I got a notification from Facebook saying that they will invalidate calls from URIs not listed in the Valid OAuth redirect URIs this coming March 2018 and I think they are requiring us to Enable Strict Mode for Redirect URIs. Link about this can be found here.
I have been using their PHP SDK with Strict Mode disabled for a year now without any problem however when I do enable strict mode and place there the redirect url which is: https://nino-dot-dynamic-osprey-93721.appspot.com/admin/fb-callback_admin.php - it returns an error as seen below each time I try to Login with Facebook:
Graph returned an error: Can't Load URL: The domain of this URL isn't included in the app's domains. To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings.
Note that I'm simply using FB's default PHP SDK Login code (https://developers.facebook.com/docs/php/howto/example_facebook_login) which have login.php and fb-callback.php links and I'm not using any custom OAuth workflows.
I noticed that the redirect URL generated contains the code and state parameters:
site.com/admin/fb-callback_admin.php?code=somecode&state=somestate
I think this is the reason why I'm getting the error because it only expects a redirect URL of https://nino-dot-dynamic-osprey-93721.appspot.com/admin/fb-callback_admin.php without any trailing parameters.
How do you guys think of getting around this issue of Enabling Strict Mode given that the response of the redirect URL through the below code:
$helper = $fb->getRedirectLoginHelper();
$permissions = ['email']; // Optional permissions
$loginUrl = $helper->getLoginUrl('https://nino-dot-dynamic-osprey-93721.appspot.com/admin/fb-callback_admin.php', $permissions);
echo htmlspecialchars($loginUrl);
is generated from FB's PHP SDK by default?
Change
$accessToken = $helper->getAccessToken()
to
$accessToken = $helper->getAccessToken('http://www.example.com/admin/fb-callback_admin.php');
I had the same issue and found this answer in this thread, which seems to resolve the problem for me:
Graph returned an error: Can't Load URL: The domain of this URL isn't included in the app's domains
Not sure why this works, though, but glad it did.
I was facing the same issue, Actually, this comes from the facebook graph sdk.
I got this information from here
Also, a quick and dirty change that seemed to fix this error for me
was adding 'code' to the list of params to remove in
FacebookRedirectLoginHelper
later facebook itself released the updated package which seems fixed the issue.
make sure you have the latest version of facebook-graph-sdk at the time of this answer, the version is 5.6.2
Related
I am at this step in getting my app started in the documentation:
https://developers.facebook.com/docs/appsonfacebook/tutorial/#auth
In there is a code block that (supposedly) forwards the user to a request dialog asking permission to access certain bit of information about them. I've placed this code block into the PHP script that my canvas URL points to, and changed the $app_id and $canvas_page to my application ID and canvas URL respectively. Instead of getting the expected dialog, I receive this following error from facebook:
"An error occurred. Please try again later."
No other details about the error are present. I've tried some variations of the script, and have even tried loading up this URL directly just to see if that would work. Note that I've replaced YOUR_APP_ID and YOUR_CANVAS_PAGE with the appropriate values and made sure that spelling and/or punctuation are correct:
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_CANVAS_PAGE&scope=email,read_stream
For the redirect URL, I've tried prepending it with http://, https://, and no prefix at all. All with the same result.
My question: is the example in the documentation broken, or is the oauth link provided in the documentation currently down? The vague nature of the error is somewhat frustrating since I can't tell if it's something I'm doing wrong or if it's facebook's oauth function that's at fault.
So, the problem was that instead of using the numeric application ID that facebook assigned for me when I originally created the app as the YOUR_APP_ID parameter in the OAuth URL, I was using the application namespace string. Facebook didn't understand this sort of request, and returned the generic error message.
Once I used the numeric app ID, the OAuth dialog popped up to ask permission to access my account, as expected.
I have a web application which is configured as a canvas web application in facebook and also has provided a mobile url where mobile specific page is served from the web server. Application has been running for about 3 months and starting last week (I believe the issue started last week, there was no application deployment for the last 3 months ) when I access the application from my android phone , from the apps short cut in the native android facebook application , facebook throws the below error
API Error Code:196
API Error Description: Cannot redirect to desktop web canvas URL on a mobile device.
Error Message : redirect_uri is not owned by this application.
I can see that the request is coming to my web server and after I send the redirect url to the mobile, it throws the above error.
Since there was no code changes, I'm a bit confused about this new error, and googling this api error number didn't return any hits except for one japanese website where someone has mentioned about this error last week, but don't see any solutions.
The error message "cannot redirect to desktop web canvas..." seems to be sort of self explanatory but I can't figure out what is wrong , especially since the samething was working before, unless FB has changed any of their code which introduced a new issue or exposed an existing issue in my application configuration.
Lost 1 day on this, tried to read 2 Japanese (untraslated) blogs.. Then I figured it out my way!
In the app settings, do NOT enter the same url for the mobile app!
example:
normal canvas or website url:
https://www.stackoverflow.com/
(which will automatically bring you to https://www.stackoverflow.com/index.php)
mobile url: https://www.stackoverflow.com/mobile/
(which will automatically bring you to https://www.stackoverflow.com/mobile/index.php)
then make a "mobile" folder in your hosting root folder.
Now the only difference in the mobile folder will be the redirect uri.
I am using an url redirect, which is what facebook suggests.
https://developers.facebook.com/docs/reference/dialogs/oauth/
CRITICAL: make sure your redirect uri is not the canvas address but the webserver address!
wrong redirect uri: https://apps.facebook.com/mobile/yourappname/
correct redirect uri: https://yourwebsite.com/mobile/
this will make facebook think that it's an ad hoc mobile website! And everything will work as expected!
I had the same problem, and I solved it not set "redirect_uri" param, like this.
$url = $facebook->getLoginUrl(array(
'scope' => 'xxxx, xxxx, xxxx',
'display' => 'touch'
));
As you know, we can put "Canvas Page URL" value like
http://apps.facebook.com/[your app name space]
to "redirect_uri" param before, but I guess the spec of the param was changed at the middle of the last week.
I got a same error, "API Error Code:196".
Visit my page.
http://nobish.jp/facebook/app-install-api-error-code-196.html
I've been searching for the answer for days and I haven't been successful so I finally post to ask.
I'm developing a facebook app locally (it says I can develop locally in the guide) and having an issue when trying to authorize the app.
The following is the error msg I get when I direct to http://www.facebook.com/dialog/oauth?client_id=MY_APP_ID&redirect_uri=https://apps.facebook.com/MY_APP_NAME
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Error
An error occurred with Footmarker. Please try again later.
API Error Code: 191
API Error Description: The specified URL is not owned by the application
Error Message: Invalid redirect_uri: Given URL is not allowed by the Application configuration.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Canvas URL & Site URL : http://localhost:8888/app/
I'm using EasyPHP hence port 8888. I tried changing port number to 80(default), 8080(one used in facebook guide) and no success.
I don't know if it's EasyPHP that causes the problem or simply I'm doing something wrong.
This thing drives me crazy. Help much appreciated. Thanks.
in this url: http://www.facebook.com/dialog/oauth?client_id=MY_APP_ID&redirect_uri=https://apps.facebook.com/MY_APP_NAME
You have to set redirect_uri=http://localhost:8888/app and authorize the localhost domain in your facebook app's settings (in the App domains field).
The Site URL & Canvas URL are used to check if the redirect_uri is not set to another URL for security reasons but the standard specify redirect_uri so they've let this parameter.
It's for this kind of error I built OAuth.io. We don't want more developers like you with a headache using OAuth.
using it is really easy:
OAuth.popup('facebook', function(err, res) {
// here, you can use res.access_token to make your API Call
// or...
res.get('/me')
.done(function(data) {
alert('Hello ' + data.name)
})
})
With this, you can't make mistake with URL anymore :)
The problem here is that your URL is not on the Internet. It is accessible from your computer only. You need a public URL.
Perhaps you can use dynDNS free to get onto the Net with your application from home.
Or, get a web server connected to the Net to host your App.
Best of luck!
this just because of URL mistake
whatever website url is specified should be correct.
i mentioned website url as http://localhost:3000/ and domain as localhost
but in my browser i was running http://0.0.0.0:3000/ that was the actual problem so i ran server as localhost:3000 now its working fine. Because we mentioned site url as localhost fb will redirect to same, if we r running 0.0.0.0:3000 it will rise error that Given URL is not allowed by the Application configuration.
so becarefull with your website url you have specified in facebook app.
and the url you are running locally both should match
thank you
The title really says it all. Under some (undetermined) conditions FB.getLoginStatus() just stops working and won't invoke the callback I gave it. The only interesting clues I've found are
FB.Auth._loadState is stuck on "loading" -- whatever is supposed to make it click over to "loaded" isn't happening
slight delays like putting in alert() calls tend to make it start working
Any hints at all about even how to investigate this welcome.
This usually happens for me when I am running the page under a different domain from what has been registered in Facebook. Typically this is when I am developing locally.
If you are running locally, you'll have to set up a local web server and then modify your hosts file to point the the registered domain to 127.0.0.1 in order to test on your local machine. Don forget to remove that line from the hosts file when you want to test it on the server.
According to:
https://developers.facebook.com/bugs/240058389381072
You cannot put your application under sandbox mode, or else it won't work. Go into your app settings, advanced, and switch it. This stumped me for a couple hours until I happened upon the bug report.
I had similar problem with FB API. It turned out, that my Facebook App was misconfigured. Please make sure that this is not the case for you. My problem was that my "Site URL" param in FB application was pointing to https, but I was using http protocol for development. Any call against FB api after FB.init was not calling my callback functions. So the first thing to do should be to double check App config.
Now, if some reason you depend on FB api but you wish to have a fallback option in case it;s inoperative - workaround with timer should be ok for you. Just set up a timer and disable it if FB Api gives you proper response. If not - fallback to some custom function which will perform some additional logic.
function callFbApi() {
var timeoutHandler = setTimeout(function() { requestFailed(); }, 1000);
function requestFailed() {
// When this happens, it means that FB API was unresponsive
doSomeFallbackWork();
alert('hey, FB API does not work!');
}
FB.getLoginStatus(function(response) {
clearTimeout(timeoutHandler); // This will clear the timeout in case of proper FB call
doSomeUsualWorkAfterFbReplies();
return false;
}, true);
}
If your application is in sandbox mode, Facebook acts as if your application is invisible to anyone who is not listed as an application developer. If you're not logged in, then it would stand to reason that your app is now invisible.
The callback will only fire if you're initializing with a visible application. Otherwise the following response is returned:
<span>Application Error: There was a problem getting data for the application you requested. The application may not be valid, or there may be a temporary glitch. Please try again later. </span>
For more info please see my comment on this bug ticket:
https://developers.facebook.com/bugs/240058389381072
Maybe you are using the asynchronous call. The same thing happened when I called FB.init with window.fbAsyncInit. All I did was delay the FB.getLoginStatus with a setTimeout function
window.setTimeout(checkLogStatus, 1000);
function checkLogStatus(){
alert("check");
// fetch the status on load
FB.getLoginStatus(handleSessionResponse);
}
It seemed to work after that
On the new version of the Developer app, you have to make sure to have put the correct URL you are using to access the application in the Website field under the
Select how your app integrates with Facebook
section.
Make sure the protocol is HTTPS and not HTTP.
I had a similar problem. The site worked every time when I was opening the browser, but fails when I tried to reload.
The cause was the missing "www" on the site name on Facebook configurations. Note that putting "www" (like www.yoursite.com) works on both situations (yoursite.com or www.yoursite.com).
As others have posted, you must be accessing your site at the same URL that facebook expects. For example if facebook has a callback "example.com" but you're browser has "www.example.com", that can cause this problem.
In addition, if third-party cookies are not allowed by your browser, you may also see this problem. Or you may see the callback erroneously reporting the user is not connected.
Just posting a situation I had were calling FB.getLoginStatus got absolutely no response.
My application is designed to run in a tab, and I only entered the Page Tab URLs on the app admin page, and not the App On Facebook (i.e. Canvas) URLs. The tab loads perfectly, but any calls to the FB JS SDK provoke no response.
In Facebook App Settings, go to Client OAuth Settings, look at Valid OAuth redirect URIs
Make sure you have listed all URIs which are the domains from which Facebook SDK is being invoked. For example:
I develop at localhost:5000 and deploy to Heroku. Notice the format: http://domain.name/
I am trying to use FBGraph to let my app publish messages on the users wall. However, all of the APIs are kind of foreign to me and I am just trying to change things and see what happens. Right now, I am getting this error message
{
"error": {
"type": "OAuthException",
"message": "Invalid redirect_uri: Given URL is not allowed by the Application configuration."
}
}
Does anyone know what it means by redirect_uri? What would it be on my Application Settings page on facebook?
Florin is correct. Just a note here.. when testing locally you will need to set it to:
http://localhost:3000/ (or whatever your app server port is)
Then when you move it to production, set it to your regular URL:
http://yourdomain.com/
I have a separate facebook app that I use in development to test, so I don't have to change back and forth between them and I set up the keys in a settings file, which has my tokens for development and production apps.
Anyways, looks like you are almost there. It is making it back to the callback url at least. Should be fine once you update the facebook_connect URL
I am not a facebook expert, but I hit the exact same problem as you a few hours ago when I was trying to login a user inside a web application with Facebook.
It seems that the redirect_uri which you specify in your call to "https://graph.facebook.com/oauth/authorize" must be on the same domain as the Connect Url of your application. (you can set that connect url from the Connect section in your application's settings)
Regards,
Florin
May need to check your Settings > Basic > Basic Info > App Domain. I believe hat needs to be set correctly for the redirect_uri as well.
I had the same issue.
In my case, I had configured site url on facebook as: "http://localhost:3000", it was a wrong URL to facebook.
The reason is, it lack of the / in the end of url, so the correct site url should be:
"http://localhost:3000/"
Just verify your 'Application ID'. In my case I had that problem because I was using ID from my other project that I was working on. Fairly obvious but I lost some time.
I had to make sure I had the scope in there too:
config.omniauth :facebook, 'xxxx', 'xxx', :scope => 'offline_access,email,publish_stream'
Plus you really need to make sure you wait a couple of minutes because it does take time to propagate..