We are running Facebook ads and need the fbclid in the URL parameters of the landing page. Desktop traffic is fine but mobile traffic does not have the fbclid in the URL or the fbc cookie.
I am aware that the cookie fbc is the fbclid. I used a simple script to get that value and add it as a parameter, but that cookie doesn't seem to be present at document.cookie in mobile traffic either.
Is there another place this could be? Is there a Facebook ad setting I need to change to ensure we can access the fbclid?
Any help on this would be amazing. Thank you in advance.
I worked at FB and now am a consultant doing these types of integrations.
FBC is currently not being passed through Facebook's in-app browser. It is still accessible in Chrome (on Android). So if you're opening Facebook in Chrome and clicking a link FBC should be present.
Related
I have a website that uses the Facebook Login feature successfully and it still works as we speak. But I want to use the same facebook app on another website using the same keys etc...
But for some reason, even though I have added the correct URI's into the OAuth part of the Facebook page, I still get:
URL blocked: This redirect failed because the redirect URI is not
white-listed in the app's client OAuth settings. Make sure that the
client and web OAuth logins are on and add all your app domains as
valid OAuth redirect URIs.
Does anyone have any ideas on where I can start to find out why Facebook isn't accepting these new urls?
Okay, it seems to be working now - perhaps was a timing issue which was wierd because it updated straight away on previous sites.
Thanks again for the help though WizKid!
The instructions from Janrain for social login provider setup conflict with the hint within the error message from the Facebook https response. Details follow.
Error screen when testing Facebook from Janrain; note that same error happens in any browser such as Firefox, Chrome if you test the sign-in widget.
Error Text from Facebook:
App domains must match the domain of the Facebook Web Games URL (https), Mobile Site URL, Unity Binary URL, Site URL or Secure Page Tab URL.
Please correct these domains: (snip).
Based on the hints from the Janrain Facebook Provider Setup wizard, I have set the website to the URL on rpxnow (i.e. definitely not my web site).
What URL(s) should then be entered into Basic and/or Advanced Settings such that Facebook can process the login? I have tried using the rpxnow URLs and my own web site URLs. Either of 2 things happens regardless of whether I include https:// or start from the subdomain of any combination of names. Either Facebook will not save the details on Basic App Domain and gives the above error, or Facebook will save the details but then gives the error in the first screenshot above.
I do not see how this can ever work because Facebook wants a match on the domain and rpxnow will never be the domain that I use to invoke the sign-in.
For completeness, I will show my Facebook settings, so it will be obvious that they do not match the current Janrain Setup Guide for Facebook.
Basic Settings
Is the Namespace relevant? Better to leave blank? Does it need to match something within Janrain?
Advanced Settings
I could believe that something has to be done to allow cross-domain access. Does anyone have this working with a new Janrain account (3 weeks old) and a new Facebook developer account (old Facebook account, new developer app)?
Replying as an answer so I can attach a picture.
I have a feeling this might be something to do with Facebook's impending changes to their app security (https://developers.facebook.com/blog/post/2017/12/18/strict-uri-matching/ ). It appears that you need to add the Valid OAuth redirect URI for any new API v2.11 apps now (not after March). We were already planning to address this before March but we will have to update sooner.
For your Facebook app you will have to set up the "Valid oAuth redirect URIs" similar to the following screen shot, just replace "pbjanraintest" with whatever your Engage app name is:
Sorry for all the trouble you have had. It's hard to keep up with these providers when the messaging doesn't align with what their apps and api's are actually doing.
I just received the same error this week. Leave off the https:// in the OAuth redirect URIs box.
We have an fb canvas made from .net mvc that works well via desktop but it doesn't work well in mobile app. We send request then if someone on fb mobile tap on request and opens up the web app, the signed_request returned is different than the desktop counterpart. The payload is missing and it seems shorter than the desktop's. I'm trying to read it as "code" and try getting auth token via https://graph.facebook.com/oauth/access_token?client_id=xxxx&code=[code]&redirect_uri=???. The problem with this is I don't know what the redirect_uri supplied or maybe it's not a code.
Can you guys help me with this or there's no other way but once they click request via mobile app we have them relogin in our web app to grab their fbuserid? And if there's another approach in handling mobile app requests.
Mobile Web URL and the signed_request
This is already outdated so maybe there's a solution already.
Thank you
I'll answer my own question. What you can do is add an extra authorization in your login flow when then access your canvas url via facebook mobile app. You send them to
https://graph.facebook.com/oauth/authorize?client_id=
passing the redirect uri and scope then grab the new generated "code" param and grab the aut token via graph api. Then you can access their facebook detail as you would normally. I've read answers like there's no signed request in mobile web and approach it differently without stating what that approach is. Hope someone can be helped by this answer.
Thanks
If you have the Save Surfing setting in your account settings in Facebook set to unsecured, you notice you use Facebook via HTTP. Of course if you set it to On, you surf via HTTPS.
Now all Facebook apps are using HTTPS since Facebook doesn't allow apps to use HTTP since October 2011. But if a user (with no HTTPS on their Facebook account) wants to visit the Secured HTTPS App it just gives an empty page.
Is this a bug from Facebook, or?
Now all Facebook apps are using HTTPS since Facebook doesnt allow apps to use HTTP since October 2011.
That’s not true.
All canvas/page tab apps must offer the option to be accessed via HTTPS – but should offer HTTP as well.
But if a user (with no HTTPS on there Facebook account) wants to visit the Secured HTTPS App it just gives an empty page. Is this a bug from Facebook, or?
No, this is an error on your (resp. the app developers) part – in the app settings, there should be URLs set for both HTTP and HTTPS.
If that’s the case, then a user browsing Facebook via HTTP has no problem accessing the app as well.
I've set up my FB app so that it has a Mobile Web URL component. I've noted from testing that whenever I navigate to canvas URL of my app on a mobile device, Facebook automatically redirects the mobile to the defined Mobile Web URL.
If I do the same from desktop, the canvas URL is loaded in to the browser. In other words, if FB detects a mobile device when navigating to an app's canvas URL, it will immediately redirect to a defined Mobile Web URL and not load the canvas URL content.
The problem with this is that when the canvas URL loads, FB passes to it a signed_request form parameter. Yet, when it redirects to the Mobile Web URL it does not.
I noticed when checking a network sniffer that when on mobile Facebook redirects the app.facebook.com URL to m.facebook.com, and thought perhaps the signed_request was getting lost along the way. But when checking the first call to the canvas URL there was no signed_request there either.
It's like Facebook only provides the signed_request when it processes the canvas URL, which in the case of mobile is never.
Has anyone any insight or advice on how to get the signed_request? My only thought at the moment is forcing the user to authorise the app on mobile as soon as they are redirected, but i'd rather not do that if possible (I'm not a fan of gating techniques)
Cheers
Lee
--- EDIT ---
Closing - see my answer.
I've since come to the conclusion that Mobile URLs do not receive the signed_request, and to get the same sort of data requires the users to be put through the FB Auth process. Closing the question.
Your mobile app should be passed a "code" in the query string if the person has authorized your app. Your backend can exchange that code for an access_token and then you can use that to get the current user info by requesting https://graph.facebook.com/me?access_token=[token retrieved from code exchange]. That will allow you to automatically login the current user.
But yes, you do not receive info like the current user's country, locale, and age if they have not authenticated. That is a limitation of mobile web apps currently.