omniauth-facebook 3.0.0 → 7.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 224e91c8d4a4c7c48c231c2f78984cd0cfe1c307
-  data.tar.gz: 49914f654b85df17a35c191dc7e9ee34cebf596f
+SHA256:
+  metadata.gz: e2f4d990ad5efff4639bceb6166326edde272c174245f543841bf513e6cb6e8a
+  data.tar.gz: 6b26e2b46ae31387b0c57596355838f231a926857db3a01e0b0cff27a39e7f2b
 SHA512:
-  metadata.gz: d3ad4f0e61e6b00294a12e80a8d389b58c7230797fe3617585fdf4d39c9dd0da2481d1fb1da476543a3e14c5bb42891d70cadd98f540a0c1ec859237581fcc9b
-  data.tar.gz: e980bb1e8a8fd53bd844ad8b8d41c20be01eb3ada85322748c29e1cf68e24f99e137d1719b69f047dcea53646f85ce96f9bfb16fa0237ddc5d494c5dd4ecb4b8
+  metadata.gz: eb8dd5746bdaf99f7541009a198c4bf1fea00eef655808bee2ef235ee52d593e06666a3251a05266d0b602b79d96604790d801ae7b2da72e2931dd17e0491348
+  data.tar.gz: 8c080431786e1c765e2457da31b6290f86602aff576139fcc8328160c516e0e4d4d557b68c406b1fb1fe85a5f83bdb47bc60d639fa0652088c4aa64aa4ed0275

data/.github/workflows/stale.yml

@@ -0,0 +1,23 @@
+name: Mark stale issues and pull requests
+
+on:
+  schedule:
+  - cron: "0 0 * * *"
+
+jobs:
+  stale:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/stale@v1
+      with:
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+        stale-issue-message: 'This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you  for your contributions.'
+        stale-pr-message: 'This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.'
+        stale-issue-label: 'no-issue-activity'
+        stale-pr-label: 'no-pr-activity'
+        days-before-stale: 30
+        days-before-close: 5
+        exempt-pr-label: 'pinned'
+        exempt-issue-label: 'pinned'

data/.gitignore

@@ -4,6 +4,6 @@
 /Gemfile.lock
 pkg/*
 .powenv
+.powder
 tmp
 bin
-example/app.log

data/.travis.yml

@@ -1,16 +1,10 @@
 before_install:
   - gem update bundler
   - bundle --version
-  - gem update --system 2.1.11
+  - gem update --system
   - gem --version
 rvm:
-  - 1.8.7
-  - 1.9.2
-  - 1.9.3
-  - 2.0.0
-  - 2.1
-  - jruby
-  - rbx
-matrix:
-  allow_failures:
-    - rvm: rbx
+  - 2.6
+  - 2.5
+  - 2.4
+  - 2.3

data/CHANGELOG.md

@@ -1,29 +1,58 @@
+## 7.0.0 (2020-08-03)
+
+Changes:
+
+  - bumped version of FB Graph API to v4.0
+
+## 6.0.0 (2020-01-27)
+
+Changes:
+
+  - bumped version of FB Graph API to v3.0
+
+## 5.0.0 (2018-03-29)
+
+Changes:
+
+  - bumped version of FB Graph API to v2.10 (#297, @piotrjaworski)
+  - use only CRuby 2.0+ on CI (#298, @simi)
+
+## 4.0.0 (2016-07-26)
+
+Changes:
+
+  - drop support for Ruby < 1.9.3 (@mkdynamic)
+  - switch to versioned FB APIs, currently using v2.6 (#245, @printercu, @mkdynamic)
+  - remove deprecated :nickname field from README example (#223, @abelorian)
+  - add Ruby 2.2 + 2.3.0 to CI (#225, @tricknotes, @mkdynamic, @anoraak)
+  - update example app (@mkdynamic)
+
 ## 3.0.0 (2015-10-26)
 
 Changes:
 
- - Remove query string from redirect_uri on callback by default (#221, @gioblu)
- - Signed request parsing extracted to `OmniAuth::Facebook::SignedRequest` class. (#183, @simi, @Vrael)
- - Change default value of `info_fields` to `name,email` for the [graph-api-v2.4](https://developers.facebook.com/blog/post/2015/07/08/graph-api-v2.4/). ([#209](https://github.com/mkdynamic/omniauth-facebook/pull/209))
+  - remove query string from redirect_uri on callback by default (#221, @gioblu)
+  - signed request parsing extracted to `OmniAuth::Facebook::SignedRequest` class. (#183, @simi, @Vrael)
+  - change default value of `info_fields` to `name,email` for the [graph-api-v2.4](https://developers.facebook.com/blog/post/2015/07/08/graph-api-v2.4/). ([#209](https://github.com/mkdynamic/omniauth-facebook/pull/209))
 
 ## 2.0.1 (2015-02-21)
 
 Bugfixes:
 
- - Allow versioning by not forcing absolute path for graph requests (#180, @frausto)
- - Allow the image_size option to be set as a symbol. (#182, @jgrau)
+  - allow versioning by not forcing absolute path for graph requests (#180, @frausto)
+  - allow the image_size option to be set as a symbol. (#182, @jgrau)
 
 ## 2.0.0 (2014-08-07)
 
 Changes:
 
- - remove support for canvas app flow (765ed9, @mkdynamic)
+  - remove support for canvas app flow (765ed9, @mkdynamic)
 
 Bugfixes:
 
- - bump omniauth-oauth2 dependency which addresses CVE-2012-6134 (#162, @linedotstar)
- - rescue `NoAuthorizationCodeError` in callback_phase (a0036b, @tomoya55)
- - fix CSRF exception when using FB JS SDK and parsing signed request (765ed9, @mkdynamic)
+  - bump omniauth-oauth2 dependency which addresses CVE-2012-6134 (#162, @linedotstar)
+  - rescue `NoAuthorizationCodeError` in callback_phase (a0036b, @tomoya55)
+  - fix CSRF exception when using FB JS SDK and parsing signed request (765ed9, @mkdynamic)
 
 ## 1.6.0 (2014-01-13)
 

data/Gemfile

@@ -2,6 +2,8 @@ source 'https://rubygems.org'
 
 gemspec
 
+gem 'rack', RUBY_VERSION < '2.2.2' ? '~> 1.6' : '>= 2.0'
+
 platforms :rbx do
   gem 'rubysl', '~> 2.0'
 end

data/README.md

@@ -1,16 +1,12 @@
-**IMPORTANT: If you're running < 1.5.1, please upgrade to the latest version to address 3 security vulnerabilities.
-More details [here](https://github.com/mkdynamic/omniauth-facebook/wiki/CSRF-vulnerability:-CVE-2013-4562), [here](https://github.com/mkdynamic/omniauth-facebook/wiki/Access-token-vulnerability:-CVE-2013-4593) and [here](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6134).**
-
----
-
-# OmniAuth Facebook &nbsp;[![Build Status](https://secure.travis-ci.org/mkdynamic/omniauth-facebook.svg?branch=master)](https://travis-ci.org/mkdynamic/omniauth-facebook) [![Gem Version](https://img.shields.io/gem/v/omniauth-facebook.svg)](https://rubygems.org/gems/omniauth-facebook)
+# OmniAuth Facebook &nbsp;[![Build Status](https://secure.travis-ci.org/simi/omniauth-facebook.svg?branch=master)](https://travis-ci.org/simi/omniauth-facebook) [![Gem Version](https://img.shields.io/gem/v/omniauth-facebook.svg)](https://rubygems.org/gems/omniauth-facebook)
 
+📣 **NOTICE** We’re looking for maintainers to help keep this project up-to-date. If you are interested in helping please open an Issue expressing your interest. Thanks! 📣
 
 **These notes are based on master, please see tags for README pertaining to specific releases.**
 
 Facebook OAuth2 Strategy for OmniAuth.
 
-Supports the OAuth 2.0 server-side and client-side flows. Read the Facebook docs for more details: http://developers.facebook.com/docs/authentication
+Supports OAuth 2.0 server-side and client-side flows. Read the Facebook docs for more details: http://developers.facebook.com/docs/authentication
 
 ## Installing
 
@@ -30,11 +26,11 @@ Here's a quick example, adding the middleware to a Rails app in `config/initiali
 
 ```ruby
 Rails.application.config.middleware.use OmniAuth::Builder do
-  provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET']
+  provider :facebook, ENV['FACEBOOK_APP_ID'], ENV['FACEBOOK_APP_SECRET']
 end
 ```
 
-[See the example Sinatra app for full examples](https://github.com/mkdynamic/omniauth-facebook/blob/master/example/config.ru) of both the server and client-side flows (including using the Facebook Javascript SDK).
+[See the example Sinatra app for full examples](https://github.com/simi/omniauth-facebook/blob/master/example/config.ru) of both the server and client-side flows (including using the Facebook Javascript SDK).
 
 ## Configuring
 
@@ -45,7 +41,7 @@ Option name | Default | Explanation
 `scope` | `email` | A comma-separated list of permissions you want to request from the user. See the Facebook docs for a full list of available permissions: https://developers.facebook.com/docs/reference/login/
 `display` | `page` | The display context to show the authentication page. Options are: `page`, `popup` and `touch`. Read the Facebook docs for more details: https://developers.facebook.com/docs/reference/dialogs/oauth/
 `image_size` | `square` | Set the size for the returned image url in the auth hash. Valid options include `square` (50x50), `small` (50 pixels wide, variable height), `normal` (100 pixels wide, variable height), or `large` (about 200 pixels wide, variable height). Additionally, you can request a picture of a specific size by setting this option to a hash with `:width` and `:height` as keys. This will return an available profile picture closest to the requested size and requested aspect ratio. If only `:width` or `:height` is specified, we will return a picture whose width or height is closest to the requested size, respectively.
-`info_fields` | 'name,email' | Specify exactly which fields should be returned when getting the user's info. Value should be a comma-separated string as per https://developers.facebook.com/docs/graph-api/reference/user/ (only `/me` endpoint).
+`info_fields` | `name,email` | Specify exactly which fields should be returned when getting the user's info. Value should be a comma-separated string as per https://developers.facebook.com/docs/graph-api/reference/user/ (only `/me` endpoint).
 `locale` |  | Specify locale which should be used when getting the user's info. Value should be locale string as per https://developers.facebook.com/docs/reference/api/locale/.
 `auth_type` | | Optionally specifies the requested authentication features as a comma-separated list, as per https://developers.facebook.com/docs/facebook-login/reauthentication/. Valid values are `https` (checks for the presence of the secure cookie and asks for re-authentication if it is not present), and `reauthenticate` (asks the user to re-authenticate unconditionally). Use 'rerequest' when you want to request premissions. Default is `nil`.
 `secure_image_url` | `false` | Set to `true` to use https for the avatar image url returned in the auth hash.
@@ -55,24 +51,25 @@ For example, to request `email`, `user_birthday` and `read_stream` permissions a
 
 ```ruby
 Rails.application.config.middleware.use OmniAuth::Builder do
-  provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET'],
-           :scope => 'email,user_birthday,read_stream', :display => 'popup'
+  provider :facebook, ENV['FACEBOOK_APP_ID'], ENV['FACEBOOK_APP_SECRET'],
+    scope: 'email,user_birthday,read_stream', display: 'popup'
 end
 ```
 
 ### API Version
 
-OmniAuth Facebook uses unversioned API endpoints by default. You can configure custom endpoints via `client_options` hash passed to `provider`.
+OmniAuth Facebook uses versioned API endpoints by default (current v4.0). You can configure a different version via `client_options` hash passed to `provider`, specifically you should change the version in the `site` and `authorize_url` parameters. For example, to change to v7.0 (assuming that exists):
 
 ```ruby
 use OmniAuth::Builder do
-  provider :facebook, ENV['APP_ID'], ENV['APP_SECRET'],
-    :client_options => {
-      :site => 'https://graph.facebook.com/v2.0',
-      :authorize_url => "https://www.facebook.com/v2.0/dialog/oauth"
+  provider :facebook, ENV['FACEBOOK_APP_ID'], ENV['FACEBOOK_APP_SECRET'],
+    client_options: {
+      site: 'https://graph.facebook.com/v7.0',
+      authorize_url: "https://www.facebook.com/v7.0/dialog/oauth"
     }
 end
 ```
+
 ### Per-Request Options
 
 If you want to set the `display` format, `auth_type`, or `scope` on a per-request basis, you can just pass it to the OmniAuth request phase URL, for example: `/auth/facebook?display=popup` or `/auth/facebook?scope=email`.
@@ -83,39 +80,37 @@ Here's an example *Auth Hash* available in `request.env['omniauth.auth']`:
 
 ```ruby
 {
-  :provider => 'facebook',
-  :uid => '1234567',
-  :info => {
-    :nickname => 'jbloggs',
-    :email => 'joe@bloggs.com',
-    :name => 'Joe Bloggs',
-    :first_name => 'Joe',
-    :last_name => 'Bloggs',
-    :image => 'http://graph.facebook.com/1234567/picture?type=square',
-    :urls => { :Facebook => 'http://www.facebook.com/jbloggs' },
-    :location => 'Palo Alto, California',
-    :verified => true
+  provider: 'facebook',
+  uid: '1234567',
+  info: {
+    email: 'joe@bloggs.com',
+    name: 'Joe Bloggs',
+    first_name: 'Joe',
+    last_name: 'Bloggs',
+    image: 'http://graph.facebook.com/1234567/picture?type=square',
+    verified: true
   },
-  :credentials => {
-    :token => 'ABCDEF...', # OAuth 2.0 access_token, which you may wish to store
-    :expires_at => 1321747205, # when the access token expires (it always will)
-    :expires => true # this will always be true
+  credentials: {
+    token: 'ABCDEF...', # OAuth 2.0 access_token, which you may wish to store
+    expires_at: 1321747205, # when the access token expires (it always will)
+    expires: true # this will always be true
   },
-  :extra => {
-    :raw_info => {
-      :id => '1234567',
-      :name => 'Joe Bloggs',
-      :first_name => 'Joe',
-      :last_name => 'Bloggs',
-      :link => 'http://www.facebook.com/jbloggs',
-      :username => 'jbloggs',
-      :location => { :id => '123456789', :name => 'Palo Alto, California' },
-      :gender => 'male',
-      :email => 'joe@bloggs.com',
-      :timezone => -8,
-      :locale => 'en_US',
-      :verified => true,
-      :updated_time => '2011-11-11T06:21:03+0000'
+  extra: {
+    raw_info: {
+      id: '1234567',
+      name: 'Joe Bloggs',
+      first_name: 'Joe',
+      last_name: 'Bloggs',
+      link: 'http://www.facebook.com/jbloggs',
+      username: 'jbloggs',
+      location: { id: '123456789', name: 'Palo Alto, California' },
+      gender: 'male',
+      email: 'joe@bloggs.com',
+      timezone: -8,
+      locale: 'en_US',
+      verified: true,
+      updated_time: '2011-11-11T06:21:03+0000',
+      # ...
     }
   }
 }
@@ -157,15 +152,7 @@ If you use the server-side flow, Facebook will give you back a longer lived acce
 
 ## Supported Rubies
 
-Actively tested with the following Ruby versions:
-
-- MRI 2.1.0
-- MRI 2.0.0
-- MRI 1.9.3
-- MRI 1.9.2
-- MRI 1.8.7
-- JRuby 1.7.9
-- Rubinius (latest stable)
+- Ruby MRI (2.3, 2.4, 2.5, 2.6)
 
 ## License
 
@@ -176,6 +163,3 @@ Permission is hereby granted, free of charge, to any person obtaining a copy of
 The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-
-[![Bitdeli Badge](https://d2weczhvl823v0.cloudfront.net/mkdynamic/omniauth-facebook/trend.png)](https://bitdeli.com/free "Bitdeli Badge")

data/Rakefile

@@ -6,4 +6,4 @@ Rake::TestTask.new do |task|
   task.test_files = FileList['test/*_test.rb']
 end
 
-task :default => :test
+task default: :test

data/example/Gemfile

@@ -2,4 +2,4 @@ source 'https://rubygems.org'
 
 gem 'sinatra'
 gem 'sinatra-reloader'
-gem 'omniauth-facebook', :path => '../'
+gem 'omniauth-facebook', path: '../'

data/example/Gemfile.lock

@@ -1,58 +1,62 @@
 PATH
-  remote: ../
+  remote: ..
   specs:
-    omniauth-facebook (2.0.0)
+    omniauth-facebook (6.0.0)
       omniauth-oauth2 (~> 1.2)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    backports (3.3.5)
-    faraday (0.9.0)
+    backports (3.15.0)
+    faraday (1.0.0)
       multipart-post (>= 1.2, < 3)
-    hashie (3.2.0)
-    jwt (1.0.0)
-    multi_json (1.8.2)
-    multi_xml (0.5.5)
-    multipart-post (2.0.0)
-    oauth2 (1.0.0)
-      faraday (>= 0.8, < 0.10)
-      jwt (~> 1.0)
+    hashie (3.6.0)
+    jwt (2.2.1)
+    multi_json (1.14.1)
+    multi_xml (0.6.0)
+    multipart-post (2.1.1)
+    mustermann (1.1.1)
+      ruby2_keywords (~> 0.0.1)
+    oauth2 (1.4.2)
+      faraday (>= 0.8, < 2.0)
+      jwt (>= 1.0, < 3.0)
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
-      rack (~> 1.2)
-    omniauth (1.2.2)
-      hashie (>= 1.2, < 4)
-      rack (~> 1.0)
-    omniauth-oauth2 (1.2.0)
-      faraday (>= 0.8, < 0.10)
-      multi_json (~> 1.3)
-      oauth2 (~> 1.0)
-      omniauth (~> 1.2)
-    rack (1.5.2)
-    rack-protection (1.5.1)
+      rack (>= 1.2, < 3)
+    omniauth (1.9.0)
+      hashie (>= 3.4.6, < 3.7.0)
+      rack (>= 1.6.2, < 3)
+    omniauth-oauth2 (1.6.0)
+      oauth2 (~> 1.1)
+      omniauth (~> 1.9)
+    rack (2.1.1)
+    rack-protection (2.0.8.1)
       rack
-    rack-test (0.6.2)
-      rack (>= 1.0)
-    sinatra (1.4.4)
-      rack (~> 1.4)
-      rack-protection (~> 1.4)
-      tilt (~> 1.3, >= 1.3.4)
-    sinatra-contrib (1.4.2)
-      backports (>= 2.0)
+    ruby2_keywords (0.0.2)
+    sinatra (2.0.8.1)
+      mustermann (~> 1.0)
+      rack (~> 2.0)
+      rack-protection (= 2.0.8.1)
+      tilt (~> 2.0)
+    sinatra-contrib (2.0.8.1)
+      backports (>= 2.8.2)
       multi_json
-      rack-protection
-      rack-test
-      sinatra (~> 1.4.0)
-      tilt (~> 1.3)
+      mustermann (~> 1.0)
+      rack-protection (= 2.0.8.1)
+      sinatra (= 2.0.8.1)
+      tilt (~> 2.0)
     sinatra-reloader (1.0)
       sinatra-contrib
-    tilt (1.4.1)
+    tilt (2.0.10)
 
 PLATFORMS
   ruby
+  x64-mingw32
 
 DEPENDENCIES
   omniauth-facebook!
   sinatra
   sinatra-reloader
+
+BUNDLED WITH
+   1.17.2

data/example/app.rb

@@ -1,93 +1,86 @@
 require 'sinatra'
 require "sinatra/reloader"
 require 'yaml'
+require 'json'
 
 # configure sinatra
 set :run, false
 set :raise_errors, true
 
-# setup logging to file
-log = File.new("app.log", "a+")
-$stdout.reopen(log)
-$stderr.reopen(log)
-$stderr.sync = true
-$stdout.sync = true
-
-# server-side flow
+# REQUEST STEP (server-side flow)
 get '/server-side' do
-  # NOTE: You would just hit this endpoint directly from the browser in a real app. The redirect is just here to
-  #       explicit declare this server-side flow.
+  # NOTE: You would just hit this endpoint directly from the browser in a real app. The redirect is
+  #       just here to explicit declare this server-side flow.
   redirect '/auth/facebook'
 end
 
-# client-side flow
+# REQUEST STEP (client-side flow)
 get '/client-side' do
   content_type 'text/html'
-  # NOTE: When you enable cookie below in the FB.init call the GET request in the FB.login callback will send a signed
-  #       request in a cookie back the OmniAuth callback which will parse out the authorization code and obtain an
-  #       access_token with it.
-  <<-END
+  # NOTE: When you enable cookie below in the FB.init call the GET request in the FB.login callback
+  #       will send a signed request in a cookie back the OmniAuth callback which will parse out the
+  #       authorization code and obtain an access_token with it.
+  <<-HTML
     <html>
     <head>
       <title>Client-side Flow Example</title>
-      <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js" type="text/javascript"></script>
-    </head>
-    <body>
-      <div id="fb-root"></div>
-
+      <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.2/jquery.min.js" type="text/javascript"></script>
       <script type="text/javascript">
         window.fbAsyncInit = function() {
           FB.init({
-            appId  : '#{ENV['APP_ID']}',
-            status : true, // check login status
-            cookie : true, // enable cookies to allow the server to access the session
-            xfbml  : true  // parse XFBML
+            appId: '#{ENV['FACEBOOK_APP_ID']}',
+            version: 'v4.0',
+            cookie: true // IMPORTANT must enable cookies to allow the server to access the session
           });
+          console.log("fb init");
         };
 
-        (function(d) {
-          var js, id = 'facebook-jssdk'; if (d.getElementById(id)) {return;}
-          js = d.createElement('script'); js.id = id; js.async = true;
-          js.src = "//connect.facebook.net/en_US/all.js";
-          d.getElementsByTagName('head')[0].appendChild(js);
-        }(document));
-
-        $(function() {
-          $('a').click(function(e) {
-            e.preventDefault();
-
-            FB.login(function(response) {
-              if (response.authResponse) {
-                $('#connect').html('Connected! Hitting OmniAuth callback (GET /auth/facebook/callback)...');
-
-                // since we have cookies enabled, this request will allow omniauth to parse
-                // out the auth code from the signed request in the fbsr_XXX cookie
-                $.getJSON('/auth/facebook/callback', function(json) {
-                  $('#connect').html('Connected! Callback complete.');
-                  $('#results').html(JSON.stringify(json));
-                });
-              }
-            }, { scope: 'email,read_stream', state: 'abc123' });
-          });
-        });
+        (function(d, s, id){
+           var js, fjs = d.getElementsByTagName(s)[0];
+           if (d.getElementById(id)) {return;}
+           js = d.createElement(s); js.id = id;
+           js.src = "//connect.facebook.net/en_US/sdk.js";
+           fjs.parentNode.insertBefore(js, fjs);
+         }(document, 'script', 'facebook-jssdk'));
       </script>
+    </head>
+    <body>
+      <div id="fb-root"></div>
 
       <p id="connect">
         <a href="#">Connect to FB!</a>
       </p>
 
       <p id="results" />
+
+      <script type="text/javascript">
+        $('a').click(function(e) {
+          e.preventDefault();
+
+          FB.login(function(response) {
+            console.log(response);
+            if (response.authResponse) {
+              $('#connect').html('Connected! Hitting OmniAuth callback (GET /auth/facebook/callback)...');
+
+              // since we have cookies enabled, this request will allow omniauth to parse
+              // out the auth code from the signed request in the fbsr_XXX cookie
+              $.getJSON('/auth/facebook/callback', function(json) {
+                $('#connect').html('Connected! Callback complete.');
+                $('#results').html(JSON.stringify(json));
+              });
+            }
+          }); // if you want custom scopes, pass them as an extra, final argument to FB.login
+        });
+      </script>
     </body>
     </html>
-  END
+  HTML
 end
 
+# CALLBACK STEP
+# - redirected here for server-side flow
+# - ajax request made here for client-side flow
 get '/auth/:provider/callback' do
   content_type 'application/json'
-  MultiJson.encode(request.env)
-end
-
-get '/auth/failure' do
-  content_type 'application/json'
-  MultiJson.encode(request.env)
+  JSON.dump(request.env)
 end

data/example/config.ru

@@ -2,10 +2,10 @@ require 'bundler/setup'
 require 'omniauth-facebook'
 require './app.rb'
 
-use Rack::Session::Cookie, :secret => 'abc123'
+use Rack::Session::Cookie, secret: 'abc123'
 
 use OmniAuth::Builder do
-  provider :facebook, ENV['APP_ID'], ENV['APP_SECRET'], :scope => 'email,read_stream'
+  provider :facebook, ENV['FACEBOOK_APP_ID'], ENV['FACEBOOK_APP_SECRET']
 end
 
 run Sinatra::Application

data/lib/omniauth/facebook/version.rb

@@ -1,5 +1,5 @@
 module OmniAuth
   module Facebook
-    VERSION = "3.0.0"
+    VERSION = '7.0.0'
   end
 end

data/lib/omniauth/strategies/facebook.rb

@@ -12,20 +12,18 @@ module OmniAuth
       DEFAULT_SCOPE = 'email'
 
       option :client_options, {
-        :site => 'https://graph.facebook.com',
-        :authorize_url => "https://www.facebook.com/dialog/oauth",
-        :token_url => 'oauth/access_token'
-      }
-
-      option :token_params, {
-        :parse => :query
+        site: 'https://graph.facebook.com/v4.0',
+        authorize_url: "https://www.facebook.com/v4.0/dialog/oauth",
+        token_url: 'oauth/access_token'
       }
 
       option :access_token_options, {
-        :header_format => 'OAuth %s',
-        :param_name => 'access_token'
+        header_format: 'OAuth %s',
+        param_name: 'access_token'
       }
 
+      option :authorization_code_from_signed_request_in_cookie, nil
+
       option :authorize_options, [:scope, :display, :auth_type]
 
       uid { raw_info['id'] }
@@ -59,11 +57,11 @@ module OmniAuth
       end
 
       def info_options
-        params = {:appsecret_proof => appsecret_proof}
-        params.merge!({:fields => (options[:info_fields] || 'name,email')})
-        params.merge!({:locale => options[:locale]}) if options[:locale]
+        params = {appsecret_proof: appsecret_proof}
+        params.merge!({fields: (options[:info_fields] || 'name,email')})
+        params.merge!({locale: options[:locale]}) if options[:locale]
 
-        { :params => params }
+        { params: params }
       end
 
       def callback_phase
@@ -80,7 +78,7 @@ module OmniAuth
       #      phase and it must match during the access_token phase:
       #      https://github.com/facebook/facebook-php-sdk/blob/master/src/base_facebook.php#L477
       def callback_url
-        if @authorization_code_from_signed_request_in_cookie
+        if options.authorization_code_from_signed_request_in_cookie
           ''
         else
           # Fixes regression in omniauth-oauth2 v1.4.0 by https://github.com/intridea/omniauth-oauth2/commit/85fdbe117c2a4400d001a6368cc359d88f40abc7
@@ -135,7 +133,7 @@ module OmniAuth
           yield
         elsif code_from_signed_request = signed_request_from_cookie && signed_request_from_cookie['code']
           request.params['code'] = code_from_signed_request
-          @authorization_code_from_signed_request_in_cookie = true
+          options.authorization_code_from_signed_request_in_cookie = true
           # NOTE The code from the signed fbsr_XXX cookie is set by the FB JS SDK will confirm that the identity of the
           #      user contained in the signed request matches the user loading the app.
           original_provider_ignores_state = options.provider_ignores_state
@@ -144,7 +142,7 @@ module OmniAuth
             yield
           ensure
             request.params.delete('code')
-            @authorization_code_from_signed_request_in_cookie = false
+            options.authorization_code_from_signed_request_in_cookie = false
             options.provider_ignores_state = original_provider_ignores_state
           end
         else
@@ -162,10 +160,10 @@ module OmniAuth
       def image_url(uid, options)
         uri_class = options[:secure_image_url] ? URI::HTTPS : URI::HTTP
         site_uri = URI.parse(client.site)
-        url = uri_class.build({:host => site_uri.host, :path => "#{site_uri.path}/#{uid}/picture"})
+        url = uri_class.build({host: site_uri.host, path: "#{site_uri.path}/#{uid}/picture"})
 
         query = if options[:image_size].is_a?(String) || options[:image_size].is_a?(Symbol)
-          { :type => options[:image_size] }
+          { type: options[:image_size] }
         elsif options[:image_size].is_a?(Hash)
           options[:image_size]
         end

data/test/helper.rb

@@ -41,6 +41,7 @@ class StrategyTestCase < TestCase
 
     @client_id = '123'
     @client_secret = '53cr3tz'
+    @options = {}
   end
 
   def strategy
@@ -53,4 +54,4 @@ class StrategyTestCase < TestCase
   end
 end
 
-Dir[File.expand_path('../support/**/*', __FILE__)].each &method(:require)
+Dir[File.expand_path('../support/**/*', __FILE__)].each(&method(:require))

data/test/strategy_test.rb

@@ -9,15 +9,15 @@ end
 
 class ClientTest < StrategyTestCase
   test 'has correct Facebook site' do
-    assert_equal 'https://graph.facebook.com', strategy.client.site
+    assert_equal 'https://graph.facebook.com/v4.0', strategy.client.site
   end
 
   test 'has correct authorize url' do
-    assert_equal 'https://www.facebook.com/dialog/oauth', strategy.client.options[:authorize_url]
+    assert_equal 'https://www.facebook.com/v4.0/dialog/oauth', strategy.client.options[:authorize_url]
   end
 
   test 'has correct token url with versioning' do
-    @options = {:client_options => {:site => 'https://graph.facebook.net/v2.2'}}
+    @options = {client_options: {site: 'https://graph.facebook.net/v2.2'}}
     assert_equal 'oauth/access_token', strategy.client.options[:token_url]
     assert_equal 'https://graph.facebook.net/v2.2/oauth/access_token', strategy.client.token_url
   end
@@ -33,7 +33,7 @@ class CallbackUrlTest < StrategyTestCase
   end
 
   test "returns path from callback_path option (omitting querystring)" do
-    @options = { :callback_path => "/auth/FB/done"}
+    @options = { callback_path: "/auth/FB/done"}
     url_base = 'http://auth.request.com'
     @request.stubs(:url).returns("#{url_base}/page/path")
     strategy.stubs(:script_name).returns('') # as not to depend on Rack env
@@ -43,7 +43,7 @@ class CallbackUrlTest < StrategyTestCase
 
   test "returns url from callback_url option" do
     url = 'https://auth.myapp.com/auth/fb/callback'
-    @options = { :callback_url => url }
+    @options = { callback_url: url }
     assert_equal url, strategy.callback_url
   end
 end
@@ -73,12 +73,6 @@ class AuthorizeParamsTest < StrategyTestCase
   end
 end
 
-class TokeParamsTest < StrategyTestCase
-  test 'has correct parse strategy' do
-    assert_equal :query, strategy.token_params[:parse]
-  end
-end
-
 class AccessTokenOptionsTest < StrategyTestCase
   test 'has correct param name by default' do
     assert_equal 'access_token', strategy.access_token_options[:param_name]
@@ -102,40 +96,40 @@ end
 
 class InfoTest < StrategyTestCase
   test 'returns the secure facebook avatar url when `secure_image_url` option is specified' do
-    @options = { :secure_image_url => true }
+    @options = { secure_image_url: true }
     raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
     strategy.stubs(:raw_info).returns(raw_info)
-    assert_equal 'https://graph.facebook.com/321/picture', strategy.info['image']
+    assert_equal 'https://graph.facebook.com/v4.0/321/picture', strategy.info['image']
   end
 
   test 'returns the image_url based of the client site' do
-    @options = { :secure_image_url => true, :client_options => {:site => "https://blah.facebook.com/v2.2"}}
+    @options = { secure_image_url: true, client_options: {site: "https://blah.facebook.com/v2.2"}}
     raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
     strategy.stubs(:raw_info).returns(raw_info)
     assert_equal 'https://blah.facebook.com/v2.2/321/picture', strategy.info['image']
   end
 
   test 'returns the image with size specified in the `image_size` option' do
-    @options = { :image_size => 'normal' }
+    @options = { image_size: 'normal' }
     raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
     strategy.stubs(:raw_info).returns(raw_info)
-    assert_equal 'http://graph.facebook.com/321/picture?type=normal', strategy.info['image']
+    assert_equal 'http://graph.facebook.com/v4.0/321/picture?type=normal', strategy.info['image']
   end
 
   test 'returns the image with size specified as a symbol in the `image_size` option' do
-    @options = { :image_size => :normal }
+    @options = { image_size: :normal }
     raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
     strategy.stubs(:raw_info).returns(raw_info)
-    assert_equal 'http://graph.facebook.com/321/picture?type=normal', strategy.info['image']
+    assert_equal 'http://graph.facebook.com/v4.0/321/picture?type=normal', strategy.info['image']
   end
 
   test 'returns the image with width and height specified in the `image_size` option' do
-    @options = { :image_size => { :width => 123, :height => 987 } }
+    @options = { image_size: { width: 123, height: 987 } }
     raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
     strategy.stubs(:raw_info).returns(raw_info)
     assert_match 'width=123', strategy.info['image']
     assert_match 'height=987', strategy.info['image']
-    assert_match 'http://graph.facebook.com/321/picture?', strategy.info['image']
+    assert_match 'http://graph.facebook.com/v4.0/321/picture?', strategy.info['image']
   end
 end
 
@@ -182,7 +176,7 @@ class InfoTestOptionalDataPresent < StrategyTestCase
 
   test 'returns the facebook avatar url' do
     @raw_info['id'] = '321'
-    assert_equal 'http://graph.facebook.com/321/picture', strategy.info['image']
+    assert_equal 'http://graph.facebook.com/v4.0/321/picture', strategy.info['image']
   end
 
   test 'returns the Facebook link as the Facebook url' do
@@ -261,39 +255,39 @@ class RawInfoTest < StrategyTestCase
     super
     @access_token = stub('OAuth2::AccessToken')
     @appsecret_proof = 'appsecret_proof'
-    @options = {:appsecret_proof => @appsecret_proof, :fields => 'name,email'}
+    @options = {appsecret_proof: @appsecret_proof, fields: 'name,email'}
   end
 
-  test 'performs a GET to https://graph.facebook.com/me' do
+  test 'performs a GET to https://graph.facebook.com/v4.0/me' do
     strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
     strategy.stubs(:access_token).returns(@access_token)
-    params = {:params => @options}
+    params = {params: @options}
     @access_token.expects(:get).with('me', params).returns(stub_everything('OAuth2::Response'))
     strategy.raw_info
   end
 
-  test 'performs a GET to https://graph.facebook.com/me with locale' do
-    @options.merge!({ :locale => 'cs_CZ' })
+  test 'performs a GET to https://graph.facebook.com/v4.0/me with locale' do
+    @options.merge!({ locale: 'cs_CZ' })
     strategy.stubs(:access_token).returns(@access_token)
     strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
-    params = {:params => @options}
+    params = {params: @options}
     @access_token.expects(:get).with('me', params).returns(stub_everything('OAuth2::Response'))
     strategy.raw_info
   end
 
-  test 'performs a GET to https://graph.facebook.com/me with info_fields' do
-    @options.merge!({:info_fields => 'about'})
+  test 'performs a GET to https://graph.facebook.com/v4.0/me with info_fields' do
+    @options.merge!({info_fields: 'about'})
     strategy.stubs(:access_token).returns(@access_token)
     strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
-    params = {:params => {:appsecret_proof => @appsecret_proof, :fields => 'about'}}
+    params = {params: {appsecret_proof: @appsecret_proof, fields: 'about'}}
     @access_token.expects(:get).with('me', params).returns(stub_everything('OAuth2::Response'))
     strategy.raw_info
   end
 
-  test 'performs a GET to https://graph.facebook.com/me with default info_fields' do
+  test 'performs a GET to https://graph.facebook.com/v4.0/me with default info_fields' do
     strategy.stubs(:access_token).returns(@access_token)
     strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
-    params = {:params => {:appsecret_proof => @appsecret_proof, :fields => 'name,email'}}
+    params = {params: {appsecret_proof: @appsecret_proof, fields: 'name,email'}}
     @access_token.expects(:get).with('me', params).returns(stub_everything('OAuth2::Response'))
     strategy.raw_info
   end
@@ -306,7 +300,7 @@ class RawInfoTest < StrategyTestCase
     raw_response.stubs(:status).returns(200)
     raw_response.stubs(:headers).returns({'Content-Type' => 'application/json' })
     oauth2_response = OAuth2::Response.new(raw_response)
-    params = {:params => @options}
+    params = {params: @options}
     @access_token.stubs(:get).with('me', params).returns(oauth2_response)
     assert_kind_of Hash, strategy.raw_info
     assert_equal 'thar', strategy.raw_info['ohai']
@@ -315,16 +309,16 @@ class RawInfoTest < StrategyTestCase
   test 'returns an empty hash when the response is false' do
     strategy.stubs(:access_token).returns(@access_token)
     strategy.stubs(:appsecret_proof).returns(@appsecret_proof)
-    oauth2_response = stub('OAuth2::Response', :parsed => false)
-    params = {:params => @options}
+    oauth2_response = stub('OAuth2::Response', parsed: false)
+    params = {params: @options}
     @access_token.stubs(:get).with('me', params).returns(oauth2_response)
     assert_kind_of Hash, strategy.raw_info
     assert_equal({}, strategy.raw_info)
   end
 
   test 'should not include raw_info in extras hash when skip_info is specified' do
-    @options = { :skip_info => true }
-    strategy.stubs(:raw_info).returns({:foo => 'bar' })
+    @options = { skip_info: true }
+    strategy.stubs(:raw_info).returns({foo: 'bar' })
     refute_has_key 'raw_info', strategy.extra
   end
 end
@@ -458,7 +452,7 @@ module SignedRequestTests
     end
 
     test 'empty param' do
-      assert_equal nil, strategy.send(:signed_request_from_cookie)
+      assert_nil strategy.send(:signed_request_from_cookie)
     end
   end
 

data/test/support/shared_examples.rb

@@ -13,7 +13,7 @@ module OAuth2StrategyTests
     extend BlockTestHelper
     
     test 'should be initialized with symbolized client_options' do
-      @options = { :client_options => { 'authorize_url' => 'https://example.com' } }
+      @options = { client_options: { 'authorize_url' => 'https://example.com' } }
       assert_equal 'https://example.com', strategy.client.options[:authorize_url]
     end
   end
@@ -22,19 +22,19 @@ module OAuth2StrategyTests
     extend BlockTestHelper
     
     test 'should include any authorize params passed in the :authorize_params option' do
-      @options = { :authorize_params => { :foo => 'bar', :baz => 'zip' } }
+      @options = { authorize_params: { foo: 'bar', baz: 'zip' } }
       assert_equal 'bar', strategy.authorize_params['foo']
       assert_equal 'zip', strategy.authorize_params['baz']
     end
 
     test 'should include top-level options that are marked as :authorize_options' do
-      @options = { :authorize_options => [:scope, :foo], :scope => 'bar', :foo => 'baz' }
+      @options = { authorize_options: [:scope, :foo], scope: 'bar', foo: 'baz' }
       assert_equal 'bar', strategy.authorize_params['scope']
       assert_equal 'baz', strategy.authorize_params['foo']
     end
     
     test 'should exclude top-level options that are not passed' do
-      @options = { :authorize_options => [:bar] }
+      @options = { authorize_options: [:bar] }
       refute_has_key :bar, strategy.authorize_params
       refute_has_key 'bar', strategy.authorize_params
     end
@@ -51,7 +51,7 @@ module OAuth2StrategyTests
     end
 
     test 'should not store state in the session when present in authorize params vs. a random one' do
-      @options = { :authorize_params => { :state => 'bar' } }
+      @options = { authorize_params: { state: 'bar' } }
       refute_empty strategy.authorize_params['state']
       refute_equal 'bar', strategy.authorize_params[:state]
       refute_empty strategy.session['omniauth.state']
@@ -71,13 +71,13 @@ module OAuth2StrategyTests
     extend BlockTestHelper
     
     test 'should include any authorize params passed in the :token_params option' do
-      @options = { :token_params => { :foo => 'bar', :baz => 'zip' } }
+      @options = { token_params: { foo: 'bar', baz: 'zip' } }
       assert_equal 'bar', strategy.token_params['foo']
       assert_equal 'zip', strategy.token_params['baz']
     end
 
     test 'should include top-level options that are marked as :token_options' do
-      @options = { :token_options => [:scope, :foo], :scope => 'bar', :foo => 'baz' }
+      @options = { token_options: [:scope, :foo], scope: 'bar', foo: 'baz' }
       assert_equal 'bar', strategy.token_params['scope']
       assert_equal 'baz', strategy.token_params['foo']
     end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-facebook
 version: !ruby/object:Gem::Version
-  version: 3.0.0
+  version: 7.0.0
 platform: ruby
 authors:
 - Mark Dodwell
@@ -9,62 +9,62 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-10-27 00:00:00.000000000 Z
+date: 2020-08-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: omniauth-oauth2
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.2'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: mocha
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: 
@@ -75,8 +75,9 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .travis.yml
+- ".github/workflows/stale.yml"
+- ".gitignore"
+- ".travis.yml"
 - CHANGELOG.md
 - Gemfile
 - README.md
@@ -107,17 +108,16 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.0.14
+rubygems_version: 3.2.0.pre1
 signing_key: 
 specification_version: 4
 summary: Facebook OAuth2 Strategy for OmniAuth