Facebook Dep: Not possible log-in to system
Vylda opened this issue · 11 comments
I try log-in to system, but an every login service redirect to Facebook and messages is on screen: login service is not available (in Czech). Redirected to 502 error page. Any solution?
Facebook ... Redirected to 502 ... Any solution?
That is a dependency at https://github.com/jaredhanson/passport-facebook/issues ... seems there might be an issue either with FB or the dep. Can't do much about it until the maintainer or FB notifies. Will track upstream though.
Hmm, it is not good news. Last commit 8 months ago...
OAuth passports don't usually change a whole lot unless it's in the back-end... so commit history doesn't mean as much.
Ref(s):
See https://openuserjs.org/discuss/WTF_w_FB_login!#comment-17c73a0b62b
Did you want the FB authorization read only? i.e. no new accounts using that auth or leave it as is?
I'm leaning towards not letting new accounts be created with FB as their first and only auth strategy. I'm fine with leaving existing accounts alone, and allowing adding this as an additional auth to an existing account (even as the default strategy). So FB should be removed from the dropdown on the login page and then reappear if the username entered matches an existing user. Obviously, the FB strategy should be present regardless of whether that user has that auth set up for reasons of privacy and security. What do you think about this solution @Martii?
So FB should be removed from the dropdown on the login page and then reappear if the username entered matches an existing user.
It's needed there for existing accounts. If it's readonly they'll get a message banner saying it (new accounts and attaches) is at #1830 and also the url itself with a QSP.
and allowing adding this as an additional auth to an existing account (even as the default strategy).
If it's set to readonly at...
... then this won't be currently possible. The addition of auth strategies basically calls it as if it was a new account but attached to the current. i.e. would take quite a bit to remove/rewire the linkage and create its own... plus that would be a bit contrary to a deprecation I think.As I'm not sure what your requirements are for FB API if it's way too much of a hassle it's best just to deprecate it as you mentioned on OUJS. We can keep the dependency for however long our deprecation lasts but not allow new accounts... that is my advice.
Well, no solution?
If I try any login service, still same result: FB page with error.
It is not possible get access to my script. Is there any way to update my script?
More then 6 months and still no solution?
Unfortunately there aren't any breadcrumbs that I can find to validate your ownership of the account as OUJS Admin (so no merging, etc.), so if the FB dep is still giving you that, @sizzlemctwizzle will have to address that so that I can validate you and hopefully move this issue forward. The same named account is an existing account so readonly shouldn't affect ability to use it if the settings do get tweaked. I'm hoping we don't have an orphan scenario here... my hands are pretty much tied.
Btw I still haven't seen any FB icons in the sessions page any time I visit there... suppose I'm going to have to do a DB and last authed search for posterity.
Okay, I finally got it working. The app on Facebook had a ton of permissions that it didn't need (that FB sort of tacked on as part of a default app), and since some of those permissions now require a review process we got stuck in developer mode (which means regular non-dev FB users couldn't use our app and therefore couldn't log in). I figured out how to revoke all permissions except the most basic that we need for OAuth. That got us out of the review process and allowed me to switch the app to live.
@Martii I'm cool with just deprecating it. My solution was predicated on idea that it might be simply and easy to implement. But supporting FB isn't worth wasting any real time and energy. It is worth deprecating since it's become a real complicated noisy piece of shit.
More then 6 months and still no solution?
You get what you pay for. Oh wait, that would imply that you've received nothing, when in fact you had 6 months of access to all the content and features by simply creating another account. Sure it's an inconvenience, but you've contributed nothing to warrant your entitled tone.
This is problematic just in my general twiddlings with auths recently. Yes I've emailed @sizzlemctwizzle again. *le sigh*
Well the news is in... this dependency is now in the past tense.
No support will be given and if you didn't add an alternate auth then it's orphaned.
Sorry folks.