The context
- a facebook web app
- facebook SDK 2.5 loaded asynchronously
- login with facebook feature
- into Angular 1.5 application
- localhost and ssl domains to test
- ssl domains on production
- all above domains are added to Valid OAuth redirect URIs field on https://developers.facebook.com/apps/xxxx/settings/advanced/
The issue
I followed recommendations to implement facebook login. That appeared to work well with my machine (linux). Then a co-worker told me it was not working on his own (Mac).
Errors were in red facebook popup something like:
- Please login (not the form, but a text to tell you should log to facebook)
- The uri is not a part of Valid OAuth redirect URIs list
And after few more test on differents configurations the facebook login work
- Linux with Chrome: ok
- Linux with Firefox: ok
- Linux with Opera: not working
- certains Mac with Chrome: ok
- certains Mac with Chrome: not working
- certains Mac with Firefox: ok
- certains Mac with Firefox: not working
- certains Mac with Safari: ok
- certains Mac with Safari: not working
- Windows with Chrome: not working
- Windows with Firefox: not working
- Windows with Internet Explorer: ok
... so finally quite random.
the clue
Using developer tools on Linux/Opera I saw the redirect_uri was targeting http://test.my-domain.com instead of https://test.my-domain.com
solution 1
Then I tried this:
window.FB._https = true;
window.FB.init( ... );
from Facebook JavaScript SDK over HTTPS loading non-secure items
it didn't changed anything.
solution 2
I added non ssl version of my domains to facebook app configuration page. To Valid OAuth redirect URIs field in fact.
this one worked well.
Questions
As it is unclear in documentation. And as you can make distinction between httpand https domains I'm wondering:
- if it is the way it should be done?
- and is it something to do with: https://developers.facebook.com/blog/post/2015/10/02/Update-on-Transition-to-SHA-2/ ?
