This is the FB Url I am trying to access.
https://graph.facebook.com/oauth/authorize?client_id=694aa71aed60fb9d79aae04b81ff27c8&redirect_uri=http://localhost/TestConnect/Facebook.aspx&scope=email,user_about_me,user_interests,user_likes,user_location,user_notes,user_education_hi
It says
The page cannot be displayed
There are too many people accessing the Web site at this time.
It was working fine until last night
Even when I type it in the browser, it has no response. All it shows me is a green progress bar even after 20min
What should I do?
Thanks
SC
Here is your URL :
https://graph.facebook.com/oauth/authorize
?client_id=694aa71aed60fb9d79aae04b81ff27c8
&redirect_uri=http://localhost/TestConnect/Facebook.aspx
&scope=email,user_about_me,user_interests,user_likes,user_location,user_notes,user_education_hi
When changing redirect_uri to http://localhost it works fine for me. So I guess it is your page http://localhost/TestConnect/Facebook.aspx that does not works fine.
The redirect_uri will be called with GET parameters, be sure to handle them correctly :
If the user allows your app, he will be redirected to :
http://localhost/TestConnect/Facebook.aspx?code=...
and you will need to get a ask an access token to facebook with that code (the code parameter) by calling :
https://graph.facebook.com/oauth/access_token
?client_id=YOUR_APP_ID
&redirect_uri=YOUR_URL
&client_secret=YOUR_APP_SECRET
&code=THE_CODE_FROM_ABOVE
If the user doesn't allow your app, he will be redirected to :
http://localhost/TestConnect/Facebook.aspx
?error_reason=user_denied
&error=access_denied
&error_description=The+user+denied+your+request.
so you can detect that error by testing the get parameter error.
Hope that helps !
Related
vendor/knpuniversity/oauth2-client-bundle/src/Client/OAuth2Client.php:
When I logout user and try to login with facebook again, often I get this exception - InvalidStateException. "User see Invalid state parameter passed in callback URL." Thats because there is no data in session. But why that can happen?
Using this bundle:
https://github.com/knpuniversity/oauth2-client-bundle
This is called from my facebook authenticator class:
public function getCredentials(Request $request)
{
// this method is only called if supports() returns true
return $this->fetchAccessToken($this->getFacebookClient());
}
Also noticed if I try again to login with facebook after this exception, then it logs in succesfully. But later noticed this is also not always the case.
I am thinking there is soemthing to do with race condition somewhere, because when I use xdebug and code stops at breakpoinst, it often workse ok.
The problem was chrome sending 2 requests because of prefetching.
https://www.keycdn.com/support/prefetching
When I enter url in address bar (for testing I had not made facebook button yet) chrome instantly loads it. Then I press enter and it loads it again. And things start happing what is unexpected when there are 2 requests to login with facebook.
Tested on firefox, there is no such problem. When I have made link to login to facebook and so I dont have to type in address bar, it also does not make prefetch and problem is gone on chrome also.
I am building a website app in MVC5 that allows a user to login using Facebook/Twitter. Once they are logged in we will look through their photos for ones marked with a certain hashtag.
I have the login working for both FB and Twitter - and using Linq2Twitter I can get the and post photos.
However with Facebook I am having some problems. My understanding with Facebook is that after the login I have to make a second call to https://graph.facebook.com/oauth/access_token in order to get a short lived access token.
However this call requires a "code" and a returnUri. I am unsure what this code is or how to get it, and what return URI to use.
My startup.Auth.cs looks like this
var facebookOptions = new FacebookAuthenticationOptions();
facebookOptions.Scope.Add("user_photos");
facebookOptions.AppId = ConfigurationManager.AppSettings["facebookAppId"];
facebookOptions.AppSecret = ConfigurationManager.AppSettings["facebookAppSecret"];
app.UseFacebookAuthentication(facebookOptions);
And everything logs in fine and I end back at ExternalLoginCallback
So where do I go from here. How do I find this code and what returnUri do I use in order to get the access code.
Once I have this access code I plan to call (https://developers.facebook.com/docs/graph-api/reference/v2.1/user/photos)
Hopefully I am going about this the correct way and my question makes sense
Many thanks.
Okay - This solves my problem
http://blogs.msdn.com/b/webdev/archive/2013/10/16/get-more-information-from-social-providers-used-in-the-vs-2013-project-templates.aspx
I'm trying to integrate realtime updates for user pages. I have a callback running on a given HOST url. Having this the subscription creation is:
G = facebook.GraphAPI()
app_token = config['FACEBOOK_APP_ID'] + '|' + config['FACEBOOK_SECRET']
path = config['FACEBOOK_APP_ID'] + '/subscriptions'
post_args = {'access_token' : app_token, 'callback_url' : HOST, 'fields' : 'feed', 'object' : 'page', 'verify_token' : 'token'}
G.request(path, post_args=post_args)
This seems to work just fine and a subscription is created. After this, for a given user I get oauth credentials with perms = ["publish_stream", "offline_access", "manage_pages", "publish_actions", "read_stream"]
Using this access token, I do a subscribe by adding the app to the page tabs:
G = facebook.GraphAPI(access_token)
path = "/%s/tabs" % page['id']
G.request(path, post_args={'app_id' : config['FACEBOOK_APP_ID']}
Now things work.... sort of. First thing is I'm not sure exactly how facebook testing should work in practice. Basically I created a bunch of test users using the app settings on developers page. Then using one of these users, I create two separate pages Page1, Page2 and I registered the app as a tab on these pages. Posts issued from the test users, or from the real user I created the app with are picked up. But I try to find one of the pages from some other real user (so not a test one and not the one I created the app with) and I cant. Even if I copy paste the entire URL, I just get a redirect to the first page. Are those pages only visible inside my own test app/users context ? Should I create a page from my real account and test with that? I'm just curious on how would I go around testing this in a real setup. Would I get ALL comments / posts on that page regardless of the user who does the posting or just posts from the Page / Admins of the page ?
Another separate problem I'm having is creating a comment from some user. So I'm using the exact same access token I've got above, and having a post from someone come it, I want to issue a reply in the form of a comment on that post. I have the facebook post id, so I just:
graph = facebook.GraphAPI(access_token)
graph.put_comment(facebook_post_id, message)
Say I issue this command using the access token I got from TestUser1 on a post that came on his own page Page1 . I would expect that the comment be posted on behalf of TestUser1 but instead it gets posted on behalf of Page1 . Is this expected as a side effect of the token I'm using? I've read here https://developers.facebook.com/docs/facebook-login/access-tokens/ that there are user access tokens and page access tokens; but I've tried the exact same thing with a token without the 'manage_pages' perms and still get the same thing.
Cheers, Bogdan
This question has been asked a few times on Stack, but there have been no real answers. Let me try to explain my situation anyways.
We use an application that uses Facebook OAuth2 login. This login used to work fine till last week, and all of a sudden it is troubling us now.
Application Flow:
Step 1: User presses login with Facebook button on our website
Step 2: Redirected to Facebook login/authorization page
Step 3: On authorizing the app, the callback comes to our application, with a short lived "code" param.
Step 4: This "code" param would be exchanged for a 60 day Access token using "https://graph.facebook.com/oauth/access_token" URL.
Error in Step 4:
When we try to exchange the short living "code" for the access token, we get this error from Facebook.
{"error":{"message":"This authorization code has been used.","type":"OAuthException","code":100}}
Observation:
For users who are newly coming to the application, the above-said error does not occur.
For a returning user this call fails with the above-said error.
Our application is live for more than 9 months now, and this error has come only in the past 7-10 days. We have had thousands of users using it successfully prior to that.
What I already got from Forums:
Here is my interpretation of what I read. May be inaccurate.
Facebook has some weird policy that necessitates the app developer to maintain the temporary 10 minute code until the 60 day code that was obtained during the first login expires. So we should create a cookie with the Access token on the user's browser. I was even able to see people modifying their code in order to create the cookies.
What's really bothering me?
The suggested solutions assumes that the cookie that they create would be present in the user's browser always. This is a bad assumption to make, as the cookie may be erased at any time.
I have another app Id/app secret that I use for my development (i.e localhost), and that works perfectly. The login happens fine out there, But its only the product machine that has the problem.
This problem didn't happen on the production machine for nearly 10 months since we launched the app, and it has come all of a sudden. Worst of all, I am unable to get any record of recent changes that breaks this flow.
Edit:
Platform: Python, Google Appengine. We do not use any Facebook SDKs, we make direct HTTP Calls to all the login URLs.
Call that fails : https://graph.facebook.com/oauth/access_token - we are passing the appId, secret and code (obtained from facebook) within 20 seconds of the first call happening.
Hope there is enough information here to show that our code is not totally incorrect. Any tips/pointers from people who have encountered and solved this problem is Welcome. If its a Facebook bug, and the Facebook dev comes to notice, I would be even happier.
I got round this issue by using a random GUID which is appended to each callback url i pass into facebook. It seems the code that facebook returns is made up of a few parts including the redirect_uri parameter you have to specify. By using this GUID trick, your app continues to work but facebook thinks it's a different URL hence generating a new code.
If you store that GUID in a temporary session, it's always the same. Here's a very cut down version of what I mean. I'm using C# but the solution will be the same:
Before i start the oauth process:
Session["facebook_buster"] = System.Guid.NewGuid().ToString();
Then to kick off the login:
var facebook = new FacebookClient();
var loginUrl = facebook.GetLoginUrl(new
{
client_id = ...,
redirect_uri = ..."/facebook/oauthcallback?buster=" + Session["facebook_buster"].ToString(),
display = "popup",
scope = "publish_stream,user_photos"
});
And then in my callback method, when I want to exchange that code for a new access_token:
var facebook = new FacebookClient();
dynamic result = facebook.Post("oauth/access_token", new
{
client_id = ...,
client_secret = ...,
redirect_uri = ..."/facebook/oauthcallback?buster=" + Session["facebook_buster"].ToString(),
code = Request["code"] // this is the returned code from the first method
});
Note in that second method i'm using the same session key so that the authorization code is successful.
Been testing this all morning by revoking permissions / manually changing my stored access_token (in my db) / removing my stored access_token completely and it works every time.
Hope this helps!
I struggled with this today for a while too. Not sure if you're using the Facebook PHP class (from what you wrote, it seems you don't), however, it could be a pointer anyways - the problem was that the Facebook PHP library seems to obtain the token from the code automatically and I was trying to do it again.
I have a probleme with my Signed Request on my facebook application. The first time is good, and i know if the user like or not my app. But when I reload the application (link, form, like) i loose the Signed Request, (only refresh [F5], and unlike works)..
I realy don't understand why ??
Links don't work anymore :(
This is my test page : https://www.facebook.com/pages/TestCactOos/255835411190164
And the test app : https://www.facebook.com/pages/TestCactOos/255835411190164?sk=app_335457189856398
On app, you can see $facebook, $_REQUEST and $_SERVER informations.
Thank you all for your time and help.
The signed request is in the header of the referral from Facebook. It's not maintained from link to link, since the subsequent referrals will be from your own pages. Use the signed_request to get some info and keep that in your session between pages.
You are just one time able to get the signed_request. That is exactly when Facebook loads your App in an iframe. Then you must have to save the signed_request for further usage (subpages). There you have to check for the data via $_REQUEST or fall back to your stored signed_request values.
Here is an small example of the fbHelper component. I hope this might give you some ideas how to handle the issue:
Source: http://www.facebook.com/HelperComponentlCommunity/app_412923142052609
if(array_key_exists('signed_request', $_REQUEST))
$signed_request = $_REQUEST['signed_request'];
elseif(array_key_exists('signed_request' . $this->pageId, $_SESSION))
$signed_request = $_SESSION['signed_request' . $this->pageId];
else
return false;
$facebook_data= $this->parse_signed_request($signed_request);