7

I have been trying for days to setup my Omniauth for facebook I don't know what am I doing wrong.

I am not able to get the email of the user. The returned hash only contains the "name" and the "uid" not even "first_name" and "last_name"

devise.rb:

  config.omniauth :facebook, "KEY", "SECRET"

omniauth_callbacks_controller.rb:

class OmniauthCallbacksController < Devise::OmniauthCallbacksController
  def facebook
    logger.info request.env["omniauth.auth"]
    @user = User.from_omniauth(request.env["omniauth.auth"])
    sign_in_and_redirect @user
  end
end

user.rb:

class User < ActiveRecord::Base
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
       :recoverable, :rememberable, :trackable, :validatable,
       :omniauthable, :omniauth_providers => [:facebook]

has_many :authentications

def self.from_omniauth(auth)
  logger.info auth
  user = where(email: auth.info.email).first
  if(user != nil)
    user.authentications.where(provider: auth.provider, uid: auth.uid).first_or_create do |l|
      user.authentications.create!(user_id: user.id,
                                  provider: auth.provider,
                                  uid: auth.uid)
    end
  else
    user = User.create!(email: auth.info.email,
                       password: Devise.friendly_token[0,20],
                       first_name: auth.info.first_name,
                       last_name: auth.info.last_name)
    user.authentications.create!(user_id: user.id,
                                provider: auth.provider,
                                uid: auth.uid)
  end
  user
end
end

registrations_controller.rb:

class RegistrationsController < Devise::RegistrationsController

  private

  def sign_up_params
    params.require(:user).permit(:first_name, :last_name, :email, :password, :password_confirmation)
  end

  def account_update_params
    params.require(:user).permit(:first_name, :last_name, :email, :password, :password_confirmation, :current_password)
  end
end

routes.rb:

  devise_for :users, :controllers => { registrations: 'registrations', omniauth_callbacks: 'omniauth_callbacks' }

Returned hash:

#<OmniAuth::AuthHash credentials=#<OmniAuth::AuthHash expires=true expires_at=1444504014 token="TOKEN">
extra=#<OmniAuth::AuthHash raw_info=#<OmniAuth::AuthHash id="1506781179612589" name="Ayman Salah">> info=#
<OmniAuth::AuthHash::InfoHash image="http://graph.facebook.com/1506781179612589/picture" name="Ayman Salah"> provider="facebook" uid="1506781179612589">
Ayman Salah
  • 1,039
  • 14
  • 35

5 Answers5

10

Make sure you don't put spaces in the info-field request (another answer probably typo'ed this).

You need to specifically ask for email to be returned from the info field hash as it isn't by default.

If you're using Omniauth-Facebook without Devise, set this up in your config/initializers/omniauth.rb file like so: 

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :facebook, Rails.application.secrets.omniauth_provider_key, Rails.application.secrets.omniauth_provider_secret,
  :scope => 'email', :display => 'popup', :info_fields => 'name,email'
end

This info is kind of hidden at the very end of the Configuring section on the omniauth-facebook gem's GitHub readme.

With Devise plus Omniauth, however, you set it in config/initializers/devise.rb like so (no spaces in the string!):

config.omniauth :facebook, 'app_id', 'app_secret',  scope: 'email', info_fields: 'name,email'
Sia
  • 8,894
  • 5
  • 31
  • 50
7

I only got to retrieve the email by adding this in devise.rb:

  config.omniauth :facebook, "KEY", "SECRET", scope: 'email', info_fields: 'email, name'
Ayman Salah
  • 1,039
  • 14
  • 35
  • 2
    Facebook now allows users to not share their email address when using oauth login. This will create an exception because Devise requires email address in the user model. – pyfork Jan 11 '16 at 05:45
5

I had the same problem. I made it work updating omniauth and omniauth-facebook gems.

hcarreras
  • 4,442
  • 2
  • 23
  • 32
2

You need to request the permissions. For example, to request email, user_birthday and read_stream permissions and display the authentication page in a popup window:

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET'],
       :scope => 'email,user_birthday,read_stream', :display => 'popup'
end

Please check this Omniauth-facebook if you have any doubts.

Gautam
  • 1,754
  • 1
  • 14
  • 22
  • Where should that be? I have tried adding , :scope { "email" } in devise.rb but it had absolutely no effect. – Ayman Salah Aug 12 '15 at 07:35
  • I have just checked the link. I don't know if I have that file. I will check it out as soon as I reach my pc and I'll let you know if I had any success. Thanks. – Ayman Salah Aug 12 '15 at 07:41
  • I am getting this error now "Could not authenticate you from Facebook because "Csrf detected"." after adding the initializers/omniauth.rb with the scope of email only – Ayman Salah Aug 12 '15 at 18:28
  • Okay I removed the omniauth part from devise.rb and now It's the same result my hash looks the same and doesn't have the email – Ayman Salah Aug 12 '15 at 18:32
  • 1
    Please read through this [blog](http://willschenk.com/setting-up-devise-with-twitter-and-facebook-and-other-omniauth-schemes-without-email-addresses/#configure-omniauth). Please do as it says, it should solve your problem. – Gautam Aug 13 '15 at 04:44
1

I had the same problem but it turns out it was a different issue, if you use a client side flow make sure to request the scopes you need on your client:

FB.login(function(response) {
  // hit API callback endpoint
}, {scope: 'email'});
Carlos Martinez
  • 4,350
  • 5
  • 32
  • 62