I am using the Javascript SDK in order to have users log into my Facebook App on my Web Site. I have coded and configured in the App Dashboard everything according to the documentation, including the appId and channelUrl (which is //localhost/WebPage for now) in the Javascript, and the App Domain (localhost), the Site URL (http://localhost/WebPage), User & Friend Permissions, as well as Extended Permissions in the App Dashboard.
When I log using a developer Account (using the Login Button on my Site), which owns the App, but after removing the App itself from the “My App” Section in Facebook (in the same Facebook Account), everything works properly (the Login Button directs me to a New Page, asks to log in, and then asks me to Allow for the Permissions required by my App), which confirms that all my settings (and code) appear to be configured properly.
Meanwhile, when I use another Account (which obviously does not own the App) I receive the following error message: “An error occurred. Please try again later.” Nonetheless, upon clicking Okay in the Browser window, the user is still logged into the Main Page of Facebook (in that same Window). Meanwhile, the user does not get logged into the initial Browser Page (my Web Site). What confuses me even more is that when I refresh the initial Browser Window (which is obviously in the same Browser Application), the user is still not logged into Facebook on that Page (my Web Site). One would think that the cookies should be set properly (for that Browser) and the Browser should access them, and display the user as being logged in on my Web Site.
Would someone have an idea of what is happening?
I'd wager that #ifaour's Sandbox Mode comment is the right answer.
Although "An error occurred. Please try again later." is a very generic Facebook error, there was a recent Facebook policy change that resulted in many apps silently being switched into Sandbox Mode.
Excerpt from here:
Privacy policy alert
Apps that do not include a valid privacy policy URL (see Platform
Policy II.3) in the dedicated field in App Dashboard will see an alert
in the App Dashboard and app details pages. In an effort to make it
easier for you to validate, we will include a 'privacy policy URL
test' link that will check if your app meets the privacy policy URL
requirements. If you do not comply your app may be placed in Sandbox
mode. You can disable Sandbox mode once you meet the privacy policy
URL requirements.
This is exacerbated by the fact that detecting that your app is in Sandbox Mode is made more difficult because you have to hit the "Edit" button in order for the option to toggle its status even appears.
Related
Last night Facebook disabled our app with the following justificative:
Developer Policy 6.1: Verify that you have integrated Login correctly. Your app shouldn't crash or hang during the testing process.
During Login, your app is crashing or hanging excessively, creating a broken experience for people trying to use your app. To make sure this flow runs smoothly, check that you've integrated Facebook Login correctly. We recommend that you test Login on all integrations. If you have not already done so, please:
• Here's our quickstart guide for implementing Facebook Login for Android: https://developers.facebook.com/docs/facebook-login/android
• We encourage you to test your Login integration following these steps here: https://developers.facebook.com/docs/facebook-login/testing-your-login-flow/
• Best Practices for Login can be found here: https://developers.facebook.com/docs/facebook-login/best-practices
After going through the app options for Facebook Login, I found out that our public_profile permission is in "Standard Access." To allow our users to use Facebook Login, I will need to upgrade to "Advanced Access."
The documentation says that "Business apps created before February 16, 2021, were automatically approved for Advanced Access for the email and public_profile." I should be able to move our public_profile permission to "Advanced Access" because our app was created way before 2021. The problem is that after I click on the "Get Advanced Access" button and type my password, the page reloads, and the public_profile permission is still on the "Standard Access" mode.
So, these are my questions: what I am doing wrong? Is my app unable to upgrade our permissions to "Advanced Access" while being in this "Disabled" state? How can I debug my app to make it work again?
Some additional info about my app:
It passed through the Facebook App Review in 2019, and we already got permission to manage Pages and read connected Instagram accounts;
Everything was working fine until Facebook warned us that our Login integration was not working correctly;
In response to the Facebook notification and before Facebook disabled our app, we enabled the "Login with the JavaScript SDK" and updated the "Allowed Domains for the JavaScript SDK" (such as "https://www.example.com/").
I can't switch back our app to "Dev Mode" because the option is not showing up (is it due to being "Disabled"?)
For anyone landing here from google: I had the same issue, it is a brand new Facebook app, it's not blocked nor disabled. I needed to enable login through Facebook, thus needing advanced access to public_profile. When I tried that, it sometimes asked for my FB password, sometimes not, but it did nothing. There were no errors in the javascript console in the browser, nor any failed requests. I managed to make it work by simply waiting 10-30 seconds after each click (Request advanced access -> wait -> check the box -> wait -> write password -> click submit) to let the JS in the browser finish whatever was going on and then click the next button etc.
I discovered that it is not possible to modify your permission settings while your app is blocked.
I recovered my app using the appeal form, saying that I can't correct it while it is blocked because I need to change the permission settings. In case anyone needs an example, this was the exact text I sent to Facebook on the appeal form:
To get our app into compliance, we still need to upgrade our
permissions from "Standard Mode" to "Advanced Mode", but we can't do
this while our app is disabled. I would like to ask Facebook for an
Extension of the deadline and to re-enable our app, to allow our team
to change the permissions to "Advanced Mode" and properly test and get
our app into compliance. In case it is not possible to make an
extension to the deadline, we ask Facebook to revoke all permissions
given through the App Review process and then re-enable our app, in
Dev Mode. This way, we would be able to make all the required changes,
properly test our app, and submit it again to the App Review.
for me it was not possible to get a reply from facebook with the text of #lgfischer. All the time only chatbots answered. After 2 weeks of writing we decided to remove the facebook login from the app.
the end result is: no more facebook login in our app. 😁 thanks to all facebook chatbots and to the intelligent metaverse. ;-)
I had the same issue, it is a brand new Facebook app, it's not blocked nor disabled. I needed to enable login through Facebook. It asked me to enable advanced access to public profile setting When I tried that, it sometimes asked for my FB password, sometimes not, but it did nothing.
There was no errors, the setting was just not turning on to advanced. this problem was faced by some others too, who have posted their answers under this same topic
I have been able to access the advanced setting now.
All I had done was change from brave browser (Tried with chrome also, but didn't work) to Mozilla Firefox
It just worked like magic. make sure you enter the right password for that account.
If this helps, hit an Upvote. or comment your experience below
I've written an authorization flow for my action, to do account linking with the "Implicit flow". I have been testing it using the web simulator. When I try to run the action in the web simulator it tells me to link my account, and provides a URL:
"https://assistant.google.com/services/auth/handoffs/auth/start?provider=hello_dev&return_url=https://www.google.com/"
I run that URL and this is what happens:
My Java servlet receives the auth request from google. It contains what is documented, a GOOGLE_CLIENT_ID, a REDIRECT_URI, a STATE and "response_type=token"
I create an access-token from the Google ID that is logged in by using UserServiceFactory.getUserService().getCurrentUser().getUserId()
I craft a URL to the redirect-uri that contains my ACCESS_TOKEN, token_type=bearer, and state= the state string I originally received
I create a web page for the user that contains that link so they can click it and it executes the link and my account is linked.
That works great and the response is a blank page with a URL that says: "https://www.google.com/?result_code=SUCCESS&result_message=Accounts+now+linked."
However, I wanted a flow that allowed the user to ensure they are logged in, and logged into the Google Account they wanted to link
So, I also present a link that logs them out if they'd like. The link is created by using userService.createLogoutURL(thisUrl)
If they do that, I then present them a link to log in, created using userService.createLoginURL(thisUrl)
Once they have logged in, with a different Google ID, they are back on the original page which allows them to log out again or click the "link account" link.
The situation is, that if they click the "link account" link now, the EXACT same link that would have worked successfully before they logged out (except a different ACCESS_TOKEN value) and logged back in with a different account, the response is a blank page with a URL that says: "https://www.google.com/?result_code=FAILURE&result_message=Account+linking+failed"
Two things of note:
If they log out and log back in with the same account, then the "link account" URL works fine
If they are not logged in at all when beginning the process, and then log in and then use the "link account" link it works fine
So, the only time it fails is when they are logged in, log out, log in with a different account, and click to link accounts. That's when it fails.
The account doesn't matter, multiple different accounts work, as long as the browser is logged into the first account and doesn't change during the flow.
I honestly cannot imagine how this is happening.
This gets even worse if I do it in the Google Home app, as it then returns some "malformed request error" page and basically stops working, PERMANENTLY. Stopping/Starting the action didn't help. Stopping/Starting the Web service didn't help. Rebooting the Android device didn't help. Link Account from the Google Home app was permanently broken. The only way I was able to get it working again was to use the Account Link URL (gotten from the web simulator) in the Chrome Browser on my Android device, which seemed to "reset" everything.
At this time, we require that the Google user who initiates the account linking process, both via the simulator and Google Home application, be the same Google user that logs in via a Google Sign-in option, if it is offered as part of your auth flow. This is a hard requirement.
For this reason, we'd suggest not offering a Google logout option as part of your account linking process.
When a user is not logged in and they navigate to a page tab made with our app, they get an obtrusive dialog asking them to log in:
This has nothing to do with http vs https, the app is not in sandbox mode, there is nothing in the tab asking for a login or user information, etc. I've gone through the app settings at least a half dozen times now, and nothing is wrong there. Aside of urls, the settings are identical to another app I have that does not suffer from this problem. I'm stumped!
Edit: here is an affected tab: https://www.facebook.com/StaticHtmlThunderpenny/app_203351739677351
This message is not about login to your app, but Facebook in general.
So my guess would be that the page your app is installed as page tab app on is restricted in some way – by age, location, or for having alcohol-related content. And then of course Facebook asks for login, because otherwise they can not determine whether or not the (as of now still “anonymous”) user qualifies to see the page.
So go check the page settings.
This is actually not app related question.
This is thumb rule!! To access any app on Facebook, you need to log in to Facebook. You can see Facebook page without log in. But for facebook apps, you should be authentic user.
with this issue in my own experience that I came across some years back with a facebook app that I was running, if this doesn't relate to any of your other social networking apps then am aligning two set of possibilities and solution.
The user might have not properly logged out as "written" in the app for the users logout stage.
Solution would be that the user logout as expected before closing the app.
The user might have set up an automatic login prompt which was removed by the app when it was been updated automatically. (If you do get me???)
Solution would be to monitise your app on updates and login informations or better still just login and logout ask intended by the app and for security reasons.
Lastly I would say that automatic bookmark database should be added to the server part so current pages as the user uses the app would be saved after logout or login stage. Thank you, hope this helps and if not let me know what am missing.
I would like to integrate an existing, external application with Facebook using Mobile Web method and its authenticated referrals as well as to be able to redirect user (incoming from a different place) to Facebook login page. I do not want it to be embedded in Facebook page.
If I understand correctly how the authenticated referrals work, I must somehow reach the authentication dialog which will redirect me to the Mobile Web URL, which I specified in the application configuration.
Additional information: I would like to avoid making the application public until it is ready, so I have set the Sandbox Mode setting to Enabled.
How to get the URL, with which I will be able to test authenticated referrals?
You can land at your game's Mobile Web URL page using following steps:
Switch your user agent to iPhone or other mobile.
Go to the http://m.facebook.com page.
Press the "identity" icon in the top left edge of the screen to show the bookmarks menu.
Look for the application in the Apps section.
Press the application bookmark.
Above procedure worked for me. My user was an admin of the project but it will probably work also for devs and testers (just a guess).
I've combed the internet looking for a solution and I have none.
For some reason, my page can't add the facebook developer app. I don't get the box that pops up asking to to allow even. When I click "go to app" it takes me back to my page. It IS verified, I've tried logging into the developer page and going from there and nothing works. I checked the "apps" section on my page and it says I haven't authorized anything even.
You probably have always use HTTPS enabled on your profile, however in your app settings, you don't have a valid HTTPS url listed.
Instead of logging in as the page, log in as a page admin (normal facebook user) and try adding the app.