How to Solve Facebook Strict Mode to work with Open edX Eucalyptus

Eucalyptus

Are you using Facebook Login on your Open edX Platform? If yes, you might face a problem when users can’t login with Facebook like they used to be.

It is a decision from facebook to force Strict Mode to be enabled on all Facebook Login Product. Strict Mode means that Redirect URI that used by the applications should be the same URI that registered on the Facebook Login settings.

Here’s the update from Facebook:

Facebook will enforce redirect uri for apps:
In 35 days, we're making a security update to Facebook Login that will invalidate calls from URIs not listed in the Valid OAuth redirect URIs field of your Facebook Login settings.

This update comes in response to malicious activity we saw on our platform, and we want to protect your app or website by requiring a new strict mode for redirect URIs. Take action now to ensure your redirect traffic continues to work.

Open edX are using Python Social Auth library to connect and authenticate with various of third party authentication services, including Facebook.

So, why this is effecting our Open edX Platform?

When we use the Python Social Auth Library, the redirect URI becoming dynamic and of course it won’t be match with the Redirect URI which registered on Facebook Login Settings.

Strict Mode will be forced to be Enabled by Facebook

For Example our domain is www.domain.com by default the redirect URI will be generated is (if not custom) www.domain.com/auth/complete/facebook/?redirect_state=<generated>&client_id=<your_client_id>

The problem is that the generated redirect_state will be dynamic, and it won’t be match with the registered Redirect URI.

The issue will be solved when we are updating our social-core library from Python Social Auth. But since we are using an older version of Open edX we decide not to upgrade the social-core. Instead, we are forcing the Facebook Backend to disable creating redirect_state when requesting authentication to Facebook.

You may need to fork the social-core library from the same version that running on your Open edX.

The only changes that we need to apply is by adding REDIRECT_STATE = False inside the FacebookOAuth2 Class. Which is located on backends/facebook.py file.

After apllying the patches, we need to make sure the Redirect URI that we register is www.domain.com/auth/complete/facebook/

Voila!!! your Facebook authentication should be work now so you can enjoy using the Open edX Platform.

If you need help about Open edX, Valutac is delivering Custom Software Development and Open edX customization based on your needs. We are full of Open edX and ready to serve you with powerful E-Learning Platform.

Editor: RA