URLs and Callbacks guide


I'm having trouble setting up OneAll on our staging site which is a bit more strict than my local development environment.

I've autodetected API Communication and verified the API Settings. All is green in the settings page.

I go to the login page and the oneall icons are there. When I click one, Facebook for example, the popup appears I'm presented with the fb form. I fill up the form and I get the 'You have logged in via Facebook message.' Then I get redirected to the homepage and I'm not logged in.

The expected behavior is I get redirected to the account creation page.

Our theory is that the server is too strict so here's what we did.

So currently I can see that the the drupal site calls https://[subdomain].api.oneall.com. and Oneall calls back from https://[subdomain].api.oneall.com to https://mydrupalsite.com/social_login/callback.
We allowed outgoing calls via 80 and 443 and allowed incoming calls from the IP of https://[subdomain].api.oneall.com.

I've been trying to find a page in your guides related to the related to making a login attempt using the Drupal 8 module.

Is this using the standard https?
Are there any other callback urls related to this?

I haven't seen any logs in Drupal so I'm a bit lost. :(

Best Answer

  • Claude_SchlesserClaude_SchlesserAdministratorOneAll Team
    edited June 2018 Answer ✓


    if you have no $_POST data, then you might have installed a Drupal module (e.g. Security Kit) which blocks offsite POST requests from our API to your server. Please check the settings of the security plugin and whitelist the following domain for offsite requests:




Please sign in to your OneAll account to ask a new question or to contribute to the discussions.

Please click on the link below to connect to the forum with your OneAll account.