Edit:
The problem cause is explained here: http://stackoverflow.com/a/4152929/3994249.
Because facebook authentication middleware redirects to http://facebook.com/dialog/oauth but that happens inside the frame facebook doesn't allow it.
I have to redirect to my app instead and do a manual redirect of the whole page like this:
window.location.top = http://facebook.com/dialog/oauth
So this means I can't use facebook authentication middleware right?
I want to build a facebook canvas app following this tutorial http://bitoftech.net/2014/08/11/asp-net-web-api-2-external-logins-social-logins-facebook-google-angularjs-app/.
I setup Owin middleware like so:
facebookAuthOptions = new FacebookAuthenticationOptions()
{
AppId = "yyy",
AppSecret="xxx",
Provider = new FacebookAuthProvider()
};
app.UseFacebookAuthentication(facebookAuthOptions);
I open the app inside facebook canvas,
The login flow starts with a redirect to:
`http://myAspHost.com/api/Account/ExternalLogin?provider=Facebook&response_type=token&redirect_uri=http://apphost.com/#/facebookLogin`
Next owin middleware redirects to
`https://m.facebook.com/v2.0/dialog/oauth?redirect_uri=..`
at this point I get this error:
Refused to display
https://m.facebook.com/v2.0/dialog/oauth?redirect_uri=https%3A%2F%2Fmokey.g…aflc3C0HH8K2YtybGZmvE3kPRj&scope&response_type=code&client_id=283844071359'
in a frame because it set 'X-Frame-Options' to 'DENY'.
If I visit this url in a seperate tab, facebook dialog shows fine, and I can login successfully to the app.
The error occurs when I open my app in facebook canvas frame.