OmniAuth with Facebook failing in development

Question

does anybody have experience with OmniAuth & Facbeook? I just moved from using a hardcoded app id & secret key in my application, to the ENV['FACEBOOK_APP_ID'] method. I know that these values are correct, since when I try to log in to my app I get the permissions dialog for the correct app, but then when Facebook redirects back to my app in development mode, I get the error "Authentication error: Invalid credentials".

In production, however, everything works fine against the production version of the Facebook app settings.

# initializers/omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
  provider :facebook, ENV['FACEBOOK_APP_ID'], ENV['FACEBOOK_APP_SECRET'], :scope => 'email,offline_access,user_work_history'
end

#sessions_controller.rb
class SessionsController < ApplicationController
  def new
    redirect_to '/auth/facebook'
  end

  def callback
    auth = request.env["omniauth.auth"]
    logger.info auth.inspect
    user = User.where(:provider => auth['provider'], :uid => auth['uid']).first || User.create_with_omniauth(auth)
    session[:user_id] = user.id
    session[:token] = auth['credientials']['token']
    redirect_to root_url, :notice => "Signed in!"
  end

  def destroy
    session[:user_id] = nil
    # current_user = nil
    # request.env['omniauth.auth'] = nil
    redirect_to root_url, :notice => 'Signed out!'
  end

  def failure
    logger.info request.inspect
    redirect_to root_url, :alert => "Authentication error: #{params[:message].humanize}"
  end

  def auth; request.env['omniauth.auth'] end
end

#user.rb
  # Authentication Stuff
class User
  include Mongoid::Document
  include Mongoid::Timestamps
  # ...
  def self.create_with_omniauth(auth)
    begin
      create! do |user|
        user.provider = auth['provider']
        user.uid = auth['uid']
        if auth['info']
          user.name = auth['info']['name'] if auth['info']['name'] # Twitter, Google, Yahoo, GitHub
          user.email = auth['info']['email'] if auth['info']['email'] # Google, Yahoo, GitHub
        end
        if auth['extra']['raw_info']
          user.name = auth['extra']['raw_info']['name'] if auth['extra']['raw_info']['name'] # Facebook
          user.email = auth['extra']['raw_info']['email'] if auth['extra']['raw_info']['email'] # Facebook
          user.employer = auth['extra']['raw_info']['work'][0]['employer'] if auth['extra']['raw_info']['work'] # Facebook
        end
      end
      rescue Exception
      raise Exception, "cannot create user record"
    end
  end
end

Then this happens:

Started GET "/auth/facebook" for 127.0.0.1 at 2011-11-26 11:53:38 +0200

Started GET "/auth/facebook/callback?code=AQBapjqIJixqmSxjj-i61WJtJN-ncCBUM_mPyhunqY4esQsaX7wiU794wMSOWT6oRJ0TMl-N5eqNh2MHuap0Oey4i6ef0F8281zQ6V1Vhct3g" for 127.0.0.1 at 2011-11-26 11:53:40 +0200

Started GET "/auth/failure?message=invalid_credentials" for 127.0.0.1 at 2011-11-26 11:53:42 +0200
  Processing by SessionsController#failure as HTML
  Parameters: {"message"=>"invalid_credentials"}
Redirected to http://localapp.dev/
Completed 302 Found in 1ms

Have any idea what I'm missing? I should stress that the only change that I made before this bug was that instead of having provider :facebook, "XXXXXX", "XXXXXXXXXXXXXXX" in my ombiauth.rb initializer, I made it get those values from ENV

-Avishai

# Gemfile
source 'http://rubygems.org'

gem 'rails', '3.0.9'
gem "airbrake"
gem "bson_ext"
gem "mongoid", ">= 2.0.2"
gem "omniauth", "~> 1.0"
gem "omniauth-facebook"
gem "carrierwave", "0.5.4"
gem 'carrierwave-mongoid', :require => 'carrierwave/mongoid'
gem "geocoder"
gem 'will_paginate'
gem "rmagick"
gem "jquery-rails"
gem "mongoid-history"
gem "mongoid-rating"    
gem "flash_cookie_session"
group :development, :test do
    gem "ya2yaml"
    gem "chronic"
end

Answer 1

As Karmajunkie was saying, you have to define your credentials in a Facebook.yml file to include:

production:
  app_id: '12341234etcetcetc'
  secret_key: '123456788etcetcetc'
  callback_url: http://your_app_url.heroku.com/

Answer 2

Are you actually defining ENV[...] in your local app? That's typically what you do when deploying to heroku, but if you forget to set the variables locally as well they won't be there when you run your dev version.