omniauth-facebook2 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 3c051fcad79b58c9fd1988af188abaa207b500e3cf6380f005ff2541709419d3
+  data.tar.gz: f3a352c67dec65e0332fbafd805f3e508675ee5a5fc71cde0e6e8c055f114b71
+SHA512:
+  metadata.gz: 5433ff4b75e0bb8335e975b5f973d111cdc645c2de8cff6cc82527deae5eee643eaf5f0b57ed49a24941375533f37c44791fbdf9ded21e3d8556e041c08bae41
+  data.tar.gz: 331e183495646573db070811ac4ea5ff4c53dec6db57956d75fa5daf17b1d9f01416986fbec5287de861e1be14027b2f4b7673741cb30feff23de875581548e8

data/LICENSE.txt

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Claudio Poli
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,132 @@
+# OmniAuth Facebook2 Strategy
+
+[![Test](https://github.com/icoretech/omniauth-facebook2/actions/workflows/test.yml/badge.svg?branch=main)](https://github.com/icoretech/omniauth-facebook2/actions/workflows/test.yml?query=branch%3Amain)
+[![Gem Version](https://img.shields.io/gem/v/omniauth-facebook2.svg)](https://rubygems.org/gems/omniauth-facebook2)
+
+`omniauth-facebook2` provides a Facebook OAuth2 strategy for OmniAuth.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'omniauth-facebook2'
+```
+
+Then run:
+
+```bash
+bundle install
+```
+
+## Usage
+
+Configure OmniAuth in your Rack/Rails app:
+
+```ruby
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :facebook2,
+           ENV.fetch('FACEBOOK_APP_ID'),
+           ENV.fetch('FACEBOOK_APP_SECRET')
+end
+```
+
+Compatibility alias is available, so existing callback paths can keep using `facebook`:
+
+```ruby
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :facebook,
+           ENV.fetch('FACEBOOK_APP_ID'),
+           ENV.fetch('FACEBOOK_APP_SECRET')
+end
+```
+
+## Provider App Setup
+
+- Meta for Developers: <https://developers.facebook.com/apps/>
+- Facebook Login docs: <https://developers.facebook.com/docs/facebook-login/>
+- Register callback URL (example): `https://your-app.example.com/auth/facebook/callback`
+
+## Options
+
+Supported request/provider options include:
+
+- `scope` (default: `email`)
+- `display`
+- `auth_type` (example: `rerequest`)
+- `config_id` (Facebook Login for Business)
+- `redirect_uri`
+- `info_fields` (default: `name,email`)
+- `locale`
+- `image_size` (symbol/string like `:normal`, or hash `{ width:, height: }`)
+- `secure_image_url` (default: `true`)
+- `callback_url` / `callback_path`
+
+## Auth Hash
+
+Example payload from `request.env['omniauth.auth']` (captured from a real smoke run):
+
+```json
+{
+  "uid": "10230653256947200",
+  "info": {
+    "email": "claudio@icorete.ch",
+    "name": "Claudio Poli",
+    "image": "https://graph.facebook.com/v25.0/10230653256947200/picture"
+  },
+  "credentials": {
+    "token": "[REDACTED]",
+    "expires_at": 1777885934,
+    "expires": true
+  },
+  "extra": {
+    "raw_info": {
+      "name": "Claudio Poli",
+      "email": "claudio@icorete.ch",
+      "id": "10230653256947200"
+    }
+  }
+}
+```
+
+## Development
+
+```bash
+bundle install
+bundle exec rake
+```
+
+Run Rails integration tests with an explicit Rails version:
+
+```bash
+RAILS_VERSION='~> 8.1.0' bundle install
+RAILS_VERSION='~> 8.1.0' bundle exec rake test_rails_integration
+```
+
+## Compatibility
+
+- Ruby: `>= 3.2` (tested on `3.2`, `3.3`, `3.4`, `4.0`)
+- `omniauth-oauth2`: `>= 1.8`, `< 1.9`
+- Rails integration lanes: `~> 7.1.0`, `~> 7.2.0`, `~> 8.0.0`, `~> 8.1.0`
+
+## Endpoints
+
+Default endpoints target Facebook Graph API `v25.0`:
+
+- Authorize: `https://www.facebook.com/v25.0/dialog/oauth`
+- Token: `https://graph.facebook.com/v25.0/oauth/access_token`
+- User info: `https://graph.facebook.com/v25.0/me`
+
+## Test Structure
+
+- `test/omniauth_facebook2_test.rb`: strategy/unit behavior
+- `test/rails_integration_test.rb`: full Rack/Rails request+callback flow
+- `test/test_helper.rb`: shared test bootstrap
+
+## Release
+
+Tag releases as `vX.Y.Z`; GitHub Actions publishes the gem to RubyGems.
+
+## License
+
+MIT

data/lib/omniauth/facebook2/signed_request.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+require 'base64'
+require 'json'
+require 'openssl'
+
+module OmniAuth
+  module Facebook2
+    # Parser for Facebook signed request cookie payloads used by client-side login flow.
+    class SignedRequest
+      class UnknownSignatureAlgorithmError < NotImplementedError; end
+
+      SUPPORTED_ALGORITHM = 'HMAC-SHA256'
+
+      attr_reader :value, :secret
+
+      def self.parse(value, secret)
+        new(value, secret).payload
+      end
+
+      def initialize(value, secret)
+        @value = value
+        @secret = secret
+      end
+
+      def payload
+        @payload ||= parse_signed_request
+      end
+
+      private
+
+      def parse_signed_request
+        signature, encoded_payload = value.to_s.split('.', 2)
+        return if blank?(signature) || blank?(encoded_payload)
+
+        decoded_signature = base64_decode_url(signature)
+        decoded_payload = JSON.parse(base64_decode_url(encoded_payload))
+
+        unless decoded_payload['algorithm'] == SUPPORTED_ALGORITHM
+          raise UnknownSignatureAlgorithmError, "unknown algorithm: #{decoded_payload['algorithm']}"
+        end
+
+        decoded_payload if valid_signature?(decoded_signature, encoded_payload)
+      end
+
+      def valid_signature?(signature, payload, algorithm = OpenSSL::Digest.new('SHA256'))
+        OpenSSL::HMAC.digest(algorithm, secret, payload) == signature
+      end
+
+      def base64_decode_url(value)
+        value += '=' * ((4 - value.size.modulo(4)) % 4)
+        Base64.decode64(value.tr('-_', '+/'))
+      end
+
+      def blank?(value)
+        value.nil? || (value.respond_to?(:empty?) && value.empty?)
+      end
+    end
+  end
+end

data/lib/omniauth/facebook2/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module OmniAuth
+  module Facebook2
+    VERSION = '0.1.0'
+  end
+end

data/lib/omniauth/facebook2.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+require 'omniauth/facebook2/version'
+require 'omniauth/facebook2/signed_request'
+require 'omniauth/strategies/facebook2'

data/lib/omniauth/strategies/facebook2.rb

@@ -0,0 +1,217 @@
+# frozen_string_literal: true
+
+require 'omniauth-oauth2'
+require 'openssl'
+require 'rack/utils'
+require 'uri'
+
+module OmniAuth
+  module Strategies
+    # OmniAuth strategy for Facebook OAuth2.
+    class Facebook2 < OmniAuth::Strategies::OAuth2
+      class NoAuthorizationCodeError < StandardError; end
+
+      DEFAULT_SCOPE = 'email'
+      DEFAULT_FACEBOOK_API_VERSION = 'v25.0'
+      DEFAULT_INFO_FIELDS = 'name,email'
+
+      option :name, 'facebook2'
+      option :scope, DEFAULT_SCOPE
+      option :authorize_options, %i[scope display auth_type config_id redirect_uri]
+      option :secure_image_url, true
+      option :appsecret_proof, true
+      option :authorization_code_from_signed_request_in_cookie, nil
+
+      option :client_options,
+             site: "https://graph.facebook.com/#{DEFAULT_FACEBOOK_API_VERSION}",
+             authorize_url: "https://www.facebook.com/#{DEFAULT_FACEBOOK_API_VERSION}/dialog/oauth",
+             token_url: 'oauth/access_token',
+             connection_opts: {
+               headers: {
+                 user_agent: 'icoretech-omniauth-facebook2 gem',
+                 accept: 'application/json',
+                 content_type: 'application/json'
+               }
+             }
+
+      option :access_token_options,
+             header_format: 'OAuth %s',
+             param_name: 'access_token'
+
+      uid { raw_info['id'] }
+
+      info do
+        prune(
+          {
+            'nickname' => raw_info['username'],
+            'email' => raw_info['email'],
+            'name' => raw_info['name'],
+            'first_name' => raw_info['first_name'],
+            'last_name' => raw_info['last_name'],
+            'image' => image_url(uid),
+            'description' => raw_info['bio'],
+            'urls' => {
+              'Facebook' => raw_info['link'],
+              'Website' => raw_info['website']
+            },
+            'location' => raw_info.dig('location', 'name'),
+            'verified' => raw_info['verified']
+          }
+        )
+      end
+
+      credentials do
+        {
+          'token' => access_token.token,
+          'refresh_token' => access_token.refresh_token,
+          'expires_at' => access_token.expires_at,
+          'expires' => access_token.expires?,
+          'scope' => token_scope
+        }.compact
+      end
+
+      extra do
+        data = {}
+        data['raw_info'] = raw_info unless skip_info?
+        prune(data)
+      end
+
+      def raw_info
+        @raw_info ||= access_token.get('me', info_options).parsed || {}
+      end
+
+      def info_options
+        params = {
+          fields: options[:info_fields] || DEFAULT_INFO_FIELDS
+        }
+        params[:appsecret_proof] = appsecret_proof if options[:appsecret_proof]
+        params[:locale] = options[:locale] if options[:locale]
+
+        { params: params }
+      end
+
+      def callback_phase
+        with_authorization_code! { super }
+      rescue NoAuthorizationCodeError => e
+        fail!(:no_authorization_code, e)
+      rescue OmniAuth::Facebook2::SignedRequest::UnknownSignatureAlgorithmError => e
+        fail!(:unknown_signature_algorithm, e)
+      end
+
+      def callback_url
+        return '' if options.authorization_code_from_signed_request_in_cookie
+
+        options[:callback_url] || super
+      end
+
+      def query_string
+        return '' if request.params['code']
+
+        super
+      end
+
+      def access_token_options
+        options.access_token_options.to_h.transform_keys(&:to_sym)
+      end
+
+      def authorize_params
+        super.tap do |params|
+          options.authorize_options.each do |key|
+            request_value = request.params[key.to_s]
+            params[key] = request_value unless blank?(request_value)
+          end
+
+          params[:scope] ||= options[:scope] || DEFAULT_SCOPE
+        end
+      end
+
+      protected
+
+      def build_access_token
+        super.tap do |token|
+          token.options.merge!(access_token_options)
+        end
+      end
+
+      private
+
+      def signed_request_from_cookie
+        @signed_request_from_cookie ||= begin
+          signed_request = raw_signed_request_from_cookie
+          signed_request && OmniAuth::Facebook2::SignedRequest.parse(signed_request, client.secret)
+        end
+      end
+
+      def raw_signed_request_from_cookie
+        request.cookies["fbsr_#{client.id}"]
+      end
+
+      def with_authorization_code!
+        if request.params.key?('code') && !blank?(request.params['code'])
+          yield
+        elsif (code_from_signed_request = signed_request_from_cookie && signed_request_from_cookie['code'])
+          request.params['code'] = code_from_signed_request
+          options.authorization_code_from_signed_request_in_cookie = true
+          original_provider_ignores_state = options.provider_ignores_state
+          options.provider_ignores_state = true
+
+          begin
+            yield
+          ensure
+            request.params.delete('code')
+            options.authorization_code_from_signed_request_in_cookie = false
+            options.provider_ignores_state = original_provider_ignores_state
+          end
+        else
+          raise NoAuthorizationCodeError,
+                'must pass either a `code` (query param) or an `fbsr_<app_id>` signed request cookie'
+        end
+      end
+
+      def prune(hash)
+        return hash unless hash.is_a?(Hash)
+
+        hash.delete_if do |_key, value|
+          prune(value) if value.is_a?(Hash)
+          value.nil? || (value.respond_to?(:empty?) && value.empty?)
+        end
+      end
+
+      def image_url(user_id)
+        uri_class = options[:secure_image_url] ? URI::HTTPS : URI::HTTP
+        site_uri = URI.parse(client.site)
+        url = uri_class.build(host: site_uri.host, path: "#{site_uri.path}/#{user_id}/picture")
+
+        query = if options[:image_size].is_a?(String) || options[:image_size].is_a?(Symbol)
+                  { type: options[:image_size] }
+                elsif options[:image_size].is_a?(Hash)
+                  options[:image_size]
+                end
+        url.query = Rack::Utils.build_query(query) if query
+
+        url.to_s
+      end
+
+      def appsecret_proof
+        @appsecret_proof ||= OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('SHA256'), client.secret, access_token.token)
+      end
+
+      def token_scope
+        token_params = access_token.respond_to?(:params) ? access_token.params : {}
+        token_params['scope'] || (access_token['scope'] if access_token.respond_to?(:[]))
+      end
+
+      def blank?(value)
+        value.nil? || (value.respond_to?(:empty?) && value.empty?)
+      end
+    end
+
+    # Backward-compatible strategy name for existing `facebook` callback paths.
+    class Facebook < Facebook2
+      option :name, 'facebook'
+    end
+  end
+end
+
+OmniAuth.config.add_camelization 'facebook2', 'Facebook2'
+OmniAuth.config.add_camelization 'facebook', 'Facebook'

data/lib/omniauth-facebook2.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require 'omniauth/facebook2'

data/omniauth-facebook2.gemspec

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'omniauth/facebook2/version'
+
+Gem::Specification.new do |spec|
+  spec.name = 'omniauth-facebook2'
+  spec.version = OmniAuth::Facebook2::VERSION
+  spec.authors = ['Claudio Poli']
+  spec.email = ['masterkain@gmail.com']
+
+  spec.summary = 'OmniAuth strategy for Facebook OAuth2 authentication.'
+  spec.description =
+    'OAuth2 strategy for OmniAuth that authenticates users with Facebook ' \
+    'and exposes profile metadata from the Graph API.'
+  spec.homepage = 'https://github.com/icoretech/omniauth-facebook2'
+  spec.license = 'MIT'
+  spec.required_ruby_version = '>= 3.2'
+
+  spec.metadata['source_code_uri'] = 'https://github.com/icoretech/omniauth-facebook2'
+  spec.metadata['bug_tracker_uri'] = 'https://github.com/icoretech/omniauth-facebook2/issues'
+  spec.metadata['changelog_uri'] = 'https://github.com/icoretech/omniauth-facebook2/releases'
+  spec.metadata['rubygems_mfa_required'] = 'true'
+
+  spec.files = Dir[
+    'lib/**/*.rb',
+    'README*',
+    'LICENSE*',
+    '*.gemspec'
+  ]
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'cgi', '>= 0.3.6'
+  spec.add_dependency 'omniauth-oauth2', '>= 1.8', '< 1.9'
+end

metadata

@@ -0,0 +1,87 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-facebook2
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Claudio Poli
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: cgi
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.3.6
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.3.6
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.8'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.8'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+description: OAuth2 strategy for OmniAuth that authenticates users with Facebook and
+  exposes profile metadata from the Graph API.
+email:
+- masterkain@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE.txt
+- README.md
+- lib/omniauth-facebook2.rb
+- lib/omniauth/facebook2.rb
+- lib/omniauth/facebook2/signed_request.rb
+- lib/omniauth/facebook2/version.rb
+- lib/omniauth/strategies/facebook2.rb
+- omniauth-facebook2.gemspec
+homepage: https://github.com/icoretech/omniauth-facebook2
+licenses:
+- MIT
+metadata:
+  source_code_uri: https://github.com/icoretech/omniauth-facebook2
+  bug_tracker_uri: https://github.com/icoretech/omniauth-facebook2/issues
+  changelog_uri: https://github.com/icoretech/omniauth-facebook2/releases
+  rubygems_mfa_required: 'true'
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.2'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.9
+specification_version: 4
+summary: OmniAuth strategy for Facebook OAuth2 authentication.
+test_files: []