[LPS-80684] Facebook login connection issue after Facebook enforce "Strict URI Matching" for true - Liferay Issues

Details

Type: Bug
Status: Closed
Resolution: Fixed
Affects Version/s: 7.0.X, Master
Fix Version/s: 7.0.0 DXP FP49, 7.0.0 DXP SP8, 7.0.X, 7.1.0 Beta 3, 7.1.X, Master
Component/s: Application Security > Facebook Connect
Labels:

Branch Version/s:

7.0.x
Backported to Branch:

Committed
Story Points:
12
Fix Priority:
4
Git Pull Request:
https://github.com/hhuijser/liferay-portal/pull/3313

Description

After Facebook enforce Strict URI Matching for true, it will require "Parameter "redirect_uri" must exactly match one of "Valid OAuth redirect URIs". So the issue happened. Please refer to the below link:

https://developers.facebook.com/blog/post/2017/12/18/strict-uri-matching/

Reproduction Steps

Configure Liferay

1.Configure Tomcat to use HTTPS https://customer.liferay.com/documentation/knowledge-base/-/kb/14494
2. Add web.server.protocol=https to portal-ext.properties
3. Start up Liferay Digital Enterprise 7.0 SP7 and log in portal from https://localhost:8443
4. Navigate to Control Panel > Configuration > Instance Settings > Authentication > Facebook and configure the following.
a. Checked Enabled option
b. Fill in Application ID as the App ID
c. Fill in the Application Secret as the App Secret
d. Graph URL: https://graph.facebook.com
e. OAuth Authentication URL: https://graph.facebook.com/oauth/authorize
f. OAuth Token URL: https://graph.facebook.com/oauth/access_token
g. Redirect URL: https://localhost:8443/c/portal/facebook_connect_oauth
5. Save the changes and log out

Setup Facebook login app
1. Sign into www.facebook.com using the regular facebook account.
2. Navigate to https://developers.facebook.com and register a developer's account if you don't have one.
3. Create a Facebook Login app and give the app a name and fill in the captcha security check.
4. In Settings > Basic, Copy the App ID and App Secret and fill in the following:
App Domains: https://localhost
Site URL: https://localhost:8443
Privacy Policy URL: https://www.liferay.com/privacy-policy (I used Liferay's privacy policy page because facebook will check it and won't allow a test page.)
5. In Products > Facebook Login > Settings, fill in the following:
Valid OAuth Redirect URIs: https://localhost:8443/c/portal/facebook_connect_oauth
P.S. I'm not sure if the following two settings are necessary. Add here for the record.
6. On the top right corner, switch ON so Status becomes Live.
7. Change Embedded Browser OAuth Login to Yes

Test login using Facebook
1. Click Sign In on top right corner
2. Click Facebook at the bottom of the pop-up window
Actual Result: The following error occurs.

{ "error": { "message": "Can't Load URL: The domain of this URL isn't included in the app's domains. To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings.", "type": "OAuthException", "code": 191, "fbtrace_id": "A2Px4X5fvZU" }
 }

Expected behavior：

Facebook login page displayed and the user can login successful.

Attachments

Issue Links

relates

LRDOCS-5350 Update "Facebook Connect Single Sign On Authentication" due to Facebook Strict URI policy

Open

Activity

People

Assignee:

Sharry Shi

Reporter:

Hai Yu

Participants of an Issue:

Hai Yu, Sharry Shi, Tibor Lipusz

Recent user:

Csaba Turcsan

Votes:

1 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

10/May/18 12:33 AM

Updated:

10/May/19 2:17 AM

Resolved:

31/May/18 7:25 AM

Days since last comment:

1 year, 7 weeks, 3 days ago

Packages

Version	Package
7.0.0 DXP FP49
7.0.0 DXP SP8
7.0.X
7.1.0 Beta 3
7.1.X
Master