I have a website that uses the Facebook Login feature successfully and it still works as we speak. But I want to use the same facebook app on another website using the same keys etc...
But for some reason, even though I have added the correct URI's into the OAuth part of the Facebook page, I still get:
URL blocked: This redirect failed because the redirect URI is not
white-listed in the app's client OAuth settings. Make sure that the
client and web OAuth logins are on and add all your app domains as
valid OAuth redirect URIs.
Does anyone have any ideas on where I can start to find out why Facebook isn't accepting these new urls?
Okay, it seems to be working now - perhaps was a timing issue which was wierd because it updated straight away on previous sites.
Thanks again for the help though WizKid!
Related
I know that this question have been asked before, but my scenario is a bit different. I'm trying to implement login with facebook feature into my website, which has SSL, but when I attempt to login I get an error message:
Insecure Login Blocked: You can't get an access token or log in to this app from an insecure page. Try re-loading the page as https://
Ideas?
This solution was tested on a django application using Facebook OAuth
NOTE
my site already had SSL and is accessible via https
But when trying to login using Facebook OAuth i get the above error (Insecure Login Blocked)
My Solution
all i had to do was to set ( this configuration is done within application setting :: settings.py )
ACCOUNT_DEFAULT_HTTP_PROTOCOL = 'https'
helpful link
which literally means
use *https* instead of the default *http* when trying to login using social account e.g Facebook
Then i also set Valid OAuth Redirect URIs on facebook login settings to https://redirect_url.com
For non django application
If you're not using django, i believe there should be a base configuration file, where all your configurations for the application are done (it might be same file where you've configured your application to use social authentication).
Whatever library you're using to enforce social authentication, search for how you can allow redirect to be done via https instead of the default http and then add it to your application's configuration file.
I hope this helps someone save some time
The instructions from Janrain for social login provider setup conflict with the hint within the error message from the Facebook https response. Details follow.
Error screen when testing Facebook from Janrain; note that same error happens in any browser such as Firefox, Chrome if you test the sign-in widget.
Error Text from Facebook:
App domains must match the domain of the Facebook Web Games URL (https), Mobile Site URL, Unity Binary URL, Site URL or Secure Page Tab URL.
Please correct these domains: (snip).
Based on the hints from the Janrain Facebook Provider Setup wizard, I have set the website to the URL on rpxnow (i.e. definitely not my web site).
What URL(s) should then be entered into Basic and/or Advanced Settings such that Facebook can process the login? I have tried using the rpxnow URLs and my own web site URLs. Either of 2 things happens regardless of whether I include https:// or start from the subdomain of any combination of names. Either Facebook will not save the details on Basic App Domain and gives the above error, or Facebook will save the details but then gives the error in the first screenshot above.
I do not see how this can ever work because Facebook wants a match on the domain and rpxnow will never be the domain that I use to invoke the sign-in.
For completeness, I will show my Facebook settings, so it will be obvious that they do not match the current Janrain Setup Guide for Facebook.
Basic Settings
Is the Namespace relevant? Better to leave blank? Does it need to match something within Janrain?
Advanced Settings
I could believe that something has to be done to allow cross-domain access. Does anyone have this working with a new Janrain account (3 weeks old) and a new Facebook developer account (old Facebook account, new developer app)?
Replying as an answer so I can attach a picture.
I have a feeling this might be something to do with Facebook's impending changes to their app security (https://developers.facebook.com/blog/post/2017/12/18/strict-uri-matching/ ). It appears that you need to add the Valid OAuth redirect URI for any new API v2.11 apps now (not after March). We were already planning to address this before March but we will have to update sooner.
For your Facebook app you will have to set up the "Valid oAuth redirect URIs" similar to the following screen shot, just replace "pbjanraintest" with whatever your Engage app name is:
Sorry for all the trouble you have had. It's hard to keep up with these providers when the messaging doesn't align with what their apps and api's are actually doing.
I just received the same error this week. Leave off the https:// in the OAuth redirect URIs box.
Ok, I am looking to make some updates to my (running for some months now) Facebook app. I have a test app I created for it for it. The appId and appSecret are set correctly. I have put the domain of my test server into "App Domains". I have added my IP address to the "Server IP Whitelist." I am currently logged into Facebook as the app owner. But I am getting the dreaded:
URL Blocked: This redirect failed because the redirect URI is not whitelisted in the app’s Client OAuth Settings. Make sure Client and Web OAuth Login are on and add all your app domains as Valid OAuth Redirect URIs.
I can find no place on the App management screens that reference OAuth - I haven't looked here for a long time, because the app has been running well.
At this point, all I'm trying to do is get the Login button to show, hoping
that getting past that will set me up.
Any ideas? Suggestions?
thanks...
The app I'm building is going to have multiple parts over various subdomains, i.e. front-end "domain.ca", and api would be "api.domain.ca". In the facebook app settings we set the domain as "domain.ca", and the website url as "http://domain.ca", it says it would allow all subdomains access as well.
When I try to use the auth on "api.domain.ca", I get "Given URL is not allowed by the Application configuration: One or more of the given URLs is not allowed by the App's settings. It must match the Website URL or Canvas URL, or the domain must be a subdomain of one of the App's domains."
How can I make this work? We want the user to be able to use the login on the front side, and pass the access_token to the api side to check if the user exists, or create a new user and attach the social login.
Any help would be greatly appreciated.
Thank you to Periklis Koutsogiannis who posted an answer to my question on the Facebook Developer Community page: "You may fill the Valid OAuth redirect URIs under Client OAuth Settings in Settings/Advanced." This solved the issue.
We have an fb canvas made from .net mvc that works well via desktop but it doesn't work well in mobile app. We send request then if someone on fb mobile tap on request and opens up the web app, the signed_request returned is different than the desktop counterpart. The payload is missing and it seems shorter than the desktop's. I'm trying to read it as "code" and try getting auth token via https://graph.facebook.com/oauth/access_token?client_id=xxxx&code=[code]&redirect_uri=???. The problem with this is I don't know what the redirect_uri supplied or maybe it's not a code.
Can you guys help me with this or there's no other way but once they click request via mobile app we have them relogin in our web app to grab their fbuserid? And if there's another approach in handling mobile app requests.
Mobile Web URL and the signed_request
This is already outdated so maybe there's a solution already.
Thank you
I'll answer my own question. What you can do is add an extra authorization in your login flow when then access your canvas url via facebook mobile app. You send them to
https://graph.facebook.com/oauth/authorize?client_id=
passing the redirect uri and scope then grab the new generated "code" param and grab the aut token via graph api. Then you can access their facebook detail as you would normally. I've read answers like there's no signed request in mobile web and approach it differently without stating what that approach is. Hope someone can be helped by this answer.
Thanks