Users on my site can login with Facebook from this page: https://www.wonderweddings.com/login
However, I'm getting the error
Can't Load URL: The domain of this URL isn't included in the app's domains. To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings.
I checked these posts to see what I could do:
How to turn off "Use Strict Mode for Redirect URIs" in facebook app
Facebook OAuth "The domain of this URL isn't included in the app's domain"
So I added what I thought were all possible URLs, but I keep getting the same error. Whether I disable or enable "Enforce HTTPS" does not matter. I also tried with "Embedded Browser OAuth Login" enabled and disabled.
https://www.wonderweddings.com/login.aspx
https://www.wonderweddings.com/login.aspx?loggedin=true&scope=email
https://www.wonderweddings.com/login
https://www.wonderweddings.com/login?loggedin=true
https://www.wonderweddings.com:443/login.aspx
https://www.wonderweddings.com:443/login.aspx?loggedin=true&scope=email
https://www.wonderweddings.com:443/login
https://www.wonderweddings.com:443/login?loggedin=true
I also tested if appId or app secret was changed due to saving, but that is not the case either.
I have a copy of this site running on another domain. This domain connects to another app, but other than that has similar settings, only this other app still has the setting "Use Strict Mode for Redirect URIs" disabled. There my code works perfectly. So I'm sure it's something I'm missing on Facebook with these settings.
My settings:
What else can I try?
The login button on your site is currently loading this URL:
https://www.facebook.com/v2.8/dialog/oauth?client_id=143381855734017&redirect_uri=https://www.wonderweddings.com/login.aspx?loggedin=true&scope=email
Facebook receives these query parameters:
client_id = 143381855734017
redirect_uri = https://www.wonderweddings.com/login.aspx?loggedin=true
scope = email
So the callback they are expecting is probably: https://www.wonderweddings.com/login.aspx?loggedin=true
Note that to be safe, the callback parameter should be URL encoded so that special characters are handled correctly (: / ? = all mean something in URLs)
You should change your site so that the link it opens is:
https://www.facebook.com/v2.8/dialog/oauth?client_id=143381855734017&redirect_uri=https%3A%2F%2Fwww.wonderweddings.com%2Flogin.aspx%3Floggedin%3Dtrue&scope=email
There has been Facebook update in October 2017. Use Strict Mode for Redirect URIs is now always enabled in Facebook App dashboard.
Solution in my case was related to that update: make sure that Valid Oauth redirect URIs input contains the same URI as provided in redirect_uri param.
I am trying to implement Dreamfactory OAuth in Ionic app.
I am following this resource for implementation:
http://wiki.dreamfactory.com/DreamFactory/Tutorials/Using_OAuth
This is the call I am making:
$http.post('/api/v2/user/session?service=facebook').then(function (result) {
console.log("result: "+ JSON.stringify(result));
});
The log above shows me json data as it itself redirects to the facebook url returned by the call and it just returns HTML for that facebook page.
Is there a different approach I should be using in hybrid/Ionic apps for DF OAuth login?
Make that an Ajax call (or simply set request header [X-Requested-With: XMLHttpRequest]). This will return the actual URL that is needed, not the redirected response in html. Let me know if you have any questions.
I'm new to creating extensions so please bear with me.I'm trying to create an extension that shares the current page URL via Facebook. I followed the instructions Facebook developers site and created a project but i don't know what to put up as the app domain because local host works but chrome-extension://"id" doesn't.
On clicking share button, Error appears"Can't Load URL: The domain of this URL isn't included in the app's domains. To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings."
What do I put as the app domain and url?
I had the same problem. This is my solution:
Turn on Embedded Browser OAuth Login in facebook login settings (https://developers.facebook.com/apps/ -> choose your app -> Add product)
Implement manually login flow (https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow). Open oauth url in new tab, listen on changes and than when tab update to success page get from url access token, save token to storage and remove tab.
User facebook graph api (https://developers.facebook.com/docs/graph-api)
Use chrome.identity api to avoid protocol issue. It's looks like:
let options = {
interactive: true,
url: 'https://www.facebook.com/dialog/oauth?' +
stringifyQuery(Object.assign({
app_id: 'your app id here',
redirect_uri: `https://${chrome.runtime.id}.chromiumapp.org/provider_cb`,
response_type: 'token',
access_type: 'online',
}))
};
chrome.identity.launchWebAuthFlow(options, function (redirectUri) {
if (chrome.runtime.lastError) {
callback(new Error((chrome.runtime.lastError as string)));
return;
}
const response = parseUrl(redirectUri);
access_token = response[`#access_token`];
callback(null, access_token);
});
Is there a way to deny direct access to the application server for a facebook application?
Facebook loads the application via an iFrame src=http://app-domain/, but you can clearly view the page source and find out that domain and copy paste the URL into a browser and view the application directly.
There is this signed_request and oauth_token in the API, I was wondering how to use that or if I can use that to limit direct access to the application.
So if a user inputs in the browser your application's URL he gets redirected to Facebook.
Thank you.
EDIT:
I found a way that also works with form submission.
// Signed request
$signed_request = $facebook->getSignedRequest();
if(!$signed_request) header("Location: " . $settings['appBaseUrl']);
This redirects the browser while accessing the application directly and not through facebook.
It will not work if javascript is disabled.
<script type="text/javascript">
var isInIFrame = (window.location != window.parent.location) ? true : false;
if(!isInIFrame){
window.location = 'link-of-application-page';
}
</script>
You'll need some Javascript to detect whether you're in Facebook's frame and if you're not, redirect to it.
I found a way that also works with form submission. (Works for me, it might not work for you. Test it first.)
// Signed request
$signed_request = $facebook->getSignedRequest();
if(!$signed_request) header("Location: " . $settings['appBaseUrl']);
This redirects the browser while accessing the application directly and not through facebook.
I'm trying to integrate my project with Facebook. I'm taking baby steps at first and just trying to login, get a Facebook session, and get some user data. I'm developing it locally so my Facebook application settings are:
site URL: http://127.0.0.1:8888/mySite/
The canvas URL is the same as above. I haven't specified a site domain.
However, when I click on the login button, I get an error:
API Error Code: 191
API Error Description: The specified URL is not owned by the application
Error Message: redirect_uri is not owned by the application.
At the moment I haven't written any server-side code to deal with redirects, etc. All I've done is add the JavaScript SDK based on the tutorial in Facebook for Websites.
What have I done wrong? It's obviously something to do with my Facebook application settings, but I can't see what!
UPDATE:
To answer the API Error Code: 191
The redirect_uri should be equal (or relative) to the Site URL.
Tip: Use base URLs instead of full URLs pointing to specific pages.
NOT RECOMMENDED: For example, if you use www.mydomain.com/fb/test.html as your Site URL and having www.mydomain.com/fb/secondPage.html as redirect_uri this will give you the 191 error.
RECOMMENDED: So instead have your Site URL set to a base URL like: www.mydomain.com/ OR www.mydomain.com/fb/.
I went through the Facebook Python sample application today, and I was shocked it was stating clearly that you can use http://localhost:8080/ as Site URL if you are developing locally:
Configure the Site URL, and point it
to your Web Server. If you're
developing locally, you can use
http://localhost:8080/
While I was sure you can't do that, based on my own experience (very old test though) it seems that you actually CAN test your Facebook application locally!
So I picked up an old application of mine and edited its name, Site URL and Canvas URL:
Site URL: http://localhost:80/fblocal/
I downloaded the latest Facebook PHP-SDK and threw it in my xampp/htdocs/fblocal/ folder.
But I got the same error as yours! I noticed that XAMPP is doing an automatic redirection to http://localhost/fblocal/ so I changed the setting to simply http://localhost/fblocal/ and the error was gone BUT I had to remove the application (from privacy settings) and re-install my application and here are the results:
After that, asked for the publish_stream permission, and I was able to publish to my profile (using the PHP-SDK):
$user = $facebook->getUser();
if ($user) {
try {
$post = $facebook->api('/me/feed', 'post', array('message'=>'Hello World, from localhost!'));
} catch (FacebookApiException $e) {
error_log($e);
$user = null;
}
}
Results:
For me, it was a missing app domain. Go into the app, and make sure that you have the root of your site set up as an app domain. See screenshot.
This is just because of a URL mistake.
Whatever website URL is specified should be correct.
I mentioned website URL as http://localhost:3000/
and domain as localhost, but in my browser I was running http://0.0.0.0:3000/.
When I ran server as localhost:3000 it solved the problem.
As I mentioned, the site URL as localhost Facebook will redirect to the same, if we are running
0.0.0.0:3000, it will rise error that "Given URL is not allowed by the Application configuration".
I was also facing the same problem when I am using the facebook authentication method.
But I rectify that issue with following changes in Facebook api (Apps >> My App >> Basic).
I removed the url which i have given in
===> App on Facebook (Canvas URLs)
I gave site url only in
===> Website with Facebook Login option
Then i gave that AppId and App Secret in my webpage.
So by clicking on login button, It ask for access permissions then it redirect it to give url (Website with Facebook Login ).
I fixed this by passing the redirect url to the FacebookRedirectLoginHelper::getAccessToken() in my callback function:
Changing from
try {
$accessToken = $helper->getAccessToken();
}
...
to
try {
$accessToken = $helper->getAccessToken($fbRedirectUrl);
}
...
I am developing on a vagrant box, and it seems FacebookRedirectLoginHelper::getCurrentUrl() had issues generating a valid url.
Had the same problem:
$params = array('redirect_uri' => 'facebook.com/pages/foobar-dev');
$facebook->getLoginUrl($params);
When I changed the redirect_uri from the devloper page to the live page, 191 Error came up.
So I deleted the $params:
$facebook->getLoginUrl();
After the app-request now FB redirects to the app url itself f.e.: my.domain.com
What I do now is checking in index.php of my app if I'm inside FB iframe or not. If not I redirect to the live FB page f.e.:
$app = 'facebook.com/pages/foobar-live';
$rd = (isset($_SERVER['HTTP_REFERER'])) ? parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) : false;
if ($rd == 'apps.facebook.com' || (!isset($_REQUEST['signed_request']))) {
echo '<script>window.parent.location = "'.$app.'";</script>';
die();
}
I have noticed also that even if you specify your website under secion - Website With Facebook Login -> Site url as e.g. http://example.com, but if your App Domains section is empty, and you open website as www.example.com you will get this error, too. To avoid it in "App Domains" section write example.com, that will allow subdomains, like www.example.com, something.example.com etc
in the facebook App Page, goto the basic tab. find "Website with Facebook Login" Option.
you will find Site URL: input there put the full URL ( for example http://Mywebsite.com/MyLogin.aspx ). this is the URL you can use with the call like If the APP ID is 123456789
https://graph.facebook.com/oauth/authorize?client_id=123456789&redirect_uri=http://Mywebsite/MyLogin.aspx&scope=publish_actions
Something I'd like to add, since this is error 191 first question on google:
When redirecting to facebook instead of your own site for a signed request, you might experience this error if the user has secure browsing on and your app does redirect to facebook without SSL.
Working locally...
I couldn't get the feeds api to work, but the share api worked pretty much straight away with no problems.
For me it's the Valid OAuth Redirect URIs in Facebook Login Settings. The 191 error is gone once I updated the correct redirect URI.