout

-if member_signed_in?
    %h3.text-center.page-header
        You have succesfully signed in
        =link_to "Sign Out", destroy_member_session_path, :method => :delete, :class => "btn btn-primary"
-else
    %h1.text-center.page-header
        Welcome to rails community
    %div.text-center
        =link_to "Sign In", new_member_session_path, :method => :get, :class => "btn btn-primary"
        |
        =link_to "Sign up", new_member_registration_path, :method => :get, :class => "btn btn-primary"
        |
        =link_to "Sign in with Facebook", member_omniauth_callback_path(:facebook), :class => "btn btn-primary"\

devise.rb file

   require "omniauth-facebook"
  config.omniauth :facebook, "**********", "****************"

Console Look Like

Started GET "/members/auth/facebook/callback" for 127.0.0.1 at 2014-02-13 09:53:12 +0500
I, [2014-02-13T09:53:12.166717 #74319]  INFO -- omniauth: (facebook) Callback phase initiated.
E, [2014-02-13T09:53:12.168392 #74319] ERROR -- omniauth: (facebook) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected
Processing by Members::OmniauthCallbacksController#failure as HTML
Redirected to http://localhost:3000/members/sign_in
Completed 302 Found in 2ms (ActiveRecord: 0.0ms)

I am not understanding what does this mean? i have only config/initializers/devise.rb file not this file config/initializers/omniauth.rb.

Answer 1

you have to make sure that the facebook app is set to public view.