在 Facebook 登录视图中,用户可以拒绝权限。可能被拒绝的权限会影响应用程序功能(您可以使用此应用程序做更少的事情,因为某些数据无法访问)
我想警告用户并再次重新询问权限。但我不明白Omniauth-Facebook的方式是什么。在Facebook 文档中显示了完成此操作的方法是向请求登录添加一个参数,称为:auth_type=rerequest
https://www.facebook.com/dialog/oauth?
client_id={app-id}&
redirect_uri={redirect-uri}&
auth_type=rerequest&
scope=email
我还没有看到直接使用 Omniauth 执行此操作的方法 我在自己检查权限后尝试从 'auth/facebook/callback' 调用此 url,但是当用户重新接受新权限时出现以下错误登录:
ERROR -- omniauth: (facebook) Authentication failure! invalid_credentials: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected
OmniAuth::Strategies::OAuth2::CallbackError: csrf_detected | CSRF detected
/home/ciro/.rvm/gems/ruby-2.1.3/gems/omniauth-1.2.2/lib/omniauth/failure_endpoint.rb:25:in `raise_out!'
/home/ciro/.rvm/gems/ruby-2.1.3/gems/omniauth-1.2.2/lib/omniauth/failure_endpoint.rb:20:in `call'
/home/ciro/.rvm/gems/ruby-2.1.3/gems/omniauth-1.2.2/lib/omniauth/failure_endpoint.rb:12:in `call'
/home/ciro/.rvm/gems/ruby-2.1.3/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:475:in `fail!'
/home/ciro/.rvm/gems/ruby-2.1.3/gems/omniauth-oauth2-1.2.0/lib/omniauth/strategies/oauth2.rb:73:in `callback_phase'
/home/ciro/.rvm/gems/ruby-2.1.3/gems/omniauth-facebook-1.6.0/lib/omniauth/strategies/facebook.rb:71:in `callback_phase'
/home/ciro/.rvm/gems/ruby-2.1.3/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:227:in `callback_call'
/home/ciro/.rvm/gems/ruby-2.1.3/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:184:in `call!'
/home/ciro/.rvm/gems/ruby-2.1.3/gems/omniauth-1.2.2/lib/omniauth/strategy.rb:164:in `call'
/home/ciro/.rvm/gems/ruby-2.1.3/gems/omniauth-1.2.2/lib/omniauth/builder.rb:59:in `call'
这是我的 'auth/facebook/callback'
on get do
on 'auth/facebook/callback' do
on param(:code) do |code|
email = req.env['omniauth.auth']['info']['email']
if email.nil? or email.empty?
res.redirect "https://www.facebook.com/dialog/oauth?client_id=#{ENV['APP_ID']}&redirect_uri=http://localhost:9292/auth/facebook/callback&auth_type=rerequest&scope=email"
end
end
end
end