I want to use the device authentication as described in the documentation ( http://developers.facebook.com/docs/authentication/devices/ ) but I can't use it to authenticate with my facebook app, the return is always:
{
"error": {
"message": "Unsupported type: 'device_code'. Supported types: web_server, user_agent, client_cred, username",
"type": "OAuthException"
}
}
This seems to a be a known problem for several months. I've found several people with the same problem but it seems that they gave up or didn't bother to post the solution (example: http://forum.developers.facebook.net/viewtopic.php?id=91645#p322091 )
Can anyone use "https://graph.facebook.com/oauth/device?type=device_code&client_id=150792241632891" with their own applicationID?
I had another answer here but it seems that device auth for Facebook is behind a whitelist, i'm not sure how to apply - the docs probably shouldn't be publicly visible if the functionality isn't though, i'll try to see why that is
Related
I am having some unusual errors while fetching some data for some users via graph API.
As for example w all know we can get basic user info via graph.facebook.com/username
And it works. But it is not working for some users. Like the user www.facebook.com/sanzida.tanzum is a valid facebook user. So, we should get her basic info via graph.facebook.com/sanzida.tanzum. But when you will try that, you will get the error
{
"error": {
"message": "Unsupported get request.",
"type": "GraphMethodException",
"code": 100
}
}
And it is not a permission issue because use user herself gets the same error when she try to retrive her own data via graph API. Actually the user sanzida.tanzum is invisible to graph API. For example user sanzida.tanzum is on my friend list. You can check here. my friendlist.(it is public). But when I retrive my friendlist via graph API, my friendlist is shown excluding the user sanzida.tanzum ! But she is in my friendlist!
I have tried to contact facebook for this matter because I did not find any doccument related to this matter. They replied it is usual. (probably they did not read my mail at all. I am including the email conversation with facebook)
Hi তৌফিক,
They are getting errors because they are not you... they dont have
permissions to see the same things you do. They might also be missing
an access token. Either way: no bug here.
Thanks,
Emrakul Security Facebook
-----Original Message----- From: *****#ovi.com To: Subject: Report a Security Vulnerability - Unusual bug in facebook graph API
Your Email Address: *****#ovi.com Do you have technical details of
a security vulnerability?: Yes Vulnerability Type: Privacy /
Authentication Vulnerability Scope: Platform Developer API Title:
Unusual bug in facebook graph API Product / URL:
https://graph.facebook.com/sanzida.tanzum Description and Impact: I
was doing some graph API calls for testing purpose. Mostly I was doing
mostly user profile calls. (https://graph.facebook.com/exampleuser)
Somehow I realized facebook is giving following errors for some users
even they are on my friendlist. Same thing occurs when they try by
themselves.
As for eample the user "https://www.facebook.com/sanzida.tanzum" is on
my friendlist. (My friendlist is public.You can check if you want.)
So, according to facebook graph API, I can request the user's basic
info using (https://graph.facebook.com/sanzida.tanzum) But it returns
this error:
"{ "error": {
"message": "Unsupported get request.",
"type": "GraphMethodException",
"code": 100 } }"
Actually graph API can't access nothing of this user. Another
example.. When I request my friendlist via graph API , All friends of
my friendlist is shown except the user (sanzida.tanzum). But she is in
my friendlist! check here (my friendlist is public)
"https://www.facebook.com/toufiqueimam/friends". So why is this
happening only for few users?
Just now I got confirmation that the user herself gets the same error
if she tries to access (https://graph.facebook.com/sanzida.tanzum)
{ "error": {
"message": "Unsupported get request.",
"type": "GraphMethodException",
"code": 100 } }
Reproduction Instructions / Proof of Concept: Reproduction: first go
to https://www.facebook.com/sanzida.tanzum You will see it is a valid
profile. Now try https://graph.facebook.com/sanzida.tanzum You will
get following error
{ "error": {
"message": "Unsupported get request.",
"type": "GraphMethodException",
"code": 100 } }
This isn't a bug, the error means that the data you're trying to access is not accessible to you, does not exist, has been deleted, is not available because you haven't provided an access token from a user who can see it, etc.
See this answer for an example of this error message in relation to Facebook pages: https://stackoverflow.com/a/6847088/21062 - the same is true when trying to access user profiles if that user has blocked you, blocked your app, disabled their account or disabled all apps from accessing their information.
Just an FYI, I ran into this problem, and it wasn't because the user had blocked all applications. In my scenario, my application was attempting to force-convert Facebook's 64 bit integers into a 53 bit JavaScript integer (Node application). It was mangling the value, so when I was making the Facebook GET Request later on in my application lifecycle, I was doing so with the mangled value, and Facebook was trying to tell me "Um, this UserId doesn't exist".
So in my application, I had to use the Node Big-integer add-on, along with the Mongoose mongoose-long plugin for my Mongodb.
Long story short, if you are converting the UserId to it's native 64 bit integer, don't do so unless the intger type in your application is at least 64 bits.
I'm following the documentation here:
https://developers.facebook.com/docs/opengraph/using-object-api/
Using the following:
/me/objects/<app-namespace>:<created-object>?privacy={"value":"SELF"}
&object={"image":"https://<image-url>"}&access_token=<user-token>
Testing with the Graph API tool i'm getting this error:
{
"error": {
"message": "(#200) Requires extended permission: publish_actions",
"type": "OAuthException",
"code": 200
}
}
Ok well that seems obvious until I debug the access token:
Valid True
Origin Mobile Web Faceweb
Scopes publish_actions, user_friends
Anyone else seen this or have an idea of how to fix it?
EDIT Ok so I had publish_actions in both User & Friends and Extended permissions. I removed the User & Friends permission and now I get this:
{
"error": {
"message": "An unknown error has occurred.",
"type": "OAuthException",
"code": 1
}
}
Me no like unknown.
Ok so a couple things to note here that went wrong.
I picked an object type as an item thinking it would be <myapp>:item in the call. Well as it turns out the item is actually a product type so it is product.item a global type. What is handy is to actually click the get code link on the objects you create. Solution was to actually create my own app object type, which I thought I had.
In the Graph API make sure you actually use the application pull down in the top right to select the right app. I noticed some issues when it was set to the generic Graph API Explorer app.
Silly mistakes but cost me some time, hope it helps someone else.
When making an http post:
https://graph.facebook.com/oauth/device?type=device_code&client_id=myclientid
I'm getting an http 400 error. Am I doing something wrong here? Is device_code supposed be something other than device_code? It doesn't look that way here:
https://developers.facebook.com/docs/authentication/devices/
I'm just starting to experment with browserless facebook auth.
Well, clicking https://graph.facebook.com/oauth/device?type=device_code&client_id=myclientid gets you a pretty clear error message:
{
"error": {
"message": "Unsupported type: 'device_code'. Supported types: web_server, user_agent, client_cred, username",
"type": "OAuthException",
"code": 1
}
}
The linked specification though says:
type
REQUIRED. The parameter value MUST be set to "device_code".
As Facebook is stating:
Both the specification and our implementation are constantly being refined, however, so some subtle differences should be expected.
that could be some temporary glitch between implementation and documentation.
Anyway, are you sure you already would have access to device authentication?
Please note that we are currently testing Device Authentication with a limited number of partners. It is not currently available for general use, and we are not accepting additional applications for access.
If you use the following URL(only the appId is changed) you will get result. It will return a code, id, verification URI etc. The fact is that the device flow api will work only for the above appId and which is provided by facebook. No other AppIds wont work. Everything will return an error like this
{
"error": {
"message": "Unsupported type: 'device_code'. Supported types: web_server, user_agent, client_cred, username",
"type": "OAuthException",
"code": 1
}
}
So a few months ago my facebook app worked, and now I get a:
{ "error": { "type": "OAuthException", "message": "Invalid redirect_uri: Given URL is not allowed by the Application configuration." }
So I googled about that, and read that the cause might be that I didn't specify a site domain in the app settings. So I did that, but Facebook told me that this won't work unless I also specified a website or mobile device adress. But up to now I had this just set as App and neither Website nor mobile thingy. So now I also have to check "website" in addition to "application?" This is confusing.
Anyway, so I thought "whatever" and set it also as website in the app settings. But I still get the same error.
I read something about a channel file? So I have to create one of those or something?
I'm lost and thankful for any advice.
This error is almost always when you're trying to redirect the user to a URL other than your app or website, check that you're actually redirecting them to the correct place
I did quite a bit of homework before posting here but still could not find a solution for the following problem.
PROBLEM: when trying to access my facebook app's insights or subscriptions, it returns
{
"error": {
"message": "An access token is required to request this resource.",
"type": "OAuthException"
}
}
I do everything according to the official documentation:
get app access_token by calling this api. It does return a token.
https:// graph.facebook.com/oauth/access_token?client_id=APP_ID&client_secret=APP_SECRET&grant_type=client_credentials
get insights/subscriptions by calling: https:// graph.facebook.com/APP_ID/subscriptions?access_token=TOKEN_FROM_STEP_1
but the last call returns the error message above.
Any ideas why?
After many trials and errors I found the solution.
Change facebook app type to 'Web' instead of 'Native'
Apparently facebook doesn't return subscriptions/insights for native apps