social-auth-app-django facebook backend state with redirect_uri

I know my question sounds like a duplicate, but I've looked everywhere without finding any solution.

I am working on implementing social logins for my django webapp. So far google, twitter and yahoo logins have worked as expected. But facebook always gives the error below:

URL blocked: This redirect failed because the redirect URI is not white-listed in the app's client OAuth settings. Make sure that the client and web OAuth logins are on and add all your app domains as valid OAuth redirect URIs.

After some digging I got to learn how to setup my facebook login properly: Facebook app settings below

App Domains set to domain.ext

Site URL set to https://www.domain.ext/

Valid OAuth Redirect URIs set to https://domain.ext/social/complete/facebook/

I also looked at the redirect url (shown below) and found that it contains a state variable, state=kMQH3TdKSdF8oYGGx7Xri4KgFaEQ9OyU. Full url below

https://www.facebook.com/v2.9/dialog/oauth?client_id=977674249054153&redirect_uri=https%3A%2F%2Fwww.domain.ext%2Fsocial%2Fcomplete%2Ffacebook%2F&state=kMQH3TdKSdF8oYGGx7Xri4KgFaEQ9OyU&return_scopes=true&scope=email%2Cpublic_profile

My facebook login url on my django app is {% url 'social:begin' 'facebook' %} and I have this 'social_core.backends.facebook.FacebookOAuth2' in AUTHENTICATION_BACKENDS

I searched and found there's such issue already on the social-core github page which has been resolved. It says that from v1.7.0, this line REDIRECT_STATE = False has been added to the facebook backend. I dug into the sourcecode and found that to be the case. But my app's url keep sending the state variable and I have no idea why that is the case. Please has someone else encountered this odd behaviour, and if yes how did you go about working it out?

3 answers

  • answered 2018-05-16 05:52 Astik Anand

    Just try putting this as redirect_uri

    redierct_uri = https://www.domain.ext/accounts/facebook/login/callback/
    

  • answered 2018-05-16 05:58 Gnoliz

    Have you tried django-allauth? I find it to be a much better solution. It takes care of third party provider integration for you with builtin support for many providers and custom providers.

  • answered 2018-05-16 07:05 Parousia

    I've spent hours on this issue, but it turns out I only needed to do this Valid OAuth Redirect URIs set to https://www.domain.ext/social/complete/facebook/

    Note the www.