Environment
Social Authentication class enabled at Identity Server
Users login via Facebook accounts
Situation
Facebook appear to have updated the OAuth APIs and changed the permission management, which may be causing the issue.Looking at the IDP catalina.out details we can see the following exception:
<amLogEntry> 2015-09-02T15:04:47Z VERBOSE NIDS Application: Executing authentication method Facebook-PrototipoLabAngular </amLogEntry>
<amLogEntry> 2015-09-02T15:04:47Z WARNING NIDS Application: org.brickred.socialauth.exception.SocialAuthException: Error in url : https://graph.facebook.com/oauth/access_token?client_id=753355984762401&redirect_uri=https%3A%2F%2Fnamx.corp.netiq.net%2Fnidp%2Fjsp%2Fsocialauth_return.jsp&client_secret=4de81271c838c842b5253f2793&code=AQCGzhYaFJpYrFqwFO_bNO0VwjtKnu-N7XNTgZa7RQ5F-lp7DiExWabOJgirDCFFREKD4D-UIE9xXRJ09JYLGZAsa8OcryT4wlfTqHZQeHilKfkLnWUNPkuE_G_jP3aO-rBvqvVlgoLtRBku1EvMrpYd5JFN8KvYV1Rphs4J5NjvdwymfVrZsC87L8zi-ji4V5OVrTCmrUdL9hxpn1xK2kKwjQAaUmDSs2HMo_O_ayWNNfBPi0E013bZl-TESzQLmwYhHa1935M3DcwUxs4RERIIil_Uqr7D3uc-z5bCttdBs79vBYE2EHehu721bSOKXJDfG6OeRpq2KQAJ8XFmmLSf&grant_type=authorization_code
OAuth2.java, Line: 175, Method: verifyResponse
OAuth2.java, Line: 102, Method: verifyResponse
FacebookImpl.java, Line: 188, Method: doVerifyResponse
FacebookImpl.java, Line: 178, Method: verifyResponse
SocialAuthManager.java, Line: 184, Method: connect
y, Line: 2584, Method: F
y, Line: 2675, Method: E
y, Line: 618, Method: doAuthenticate
y, Line: 1650, Method: authenticate
y, Line: 1639, Method: A
Fiddler also shows that thestatus returned includes the following message:
error_message Invalid Scopes: publish_stream. This message is only shown to developers. Users of your app will ignore these permissions if present. Please read the documentation for valid permissions at: https://developers.facebook.com/docs/facebook-login/permissions
Resolution
Fix will be included in 4.2.