-
Type:
Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 7.0.X, Master
-
Fix Version/s: 7.0.0 DXP FP49, 7.0.0 DXP SP8, 7.0.X, 7.1.0 Beta 3, 7.1.X, Master
-
Component/s: Application Security > Facebook Connect
-
Branch Version/s:7.0.x
-
Backported to Branch:Committed
-
Story Points:12
-
Fix Priority:4
-
Git Pull Request:
Description
After Facebook enforce Strict URI Matching for true, it will require "Parameter "redirect_uri" must exactly match one of "Valid OAuth redirect URIs". So the issue happened. Please refer to the below link:
https://developers.facebook.com/blog/post/2017/12/18/strict-uri-matching/
Reproduction Steps
Configure Liferay
1.Configure Tomcat to use HTTPS https://customer.liferay.com/documentation/knowledge-base/-/kb/14494
2. Add web.server.protocol=https to portal-ext.properties
3. Start up Liferay Digital Enterprise 7.0 SP7 and log in portal from https://localhost:8443
4. Navigate to Control Panel > Configuration > Instance Settings > Authentication > Facebook and configure the following.
a. Checked Enabled option
b. Fill in Application ID as the App ID
c. Fill in the Application Secret as the App Secret
d. Graph URL: https://graph.facebook.com
e. OAuth Authentication URL: https://graph.facebook.com/oauth/authorize
f. OAuth Token URL: https://graph.facebook.com/oauth/access_token
g. Redirect URL: https://localhost:8443/c/portal/facebook_connect_oauth
5. Save the changes and log out
Setup Facebook login app
1. Sign into www.facebook.com using the regular facebook account.
2. Navigate to https://developers.facebook.com and register a developer's account if you don't have one.
3. Create a Facebook Login app and give the app a name and fill in the captcha security check.
4. In Settings > Basic, Copy the App ID and App Secret and fill in the following:
App Domains: https://localhost
Site URL: https://localhost:8443
Privacy Policy URL: https://www.liferay.com/privacy-policy (I used Liferay's privacy policy page because facebook will check it and won't allow a test page.)
5. In Products > Facebook Login > Settings, fill in the following:
Valid OAuth Redirect URIs: https://localhost:8443/c/portal/facebook_connect_oauth
P.S. I'm not sure if the following two settings are necessary. Add here for the record.
6. On the top right corner, switch ON so Status becomes Live.
7. Change Embedded Browser OAuth Login to Yes
Test login using Facebook
1. Click Sign In on top right corner
2. Click Facebook at the bottom of the pop-up window
Actual Result: The following error occurs.
{ "error": { "message": "Can't Load URL: The domain of this URL isn't included in the app's domains. To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings.", "type": "OAuthException", "code": 191, "fbtrace_id": "A2Px4X5fvZU" }
}
Expected behavior:
Facebook login page displayed and the user can login successful.
- relates
-
LRDOCS-5350 Update "Facebook Connect Single Sign On Authentication" due to Facebook Strict URI policy
-
- Open
-