2 weeks ago we received a message on developers.facebook.com about our app appears to be creating a negative experience on Facebook, and it violate the privacy policy of Facebook.
We recived an email with the same info, and 4 paragraph which countained that we need to check the Facebook documentation, and we should try to search the issue on stackoverflow, etc.
I checked the GDPR fields (I am in EU) and my used and already approved permissions with my code. BTW my approved items: email and default. I need this permission, because I have a login system on my website - so we have a need for the name, email and avatar of the user and for this data to be saved in our database.
I had an alert previously about OAuth redirect URIs or enabled Strict Mode validation. I filled the OAuth field with a valid url and I enabled "Strict Mode for Redirect URIs".
After I submitted an app review.
And now, the Facebook restricted our app and we don't have any clue where to look for the error.
To login I requested data: public_profile, email.
auth_type: rerequest
response_type: code granted_scopes
redirect uri: mywebpage.tld/get_facebook_profile
In Facebook login settings page:
Client OAuth Login: yes
Web OAuth Login: yes
Force Web OAuth Reauthentication: no
Use Strict Mode for Redirect URIs: yes (and now it's unchangeable)
Enforce HTTPS: yes (unchangeable too)
Embedded Browser OAuth Login: no
Valid OAuth Redirect URIs: filled with a valid url, and yes, I use https
Login from Devices: no
If I copy the Valid OAuth Redirect URIs to Redirect URI Validator field and if I click "Check URI", I get a message about my URI is valid.
I'm thinking.
The "Deauthorize Callback URL" and "Data Deletion Request URL" field are empty and I think it is not required. The Facebook maybe restricting us about this? Or we need a higher user permissions, because we store user data?
Anyway and seriously, where do we get the information about why facebook restricted our app on Facebook, if Facebook refuses to help and dont give any technical information?
It was solved. The "Deauthorize Callback URL" and the "Data Deletion Request URL" is required in EU, because we have GDPR oc.
Related
I use OAuth2 login through the Facebook social network for users on the website.
Is it still possible to get the certain user's Facebook profile URL after login(for example by accessToken) or Facebook hides this information right now(after incidents with data leaks) and it is impossible?
It is, if the user grants permission.
You need to ask for user_link permission on login, and then you can request the link field of the user object – that will return a URL that can be used in a browser, to redirect to the actual profile.
This URL contains some form of token, and likely has limited validity - so you should not store those for long-term use, but rather request a “fresh” one when it is needed.
https://developers.facebook.com/docs/facebook-login/permissions#reference-user_link
I really have problem with Facebook. The old application don't require Valid OAuth redirect URIs, today, I have a problem with this app and remove it. I created again. I have two problem is:
Facebook Login not accept http protocol (resolved).
Facebook Login require Valid OAuth redirect URIs (current question)
My URL is: https://sharengay.com/anlink/
When click button Login it show error like:
Can't Load URL: The domain of this URL isn't included in the app's domains
The URL when click button login is:
https://www.facebook.com/v2.10/dialog/oauth?client_id=2165341230417089&state=4bd285b45a9d3fdba98d894cb2fc7efc&response_type=code&sdk=php-sdk-5.5.0&redirect_uri=https%3A%2F%2Fsharengay.com%2Fanlink%2Flogin.php&scope=public_profile%2Cuser_friends
I was add in Valid OAuth redirect URIs is:
Sorry about language, I add three values:
https://sharengay.com/anlink
https://sharengay.com/
https://sharengay.com/anlink/layouts/Social/Connector/SocialLogin.ashx?type=access
I don't have experience with Facebook OAuth. I think I lost URL, so Facebook show this error.
I'm using meter version 1.3.2.4
Facebook has announced that Valid OAuth redirect URIs must be included for apps using their service starting in March.
"In March, we're making a security update to your app settings that will invalidate calls from URIs not listed in the Valid OAuth redirect URIs field below.This update comes in response to malicious activity we saw on our platform, and we want to protect your app or website by requiring a new strict mode for redirect URIs."
I am adding what is the correct OAuth redirect URI for my application http://myapp.com/_oauth/facebook?close
After adding this redirect URI though I'm getting an error when trying to login:
Not Logged In: You are not logged in. Please login and try again.
Any ideas here?
I'm working with a contest platform and am trying to get it to where and individual can create an account via Facebook.
The biggest issue I'm running into is that whenever I enter the domains into the App Domains portion I receive this:"App domains must match the domain of the Secure Canvas URL, Mobile Site URL, Unity Binary URL, Site URL, or Secure Page URL. Please correct these domains:"
Additionally, when I attempt to test the Facebook login button, I receive this error message in the pop-up:"URL Blocked: This redirect failed because the redirect URI is not whitelisted in the app’s Client OAuth Settings. Make sure Client and Web OAuth Login are on and add all your app domains as Valid OAuth Redirect URIs."
I've inquired with the Support Team from the contest platform and was informed of this:
"We had the Engineers look at this issue on your site and it looks like the configuration in facebook might not be correct.
What you need to make sure of is that facebook login authentication is enabled for the Website (Web) then only it will work.
The app domain:------
Contact email: your email address
Then in the Website section
Site url:------"
I can't seem to locate where the "Site URL" section is that I need to be putting in a url. I've put in the OAuth Client Redirect URLs...maybe they aren't correct?
Need some major help here.
In my facebook app I need to authenticate users on a different domain (not facebook.com), for example xxx.facebook.com, is it possible?
Yes, it is possible, only IF facebook endorse it.
For example when we log in the Developers.facebook.com.
Each domain is a child of facebook which mean that you need to have approval by Facebook to create a sub-domain.(well you won't create it but they will)
a little bit of search in the dev section resulted in this,
User authentication and app authorization are handled at the same time by redirecting the user to our OAuth Dialog. When invoking this dialog, you must pass in your app id that is generated when you create your application in our Developer App (the client_id parameter) and the URL that the user's browser will be redirected back to once app authorization is completed (the redirect_uri parameter). The redirect_uri must be within the same domain as the Site URL you specify in Web site tab of the Developer App:
https://www.facebook.com/dialog/oauth?
client_id=YOUR_APP_ID&redirect_uri=YOUR_URL
If the user is already logged in, we validate the login cookie that we have stored on the user's browser, authenticating the user. If the user is not logged in, they are prompted to enter their credentials:
Hope this help