Hi hope someone can help,
For some reason when requesting access token via
https://graph.facebook.com/oauth/access_token?client_id=&redirect_uri=&client_secret=&code=
The token is returned as html output and not redirected to the specified redirect_uri location
However when I request authorization via
https://graph.facebook.com/oauth/authorize?client_id=&redirect_uri=&scope=offline_access,publish_stream,read_stream,publish_actions,manage_pages
This work fine. Redirect occurs with code parameter.
Any help appreciated.
Thanks
The first one isn't somewhere you send users to, it's a URL you make a request to from your code to retrieve the access token, it's not supposed to redirect.
The purpose of the redirect_uri parameter there is to verify that you're the same app which called the auth dialog and received the code originally
You should check out the server side oauth docs if you haven't done so already: https://developers.facebook.com/docs/facebook-login/login-flow-for-web-no-jssdk/
Related
For a school project I need access to LinkedIn API.
I have already created an app on LinkedIn Developers. However, when I do a GET request to https://www.linkedin.com/oauth/v2/authorization, I am not able to get an access token, and I get "you need to pass the scope"
Even though the documentation specified that the scope field is optional, I added scope=scope=r_liteprofile%20r_emailaddress%20w_member_social at the end of my request and got a "invalid scope error".
As for the redirect uri field, I am not sure what to put (can I put a random website URL?)
If someone knows the solution to that problem or know other ways to get an access token, I would be very grateful :) Thank you !
Kim
You need to provide a redirect URI in order to get a valid access token.
First step:
https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id=YOURCLIENTID&redirect_uri=https://my.webserver.com
Once you login and confirm LinkedIn will redirect you to the provided redirect URI with the code parameter. The next step is to exchange this code for an access token.
Second step:
https://www.linkedin.com/oauth/v2/accessToken?grant_type=authorization_code&code=CODE&redirect_uri=https://my.webserver.com&client_id=YOURCLIENTID&client_secret=YOURCLIENTSECRET
If everything is valid LinkedIn will again redirect to the provided redirect URI, but this time with the access token.
Hope it helps.
So i'm building a website that requires the user to be github authenticated in order to create and publish blog posts via the netify cms.
so in github i've added the application.
the homepage is set as:
https://example.netlify.com
in order to reach the admin area of the site to post blogs and such the user must navigate to
https://example.netlify.com/admin/ and authenticate via github.
now the authentication part is working, i am logging into my github account but it loops back to the oauth page but with a weird url:
https://example.netlify.com/admin/?error=redirect_uri_mismatch&error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application.&error_uri=https%3A%2F%2Fdeveloper.github.com%2Fapps%2Fmanaging-oauth-apps%2Ftroubleshooting-authorization-request-errors%2F%23redirect-uri-mismatch&state=5d971eb88a5073cf804e90d5#/collections/blog
I've set my Authorization callback URL to:
https://example.netlify.com/admin/#/collections/blog
which is where the user should log in to, in order to post blogs and articles
so why does it keep looping? i've obviously set up a field incorrectly, i'm assuming that my Authorization callback URL to is incorrect?
Error = redirect_uri_mismatch
error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application.
error_uri=https%3A%2F%2Fdeveloper.github.com%2Fapps%2Fmanaging-oauth-apps%2Ftroubleshooting-authorization-request-errors%2F%23redirect-uri-mismatch
The main clue in this error message is redirect_uri_mismatch if you take that and google it you will begin to understand the problem. Part of the security with Identity servers is that the Redirct uri, that being the redirect uri that the Identity server returns your authorization to must be registered on the idnetiy server itself. Someone cant just send a request on behalf of your application and get the authorization back on their own site.
So what ever redirect uri you are sending in your application needs to be registered over on Github for the authorization to work. Its currently not.
You can read more about it here Troubleshooting OAuth App access token request errors
I am trying to use scribe for Facebook OAuth 2.0 implementation and I get below error
'{"error":{"message":"Error validating verification code. Please make
sure your redirect_uri is identical to the one you used in the OAuth
dialog
request","type":"OAuthException","code":100,"fbtrace_id":"FusY4X0TorE"}}'
I used the below URL to get Token
https://www.facebook.com/dialog/oauth?granted_scopes=1&response_type=code&client_id=473486006089780&scope=email,user_about_me,user_birthday,user_location&redirect_uri=https://www.bankbazaar.com/
I create my service as below
OAuthService service = new ServiceBuilder()
.provider(FacebookApi.class)
.apiKey("1415540682058832")
.apiSecret("07b182efcb587065ceef615a945d92a4")
.callback("https://www.bankbazaar.com/")
.build();
Let's say I get valid code/verifier from FB and use it to get access token
I print my Authorization URL and get something as below
https://www.facebook.com/v2.2/dialog/oauth?client_id=1415540682058832&redirect_uri=https%3A%2F%2Fwww.bankbazaar.com%2F
In my Facebook App page, I have the below setting
Kindly suggest where am I going wrong ?
You must set redirect URL in Valid OAuth redirect URIs. It is in Settings -> Advanced, scroll down to Client OAuth Settings-> Valid OAuth redirect URIs:
I am writing a program that retrieves our marketing data from facebook. the program i am writing can only use curl to retrieve the user access token and there is no UI, the only info I found is to call this url
Curl('https://graph.facebook.com/oauth/authorize?client_id=1534273216862757&response_type=token&redirect_uri=https://www.facebook.com/connect/login_success.html','GET')
However, when I send this, i get back the entire html of the redirect page and no token.
do you know of another way I can accomplish this?
thanks
You can only get a User Token with user interaction, not by curl. It does not work like that, and it should not work like that.
You can use an Extended User Token though, it is valid for 60 days. After that, the user has to refresh it.
More information about Tokens:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
There is some information:
https://developers.facebook.com/docs/facebook-login/access-tokens/
Your access_token can be as: {your-app_id}|{your-app_secret}. Attention: it's application token, not user token. It's limited, therefore you can't make such requests as /me.
Or try this request to get access-token:
https://graph.facebook.com/oauth/access_token?client_id={app_id}&client_secret={app_secret}&grant_type=client_credentials&redirect_uri={redirect_uri}
The {redirect_uri} is any route of your application, and this uri must be in "Valid OAuth redirect URIs" in this page: https://developers.facebook.com/apps/{app_id}/fb-login/settings/
I don't check this solution because I need request some permissions (manage_pages, leads_retrieval). I'm waiting for it will be granted.
With the new Authenticated Referrals in the new FB auth system, the user logs in before even hitting my app.
My question is, is there any way to detect when a user has just come from one of these authenticated referrel dialogs? For example, by specifying the redirect_uri on them and appending some GET params.
If you go to https://developers.facebook.com/apps/YOUR_APP_ID/summary you can set the domain and the website of your application.
Facebook, for security reason will only redirect to the website you set here passing you some parameters in the HTTP GET url (for example the access token just generated for that user), to decide which of these parameter you want to receive you have to go to settings -> auth dialog then at the bottom of the page Authenticated Referrals -> Auth Token Parameter.
EDIT:
If you want to be sure that an user just used the auth dialog you can use a simple workaround: read the access token from the url, then check if this is the 1st time you see this token, if so you can test the validity of the token by performing a simple operation that the particular user accepted you (or better your facebook app) can do with his profile.. The easiest way is probably to send a request to:
https://graph.facebook.com/me?access_token=...
If token is valid then it IS reliable.
I've been working on this problem myself. It would have been a lot better if Facebook just passed auth_ref=true or something. Anyway, I came up with a system that seems to work for me using cookies.
I already have a page that I use as the redirect url for the fb auth dilaog. This page initializes the user and sets a cookie. If that cookie is not present and the signed request has a token, then I redirect to this page. I can't tell if the user either came from an authenticated referral or some other path like a bookmark, but it doesn't matter for my purposes.
You can see the details at:
http://developsocialapps.com/authenticated-referrals-facebook-apps/
Basically something like this:
// on somepage.php
if (signed request has token && url is not redirect page && user doesn't have cookie) {
redirect to redirect.php;
}
// on redirect.php
set cookie;
redirect back to somepage.php