djangofacebookpython-social-auth

Social-auth AuthCanceled error after redirect from facebook

I've set up social-auth-app-django in production. But after facebook redirect I got AuthCanceled and still unable to get it work.

In my user model email address used to sign up. This is my user model:

class User(AbstractUser):
    email = models.EmailField(_('email address'), unique=True)
    avatar = models.ImageField(blank=True)

    USERNAME_FIELD = 'email'
    REQUIRED_FIELDS = ['username']

in settings.py:

MIDDLEWARE = [
    ...
    'social_django.middleware.SocialAuthExceptionMiddleware',
]

TEMPLATES = [
    ...
        'context_processors': [
            ...
            'social_django.context_processors.backends',
            'social_django.context_processors.login_redirect',
    ],
]

AUTHENTICATION_BACKENDS = (
    'social_core.backends.facebook.FacebookOAuth2',
    'accounts.backends.ModelBackend'
)

LOGIN_URL = '/'
LOGOUT_URL = '/'
LOGIN_REDIRECT_URL = '/'
LOGOUT_REDIRECT_URL = '/'

SOCIAL_AUTH_FACEBOOK_KEY = '..'  # App ID
SOCIAL_AUTH_FACEBOOK_SECRET = '...'  # App Secret
SOCIAL_AUTH_FACEBOOK_SCOPE = ['email']
SOCIAL_AUTH_FACEBOOK_PROFILE_EXTRA_PARAMS = {
    'fields': 'id,name,email',
}

SOCIAL_AUTH_PIPELINE = (
    'social_core.pipeline.social_auth.social_details',
    'social_core.pipeline.social_auth.social_uid',
    'social_core.pipeline.social_auth.auth_allowed',
    'social_core.pipeline.social_auth.social_user',
    'social_core.pipeline.user.get_username',
    'social_core.pipeline.user.create_user',
    'social_core.pipeline.social_auth.associate_user',
    'social_core.pipeline.social_auth.load_extra_data',
    'social_core.pipeline.user.user_details',
)

Valid OAuth redirect URIs in facebook login app: https://example.com/oauth/complete/facebook/

Thank you for your time and help.

Solution

  • For those landing on this question, after discussing the topic with OP via email, the problem was caused by an incorrect build of redirect_uri when exchanging the code for an access_token.

    The incorrect build of this URI was caused because the Django backend sits behind Nginx, but the proper headers were not passed to it (X-Forwarded-For and Host), so Django was unaware of the right host it was services requests as, in the end, the URLs were pointing to localhost instead of the intended domain.