Website feed to facebook pages is broken and I get the following message:
"message":"Error validating access token: The session has been invalidated
because the user has changed the password.",
"type":"OAuthException","code":190,"error_subcode":460
Similar questions already been asked but I notice some of them are quite old and I want to make sure the answer is up to date.
Can I resolve the error without reapplying for a new token?
I fixed this by going to the related app in Facebook Developer center and resetting the Facebook App Secret (even reauthorizing would not work). It is the only way I could fix it and very frustrating and ridiculous that because the user changes their login password that it breaks the API/app.
No, you need to reauthenticate the user. See here: Handling Invalid/Expired Access Tokens
How-To: Handle expired access tokens .
There is also an outstanding bug which is causing this issue for many users. Please subscribe so that it gets the attention it needs :-)
https://developers.facebook.com/bugs/284696814962357
I notice you haven't accepted an answer so I thought I would try and help out. I was experiencing a similar problem and this answer worked for me https://stackoverflow.com/a/12654266/32348
You get this message because you have probably changed your password of your Facebook account. On the other hand, your instagram account password remained the same. The easiest way is to change your instagram password. Click to setting in instagram app, click reset the password. The program will probably send you a reset password link. Do it. Re-connect your instagram with your new password. The app will ask you to continue with your Facebook account and you in this way have re-given permission to instagram to publish ads. You are ready to go!
Happy ads.
This happened to me using {SNAP} Social Networks Auto Poster because the password to my Facebook Account was changed.
Steps to resolve:
Delete the complete social account set in {SNAP} Settings menu (Re-authorization will not fix the issue, as suggested by snap customer support)
Go to developers.facebook and change your APP Secret.
Start fresh and Create a New Social Account in {SNAP} with your APP ID and your new APP Secret.
That should do it.
Related
Earlier today, the Facebook login flow of our web application stopped working for some users. When we try to fetch the current profile, an error is returned. It claims that the access token we just generated by redirecting the user to the OAuth login flow has been rejected.
The reason given is:
The access token is invalid since the user hasn't engaged the app in longer than 90 days
To me, this makes no sense since we do not store the access token anywhere except for the current session and recreate it every time the user logs in with Facebook.
The stacktrace from Spring Social for the GET /me call looks like this:
ERR c.s.f.v.resource.AuthenticationResource Exception when connecting with Facebook
org.springframework.social.RevokedAuthorizationException: The authorization has been revoked. Reason: The access token is invalid since the user hasn't engaged the app in longer than 90 days.
at org.springframework.social.facebook.api.impl.FacebookErrorHandler.handleFacebookError(FacebookErrorHandler.java:85)
at org.springframework.social.facebook.api.impl.FacebookErrorHandler.handleError(FacebookErrorHandler.java:59)
at org.springframework.web.client.ResponseErrorHandler.handleError(ResponseErrorHandler.java:63)
at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:775)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:728)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:702)
at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:350)
at org.springframework.social.facebook.api.impl.FacebookTemplate.fetchObject(FacebookTemplate.java:220)
at org.springframework.social.facebook.api.impl.FacebookTemplate.fetchObject(FacebookTemplate.java:215)
The issue is probably related to changes in the Facebook API, but I do not see how this affects the short lived access tokens we create on every login.
I ran into this issue when our integration tests logged in with a test user - the following JSON came back from the Graph API:
{
"error": {
"message": "The access token is invalid since the user hasn't engaged the app in longer than 90 days.",
"type": "OAuthException",
"code": 190,
"error_subcode": 493,
"fbtrace_id": "F/1z2AsTRx8"
},
"timestamp_microsecond": "2018-05-30 11:22:01.353949"
}
That was a bigger problem as our test users don't "engage" with the app as such. To fix this I had to:
Log into the FB developer site
Find the app in question
Look under Roles -> Test Users to find the right user
Click on the Edit button for the user and then click "Login as this test user"
Once I'd logged in, go to Settings -> Apps & Websites
Find the App in the "Expired" tab for apps the user had not interacted with for longer than 90 days
Click the "View & Edit" button on the expired app
Click "Renew Access" in the popup
Once I'd done all those steps my test user (and integration tests) worked again.
facebook responses:
Thanks for getting in touch. This is actually a known issue that we
are already tracking in another bug report.
I'm going to merge your report with the existing one, so we can deal
with the issue in one place. Please refer to this thread for updates:
http://developers.facebook.com/bugs/194772814474841/
My temporal solution was to use JS SDK, it is working correctly in my case...
Update:
The issue seems to have just been fixed by Facebook.
I filed a bug with Facebook and they are currently (5/3/18) working on a resolution.
There are several workarounds suggested here and in the bug comments. To summarize:
Add a new permission that you previously didn't ask for to force re-authorization
Catch the error and re-authorize the user manually via auth_type=reauthorize
Switch to JS SDK and use client-side login
I'm going for solution #2 as it seems to be the most straight-forward way.
I have found this link in FB docs:
Refreshing User Access Tokens
Which mentions that after 90 days users must re-establish their token, so in case of such error we should just redirect the user to register again.
They even mention that they remove tokens of non-active users in the top of this doc. Maybe they did a mistake and removed all users tokens.
Anyhow the solution is to redirect users to resubscribe.
The bug persist according to discussion
According to a user's comment of mentioned discussion, we revoked permissions of every user of our app and it worked. For this we used next graph api endpoint. We had to persist the users' facebookIDs.
Regards
TEMPORARY SOLUTION
For iOS you need to change SDKs code to support "reauthorize". In order to change source code you will need to download it using CocoaPods. Then copy the following functions over pods:
https://github.com/mavris/FacebookFix
Add Permission Code in your App
Likes
Android :
fbLoginButton.setReadPermissions(Arrays.asList(EMAIL));
IOS:
loginButton.readPermissions = #[#"public_profile", #"email"];
I'm trying to implement signin/-up via facebook, but do not receive email address on request. Sure, I've grabbed the email permission before, but no success.
So I tried with FB Graph API Explorer and again my private account. Yes, access token with email permission, but no email will be delivered, instead "Field is empty or disallowed by the access token".
Access token? Just created, with email permission.
Empty? How could it be, when it is required on signup?
Using a different account of a friend, worked like a charm. Could it depend on my account settings?
Even if the permissions are given, a user can turn Platform off in the Apps Settings. Check the settings and permissions your App is showing, here: https://www.facebook.com/settings?tab=applications§ion=opt_out&view
If its alright, you can follow this discussion: Register with Facebook sometimes doesn't provide email
Thanks for answer. I spent a lot of time to figure out what is going on. It seems, that my email address caused the problem, which is facebook#mydomain.com. After changing to a different one, without facebook in it, I get response as expected.
Is it possible to force a Facebook access token to expire in the new 3.2 Facebook SDK? I need to test the auth logic in my iOS app.
I know this has been asked in the past.. but all answers I have found are not relevant.. as Facebook keeps changing their API.
Thanks.
An easy way to force expiration of an App Access Token is to revoke that App's permissions in the user account (deleting the App from your FB account settings). That token becomes invalid immediately. Note that upon reauthorization of the app, it's likely that you'll get the same token back, just that it'll be valid this time 'round.
Jai's answer is a great way of doing it, here is a programmatic way of clearing your session.
Try this line of code:
[FBSession.activeSession closeAndClearTokenInformation];
Changing the user's password on Facebook also invalidates the token. I'm seeing some edge-cases, however, where the different auth errors behave a little differently. If anyone knows of a way to forcibly expire the token, that would be helpful.
In work I got a task (we MUST work with ASP Classic by the way): when user posts a blog, a link to that blog should be posted automatically on user's facebook timeline and in his twitter. I made everything working, but there is one problem: user needs to be signed in to post. I've made the cheking if he's logged in, and if not he must log in.
But I need to avoid the logging-in step and make it automatic (by sending user's username and password as part of the data sent to twitter/facebook or something like that), but I can't figure out how to do that or if it's even possible at all.
Any ideas? Would greatly appreciate any help.
P.S.: for the twitter part I used http://scottdesapio.com/VBScriptOAuth/
for the facebook part I used a combination of: http://snipplr.com/view/61108/facebook-app-login--authorization-entirely-clientside/
Everything works, but is it possible to automatize the user's sign-in part?
Finally I managed to make the both things automated...
The problem with Twitter was that I didn't store request token in session, that's why I got "Could not authenticate you" error.
Can't remember what I did wrong with Facebook (some co-workers helped me out), but I guess I didn't make proper http requests...
So the answer is: yes, it is possible to automatically post to Twitter and Facebook without user sign in.
If I am not wrong then your logged in user in facebook for current browser is not authorize for your app.
I think you should try googling about "How to authorize users into app". OR
If you don't mind I am giving you the direct URL to go to that setting page for your app:
https://developers.facebook.com/apps and then go to your app then after from left side bar go to roles and then after click on test user tab from top of page and then click on add button it will opne one pop-up to add a user.
In app you have to add test user for testing purpose and have to login for that added test user, so added user will be authorize for that app and you will be able to test.
Thank you...
I've been trying to solve this problem for a while now and I can't seem to get it to work.
I want my website's users to link their facebook account with my website. So they can see their stream e.t.c on my site.
All of this is working fine. But now I want to give the users an option of being able to disconnect their facebook account from my site.
In order to do this, all I do is delete the offline authentication key that I have with me. But the next time, the user tries to reconnect their facebook, I get an error which says "An error has occured"
The user has deleted permissions on my end but has not revoked access to my app on facebook. This is when the issue occurs. Is there a way for me to revoke access through the api?
You you delete the access token on your end then you need to get a new one through the API when they want to "reconnect".
Also be aware that the offline_access permission is going away:
https://developers.facebook.com/roadmap/offline-access-removal/
So this is something you're going to need to be doing in the future anyway.
I figured out that the solution to my problem was to send a DELETE request to /user_id/permissions with the access_token.
This deletes all permissions for the app.