In the setting of my App, I have set the site URL to be http://localhost/, in the app domain, I have indicated localhost.
Followed by in the Facebook Login Product, I have set Valid OAuth redirect URIs to be http://localhost.
but launch in my application, it gives me URL Blocked .... redirect failed because the redirect URI is not whitelisted in the app's Client OAuth Settings...
the redirect URI link is http%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2Fao6eUeuGXQq.js%3Fversion%3D4
No matter what I change in the OAuth, the URI remains the same.
Anyone able to help?
Nope. Just localhost wont do. U need to put with port too. i.e http://localhost:3000/
There is NO url called http://localhost/ and If you put a port, it just talks about specific domain.
For example, if you put localhost which considered wild. For example what if you put www in your allowed url? It is considered illegal.
If you specify the port i.e http://localhost:3000/ then u just refereing to one domian at a time. And it is not wild nor illegal. Through this u are just allowing www.stackoverflow.com
Related
I know this question has been asked several times, but none of them are helping me. This functionality was working up until a day ago. Now I am getting this error and do not believe I have changed anything on our servers. But I know something must have changed.
Here is the url my app is trying to redirect to:
https://advocacy-test.hrmarketer.com/advocacyTest/HRmIWeb/web/facebook/auth?code=AQC6QmTOU4q__kdLDkmuqIrysoJiY1eX-HrvQtE8FeqPbOPNM22gZl4niOwEVXm_3mkBdsiYto0CnswpuLgdqbrdILIea4z1VCfpNt2CQwbfGJ61I_1QNDi7eIF3jR6Sw2JzKstcXSUi2Hydt8frN9Cg2pLrLDeSiOPgV9rO7E5O6ikhUDGAt3vYiWKb6P3nn65FPM_C5ZYczOVnYhU8Qpe8Oj4O8VTtQtR7WgayVoQP6nCldvcDjRQpnNVolJI_c_lLeTRFGQhFod-w3P_rbACRyzARxD5nYAu2jblBKHHhKQWDRD_vHl19r78mlQLPAz9M3GZcFs-xEbE2K97q_D1z&state=bdd6a2a608a7249d0cf7102fd1150341#=
When I check this in my FB app settings it says it's a valid callback uri. What could be the issue?
Redirect URI to Check
Check URI
https://advocacy-test.hrmarketer.com/advocacyTest/HRmIWeb/web/facebook/auth
check
This is a valid redirect URI for this application
From Facebook app settings
Step 1: You have to go to your code and add your URL:
$redirectUrl = "http://example.com/[auth_link]";
Step 2: Go to your Facebook App Setting and add add the exact URL above.
May be your problem is you missed WWW -> the solution add both WWW and no-WWW versionsto whitelist in Client OAuth Settings
OR you missed parameters after URL: eg: ?back=xxx
Let's say my app's main domain is at https://www.example.com
App is going to have lots of instances, i.e.
https://www.example.com/client1
https://www.example.com/client2
https://www.example.com/client3
<..>
In order to have OAuth2 authentication against my app, I currently have redirect URIs as such:
https://www.example.com/client1/SignInGoogle
https://www.example.com/client2/SignInGoogle
Is there a way to add one Authorized redirect URI for all of these clients? i.e.
https://www.example.com/*
or
https://www.example/com/*/SignInGoogle
Or does this URI has to be the exact match?
If you look at the Google Developer console
Must have a protocol (HTTP / HTTPS)
Cannot contain a URL Fragment (#)
Cannot contain a relative path.
Cannot be a public IP address.
Examples of Relitve vs Absolute URIs
Relative URI Absolute URI
about.html http://WebReference.com/html/about.html
tutorial1/ http://WebReference.com/html/tutorial1/
tutorial1/2.html http://WebReference.com/html/tutorial1/2.html
/ http://WebReference.com/
//www.internet.com/ http://www.internet.com/
/experts/ http://WebReference.com/experts/
../ http://WebReference.com/
../experts/ http://WebReference.com/experts/
./about.html http://WebReference.com/html/about.html
What you want to do is something like a Relative URI. What you need to remember is that an Authentication server is nothing but a web service. If you cant access the redirect URI from a normal web browser the authentication server cant either.
So no you cant do that it has to match exactly.
I'm trying to pass some variables to my facebook app from the url, i.e. using GET variable app_data like facebook wants.
At some point I've stopped getting the ['signed_request'] part of the $_REQUEST. When I print_r($_REQUEST) I'm getting: ['doc'], ['user'], ['__utmz'], ['__utma'] and ['session'] values, but not signed request :(
Any ideas of why this might be happening?
Check the tab/canvas url is EXACTLY the same as required. If there is a redirect to another page, then signed request and other values will not be sent. You can check using a browser sniffer, if a call to the page responds with a 300 (301/302 etc) redirect, then you need to change to what it redirects to.
Examples:
https://example.com/ may need to be https://www.example.com/ (add www., or remove www. depending on how server is set up)
www.example.com/ may need to be www.example.com/index.php (add index.php, or the right page).
Check you are using http:// and https:// correctly in the URLs, and that https:// returns a valid page.
I've only been able to get the signed request in https://, i get no request at all in http.
Currently have a bug on FB, but no word on fixing it yet; http://developers.facebook.com/bugs/264505123580318?browse=search_4eb3ef23eb18d6649415729
EDIT:
http://SITE.com was redirecting to http://www.SITE.com, so I was loosing the request variables.
Had a similar issue, for me it was as simple as a mismatch of the app id and app secret! However in facebook developers backend I have noticed that the URLs all need to have that trailing slash!
Some browsers do redirect your request to https automatically if you have been on this particular site on https so if you are in http mode on facebook there is situation:
facebook requests http version of your app, browser redirect this request of facebook to https and POST data and thus signer_request are gone in this process...
i see this problem in chrome 23, if you delete browsin data (particulary Deauthorize content licenses) app should run back on http
I am wondering if there is a way to get facebook user profile image's real url in https.
Like I use https://graph.facebook.com/20926460/picture to get a the profile image,
It will redirect to http://profile.ak.fbcdn.net/hprofile-ak-snc4/41539_20926460_5421452_q.jpg.
Is there a way to get the "https" version of the second url? or is the url existing?
This might have changed in the docs since you last looked, I know everyone got excited about https after that snooping tool came out.
"If you need a picture to be returned over a secure connection, you can set the return_ssl_resources argument to 1: https://graph.facebook.com/xx_userid_xx/picture?return_ssl_resources=1."
Hopefully that won't redirect you.
Update 10 sept 2012
https://graph.facebook.com/20926460/picture now redirects to https urls.
You can just replace http by https in the target url but keep in mind that it is only temporary and may time out.
there is also no valid ssl certificate, but if you ignore that, the file will be served.
if you need a valid certified https url for pictures you need to set up a proxy script on your server that passes through the file.
edit:
as for your comment here is an example of what i meant by "proxy script".
you can put it on your server and request it with whatever protocl/scheme you like.
just like it was a local picture. you should probably validate the mime type. do some error handling and prevent injections etc. but just to give you ap icture:
<?
header("Content-Type: image/jpeg");
echo file_get_contents('https://graph.facebook.com/'.intval($_GET["id"]).'/picture');
fyi i put the int cast there to prevent injection hacking.
script is untested but should work as file_get_contents will follow redirects.
How can I turn domain.com into https://www.domain.com (the actual address)? Is there an easy API for this?
The purpose is to allow a user to enter a domain in preferences and allow my app to convert that into a fully qualified web URL like a web browser does when I type google.com it returns http://www.google.com (ish).
If typing your domain.com results in https://www.your domain.com then the server is redirecting. Here is a rule to follow:
Construct "https://domain the user typed". Connect to that, and follow any 301 (permanent) redirects until you get a 200 response. Save the URL you end up at as the permanent one.
If your connection failed, try again with http:// instead of https://.
Do not assume that the "proper" URL contains "www."; if it should, then the server will redirect.
What's so hard about putting "http://www." in front?
How does that require an API?
Are you asking about the string concatenation API?
Use the NSURL class. More specifically, use initWithScheme:host:path where scheme is "http", host is your string and path is empty.