My IOS app uses a facebook login button. When you click on the button, it brings up the Facebook login prompt. After entering your information, it brings up a white screen that says:
SECURITY WARNING: The above URL is NOT NOT VALID FOR A CASH CARD OR GIFT CARD. Giving away the URL may result in your account being HIJACKED.
I can't seem to find anything online about this problem. Any ideas where I should start looking?
We're using the client side flow as recommended by facebook for Desktop applications. Read more here
The page that contains this message is found at http://www.facebook.com/connect/login_success.html
Related
I have a web application (React js with Kotlin backend) that has normal email + pw (plus PIN) login, and it also supports 3rd party authentication (Google and Facebook). It works on mobile and web, however, when I open my webpage through Facebook app - which opens it's own browser - and try to log in with 3rd party authentication, I can click on that "Continue as me" button, but then the page refreshes and I'm not logged in. I saw the same thing happen on other sites too, e.g. Figma, Pinterest, etc. I thought it's impossible to log in this way anymore, however, I just noticed that you can actually log in to Stackoverflow this way (so facebook app -> facebook browser -> stack overflow -> 3rd party auth and it works).
Has anyone figured it out how it was possible for Stackoverflow to do this?
Ok, I found the solution. The problem was that when a user clicked on 'Login with FB' button on my site, I sent a request to fb to get back a content of a login window and I created a pop up window where I rendered it, I put on a listener on that pop up window and once it was done, then I got the access token and sent it to backend and logged the user in. On a normal browser it works perfect (both pc and mobile) but as I mentioned above it didn't work in an in app browser like facebook app.
The issue was that facebook app opens a website in it's own browser that doesn't handle any pop ups, so after a successful authentication I saw that nothing happened and it was because we were not redirected to the original window where we should have, and it had the token in the url. So the solution was instead of making this pop up window for FB login, just redirect the user to the fb login page (and stay on the same window), and once the login is successful, just handle the token as is.
I want to integrate facebook api to help in the registration process in my website. It was working fine before - the standard fb login button appears, the pop-up window to login to fb was working, some of the user data are obtained. However after several trials with me modifying the code as the feature isnt fully integrated yet in my site, whenever I press the login button what replaces the fb login page is "This webpage is not available." I already retracted the modifications I made to the point that it was back to the version wherein it was working before. I also created another app and replaced the app id and secret key, still it displays the same message. I do not know what is wrong. Please help.
Update:
I uploaded the project files to another hosting site and it works! Could it be that the previous domain is now blocked?
Please read the other posts, dude... we're all waiting for the FB to fix the issue...
I am using the Javascript SDK in order to have users log into my Facebook App on my Web Site. I have coded and configured in the App Dashboard everything according to the documentation, including the appId and channelUrl (which is //localhost/WebPage for now) in the Javascript, and the App Domain (localhost), the Site URL (http://localhost/WebPage), User & Friend Permissions, as well as Extended Permissions in the App Dashboard.
When I log using a developer Account (using the Login Button on my Site), which owns the App, but after removing the App itself from the “My App” Section in Facebook (in the same Facebook Account), everything works properly (the Login Button directs me to a New Page, asks to log in, and then asks me to Allow for the Permissions required by my App), which confirms that all my settings (and code) appear to be configured properly.
Meanwhile, when I use another Account (which obviously does not own the App) I receive the following error message: “An error occurred. Please try again later.” Nonetheless, upon clicking Okay in the Browser window, the user is still logged into the Main Page of Facebook (in that same Window). Meanwhile, the user does not get logged into the initial Browser Page (my Web Site). What confuses me even more is that when I refresh the initial Browser Window (which is obviously in the same Browser Application), the user is still not logged into Facebook on that Page (my Web Site). One would think that the cookies should be set properly (for that Browser) and the Browser should access them, and display the user as being logged in on my Web Site.
Would someone have an idea of what is happening?
I'd wager that #ifaour's Sandbox Mode comment is the right answer.
Although "An error occurred. Please try again later." is a very generic Facebook error, there was a recent Facebook policy change that resulted in many apps silently being switched into Sandbox Mode.
Excerpt from here:
Privacy policy alert
Apps that do not include a valid privacy policy URL (see Platform
Policy II.3) in the dedicated field in App Dashboard will see an alert
in the App Dashboard and app details pages. In an effort to make it
easier for you to validate, we will include a 'privacy policy URL
test' link that will check if your app meets the privacy policy URL
requirements. If you do not comply your app may be placed in Sandbox
mode. You can disable Sandbox mode once you meet the privacy policy
URL requirements.
This is exacerbated by the fact that detecting that your app is in Sandbox Mode is made more difficult because you have to hit the "Edit" button in order for the option to toggle its status even appears.
My IOS app uses a facebook login button. When you click on the button, it brings up the Facebook login prompt. After entering your information, it brings up a white screen that says:
SECURITY WARNING: The above URL is NOT NOT VALID FOR A CASH CARD OR GIFT CARD. Giving away the URL may result in your account being HIJACKED.
I can't seem to find anything online about this problem. Any ideas where I should start looking?
We're using the client side flow as recommended by facebook for Desktop applications. Read more here
The page that contains this message is found at http://www.facebook.com/connect/login_success.html
Javascript authentication works great on browsers but once I use the website on mobile, I always get this error on the login popup.
Sorry, the application you are using is misconfigured for Facebook integration. Please download the newest version of the application.
Instead of showing the usual login popup, it goes to m.facebook.com and it produces this error. Whats interesting is clicking on the spanish link, makes it work again.
--EDIT--
After doing some research and tinkering, ive nailed it down to this:
<fb:login-button registration-url="http://www.example.com/page#register" onlogin="authenticate.facebookLoginCallBack()"></fb:login-button>
Its possible the pound sign blows it up. I need the pound sign because i dont want to redirect off the page,instead i want to trigger a js registration popup.
My guess is that the # gets into the redirect-url, and then must somehow get transformed again on its way to getting redirect to m.facebook.com and that makes it fail there.
--EDIT--
I thought about redoing the flow by creating my own button and calling FB.login, but there is no way to tell the API to stop at login, and load my own registration. The problem is summed up here Registration flow using FB.login
Realistically it seems we are only provided with one option here:
https://developers.facebook.com/docs/plugins/registration/
Login + Registration Flows
and it doesnt work in my situtation
VISUALS
Typically the user clicks on this button
Then they see this dialog. (Notice it says www.facebook.com in the url)
But they see this dialog on mobile. (This is loading from m.facebook.com)