We've been using LWA for a while successfully. We currently use the following options for "authorize":
scope: 'profile'
response_type: 'code'
popup: true
We use a redirect_uri instead of a callback function.
On the server we then request a token using the response code. All this worked without problems.
We now want to change from using a popup to a redirect to a separate page.
I switched popup to false, and updated the "return urls" on the LWA dashboard. Tthe sign in seems to work well, but once our "return_uri" is called, we fail to get the oauth token (we get 400 Bad Request) back.
From reading the docs, I can't figure out what else I have to change. Anyone have any ideas?
I figured it while rereading the docs. I needed to include a redirect_uri in when requesting the token from the backend. (And it should match the one used when calling authorize in JS SDK.)
Note: This is mentioned in the table of parameters, but the example is wrong and doesn't include it.
Related
I am having issues using the Facebook send dialog. If I open this window in a new browser, everything works:
https://www.facebook.com/dialog/send
?app_id=[My_App_Id]
&redirect_uri=https%3A%2F%2Fwww.example.com%2Fcallback
&link=https%3A%2F%2Fexample.com%2Fimage.jpg
So by doing that, I am able to send a message just fine. However, I need this to be in an iframe, which according to the send dialog documentation, this should work. So I then do this:
https://www.facebook.com/dialog/send
?app_id=[My_App_Id]
&display=iframe
&redirect_uri=https%3A%2F%2Fwww.example.com%2Fcallback
&link=https%3A%2F%2Fexample.com%2Fimage.jpg
Doing so, I get the following error:
API Error Code: 102
API Error Description: Session key invalid or no longer valid
Error Message: Iframe dialogs must be called with a session key
I find it a little strange that I can do this with a popup, but they require a session key for iframe. But even so, that isn't a problem. Because I have already gotten an access_token. So, this should work then:
https://www.facebook.com/dialog/send
?app_id=[My_App_Id]
&display=iframe
&redirect_uri=https%3A%2F%2Fwww.example.com%2Fcallback
&link=https%3A%2F%2Fexample.com%2Fimage.jpg
&access_token=[MY_OAUTH_ACCESS_TOKEN]
The access token was obtained from calling /v12.0/dialog/oauth, and I have confirmed that the access_token is valid:
However, I now get this message:
This Content Isn't Available Right Now
When this happens, it's usually because the owner only shared it with a small group of people, changed who can see it or it's been deleted.
So now this really makes no sense. I can send this link just fine if I use a popup with NO access_token present. But to set the display to iframe, I must include the token, which is fine, but it doesn't like the token for some reason?
It is also worth noting that this behaves the same way regardless if the Facebook app is in development mode or live mode. In development mode, all of the permissions should work for my test users. So it seems very unlikely that this is a permissions issue?
Anybody have any insight on this at all?
I got a notification from Facebook saying that they will invalidate calls from URIs not listed in the Valid OAuth redirect URIs this coming March 2018 and I think they are requiring us to Enable Strict Mode for Redirect URIs. Link about this can be found here.
I have been using their PHP SDK with Strict Mode disabled for a year now without any problem however when I do enable strict mode and place there the redirect url which is: https://nino-dot-dynamic-osprey-93721.appspot.com/admin/fb-callback_admin.php - it returns an error as seen below each time I try to Login with Facebook:
Graph returned an error: Can't Load URL: The domain of this URL isn't included in the app's domains. To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings.
Note that I'm simply using FB's default PHP SDK Login code (https://developers.facebook.com/docs/php/howto/example_facebook_login) which have login.php and fb-callback.php links and I'm not using any custom OAuth workflows.
I noticed that the redirect URL generated contains the code and state parameters:
site.com/admin/fb-callback_admin.php?code=somecode&state=somestate
I think this is the reason why I'm getting the error because it only expects a redirect URL of https://nino-dot-dynamic-osprey-93721.appspot.com/admin/fb-callback_admin.php without any trailing parameters.
How do you guys think of getting around this issue of Enabling Strict Mode given that the response of the redirect URL through the below code:
$helper = $fb->getRedirectLoginHelper();
$permissions = ['email']; // Optional permissions
$loginUrl = $helper->getLoginUrl('https://nino-dot-dynamic-osprey-93721.appspot.com/admin/fb-callback_admin.php', $permissions);
echo htmlspecialchars($loginUrl);
is generated from FB's PHP SDK by default?
Change
$accessToken = $helper->getAccessToken()
to
$accessToken = $helper->getAccessToken('http://www.example.com/admin/fb-callback_admin.php');
I had the same issue and found this answer in this thread, which seems to resolve the problem for me:
Graph returned an error: Can't Load URL: The domain of this URL isn't included in the app's domains
Not sure why this works, though, but glad it did.
I was facing the same issue, Actually, this comes from the facebook graph sdk.
I got this information from here
Also, a quick and dirty change that seemed to fix this error for me
was adding 'code' to the list of params to remove in
FacebookRedirectLoginHelper
later facebook itself released the updated package which seems fixed the issue.
make sure you have the latest version of facebook-graph-sdk at the time of this answer, the version is 5.6.2
I'm trying to use my generated App Access Token with requests to the Graph API, but for some unknown reason it simply will not work. I always get the dreaded Invalid OAuth access token signature error.
Now, let me clarify: I'm pretty sure I know what I'm doing. I did get it to work with a different FB app. I used the /oauth/access_token call to generate the App Access Token, and I can use that Token successfully in further graph calls for that FB app.
But when I try it for my new FB application, it fails. This is the Rails snippet:
app_access_token = URI.escape(ENV["FACEBOOK_APP_ACCESS_TOKEN"])
url = "https://graph.facebook.com/debug_token?input_token=#{user_access_token}&access_token=#{app_access_token}"
response = HTTParty.get(url)
I've also tried not-encoding the token; as expected, it doesn't work (and shouldn't).
I've double- and triple-checked my App ID and App Secret, and re-ran the generation (via curl), and I think it's all correct and copy/pasted without error. The only possibly-notable difference between the generated token of my old app and that of my new one is that the latter has a hyphen in it. Is that relevant?
I am currently working around this by using <App ID>|<App Secret> in place of the generated token, but I'd really like to get back to doing it the right way.
Argh! It turns out that I had a few extra characters that somehow got attached to the end of my generated token!
I don't know how those got there, but that was the problem. Just dumb old human error.
EDIT: Oh my god, every Facebook developer should know this page:
https://developers.facebook.com/tools/accesstoken/
Why isn't that linked from the docs about the access token? It would have saved me so much time and probably prevented my mistake!
I'm using the Javascript SDK inside a node.js (Express) App.
Connecting Users works fine, but the connection does not persist between page reloads.
Is this the default behaviour, or is the User supposed to stay connected in new requests?
Do I have to use OAuth token authentication and if so, how can this be done with the JS-SDK?
Inside the "Permission"-Popup, Users are already logged in with soundlcoud, though.
(just have to click the "connect" button each time)
Figured I'd share my answer for those who are unsatisfied with the current answers for automated oauth:
Retrieving access_token:
I had to define get and set cookie functions and then I use the functions to set and retrieve a function holding the access token. I'm not going to give these functions for conciseness but you can easily find them with a google search. I then use this line of code to get the SC access token (once the user has authenticated for the first time)
SC.accessToken()
Setting token:
So this is kind of just an elephant in the room in my opinion that for some reason no one has mentioned. How in the **** do you connect w/ SC using the access token? Do you set it as oauth param? On each call pass it? Well, after experimenting with putting the parameter in every single place I could think, I found out you have to do something like this:
SC.initialize({
client_id: '[removed for security reasons]',
client_secret: '[removed for security reasons]',
redirect_uri: '[removed for security reasons]',
access_token: getCookie("sc_lm2"),
scope: 'non-expiring'
});
//Where "sc_lm2" is the name of my cookie
Hope the helps! Took me a while to figure this out for such a simple thing
EDIT
Using PHP and Wordpress:
$json = wp_remote_get("http://api.soundcloud.com/users/[user_id]/tracks.json?client_id=[client_id]");
$soundcloudData = json_decode($json['body'],true);
(substitue cURL functionality if you're not using Wordpress). #krafty I assume you would just change the endpoint from "/tracks" to "/users" but I can't say I have ever really needed to grab anything but tracks using the Soundcloud API. Hope this helps, though I'm not sure I fully understand what it is that you are trying to accomplish (or rather, how exactly you're going about it) - are you trying to allow user logins? If you want to explain fully what you're trying to accomplish and the steps you're taking I'd be happy to take a crack at it.
Yep, this is the way to do it, officially. :)
For the Next SoundCloud site, we store the token in localStorage (until the user logs out, of course). In each AJAX request to the API from the front end, we put the oauth token in a request header:
jqXHR.setRequestHeader('Authorization', 'OAuth ' + the_oauth_token);
I am at this step in getting my app started in the documentation:
https://developers.facebook.com/docs/appsonfacebook/tutorial/#auth
In there is a code block that (supposedly) forwards the user to a request dialog asking permission to access certain bit of information about them. I've placed this code block into the PHP script that my canvas URL points to, and changed the $app_id and $canvas_page to my application ID and canvas URL respectively. Instead of getting the expected dialog, I receive this following error from facebook:
"An error occurred. Please try again later."
No other details about the error are present. I've tried some variations of the script, and have even tried loading up this URL directly just to see if that would work. Note that I've replaced YOUR_APP_ID and YOUR_CANVAS_PAGE with the appropriate values and made sure that spelling and/or punctuation are correct:
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_CANVAS_PAGE&scope=email,read_stream
For the redirect URL, I've tried prepending it with http://, https://, and no prefix at all. All with the same result.
My question: is the example in the documentation broken, or is the oauth link provided in the documentation currently down? The vague nature of the error is somewhat frustrating since I can't tell if it's something I'm doing wrong or if it's facebook's oauth function that's at fault.
So, the problem was that instead of using the numeric application ID that facebook assigned for me when I originally created the app as the YOUR_APP_ID parameter in the OAuth URL, I was using the application namespace string. Facebook didn't understand this sort of request, and returned the generic error message.
Once I used the numeric app ID, the OAuth dialog popped up to ask permission to access my account, as expected.