I'm trying to use facebook's oauth.
Basically facebook has to return me a "code" parameter.
But i get nothing, it just return my callback url (to the exact same url).
i'm generating this url with my app.
http://www.facebook.com/dialog/oauth?client_id=76209388873&redirect_uri=http%3A%2F%2Ffb.lous%2Fmain%2Ffacebook_callback&scope=read_stream
I used other parameters and options, just when i set response_type=token
i get parameter list for javascript (with # character instead of ?, its for client side, i'm trying to write some api bot)
So right now i can't get any parameter with someway.
I tried to solve exactly the same thing for several hours. In my case it turned out to be a stupid redirect problem. Facebook correctly redirected back to http://www.mysite.com with the code parameter, then my webapp redirected to http://www.mysite.com/users/login (because the user wasn't logged in yet). On the second redirect I lost the code parameter.
Related
I am at this step in getting my app started in the documentation:
https://developers.facebook.com/docs/appsonfacebook/tutorial/#auth
In there is a code block that (supposedly) forwards the user to a request dialog asking permission to access certain bit of information about them. I've placed this code block into the PHP script that my canvas URL points to, and changed the $app_id and $canvas_page to my application ID and canvas URL respectively. Instead of getting the expected dialog, I receive this following error from facebook:
"An error occurred. Please try again later."
No other details about the error are present. I've tried some variations of the script, and have even tried loading up this URL directly just to see if that would work. Note that I've replaced YOUR_APP_ID and YOUR_CANVAS_PAGE with the appropriate values and made sure that spelling and/or punctuation are correct:
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_CANVAS_PAGE&scope=email,read_stream
For the redirect URL, I've tried prepending it with http://, https://, and no prefix at all. All with the same result.
My question: is the example in the documentation broken, or is the oauth link provided in the documentation currently down? The vague nature of the error is somewhat frustrating since I can't tell if it's something I'm doing wrong or if it's facebook's oauth function that's at fault.
So, the problem was that instead of using the numeric application ID that facebook assigned for me when I originally created the app as the YOUR_APP_ID parameter in the OAuth URL, I was using the application namespace string. Facebook didn't understand this sort of request, and returned the generic error message.
Once I used the numeric app ID, the OAuth dialog popped up to ask permission to access my account, as expected.
I am using the auth_nonce parameter during the server-side authentication flow. However, I'm getting a problem where sometimes Facebook doesn't return the auth_nonce argument in the final step, which of course causes the authentication to fail.
Often it works just fine. These cases are when the user is initially logging in to my application, and I request that Facebook reauthenticate them (auth_type=reauthenticate). I've never seen this fail.
When it does fail, it's always after the user has logged in, and their auth_token has expired, and I'm silently reauthenticating them between page loads to get a new auth_token.
In these latter cases, the URL redirection looks something like this:
http://myapplication.url (notices token is expired, so sends the user to...)
https://www.facebook.com/dialog/oauth?client_id={APP_ID}&redirect_uri=http%3a%2f%2fmyapplication%2eurl%2ffacebook%2fafterlogin&scope=list,of,permissions&display=page&auth_nonce=Vr6EgapnMFIKrbMtVrdcZDTbioGe715pWDtMveA8z4xVNMR5IzGYoPN3rSxf (Facebook redirects them to...)
https://www.facebook.com/dialog/permissions.request?app_id={APP_ID}&display=page&next=http%3A%2F%2Fmyapplication.url%2Ffacebook%2Fafterlogin&response_type=code&auth_nonce=Vr6EgapnMFIKrbMtVrdcZDTbioGe715pWDtMveA8z4xVNMR5IzGYoPN3rSxf&fbconnect=1&perms=list%2Cof%2Cpermissions (Finally, we get redirected back to...)
http://myapplication.url/facebook/afterlogin?code={Big long code here}#_=_
During that last call, I GET the following URL:
https://graph.facebook.com/oauth/access_token?client_id={APP_ID}&redirect_uri={THE_PROPER_REDIRECT_URL}&client_secret={APP_SECRET}&code={Big long code here}
The reply I get back is in the form:
access_token={AUTH_TOKEN}&expires=5083
According to the documentation (and my experience during normal authentication), there should be a auth_nonce parameter in the final reply which I can validate.
Am I doing something wrong here?
Hi
I have Facebook register in my website. I have integrated it completely without any bugs and the values are stored in the database.After the successful registration , it doesn't redirect to the exact url that i have mentioned below.
header("location:http://www.facebook.com/dialog/oauth/?scope=publish_stream&client_id=yyyyy&redirect_uri=".SITE."business.php?action=favouriteshare&id=".$bid."");
It always through invalid url details.Could anyone please suggest some ideas to get this redirect correctly.
Try the following:
wrap the redirect url with quotes '
use the urlencode() method.
The scope parameter is not yet supported. Please vote this ticket to make it happen.
I have this facebook application which adds a custom tab to fan pages. You access the tab by an URL like:
http://www.facebook.com/pages/PAGE-NAME-HERE/PAGE-ID?v=APP-ID
I want to be able to add some extra get parameters to that URL, but it seems they don't get passed correctly because facebook is filtering them. Is there a way to pass those parameters? Even not via GET but some other kind of technique.
If you want to pass multiple querystring params though the app_data param, you can urlencode it.
All querystring params that need to propagate through a Facebook tab should be url-encoded in the app_data var.
In other words, the "&" and the "=" need to be url-encoded (especially if passing more than one param).
Examples
GOOD TAB URL (this passes all 3 params):
https://www.facebook.com/pages/yourpagename/56789?sk=app_12345&app_data=var1%3D123456789%26anothervar%3Drawr%26athird%3Dmeow
In the app_data from this signed request, I got this value: var1=123456789&anothervar=rawr&athird=meow
BAD TAB URL (this passes only the first param through the signed_request):
https://www.facebook.com/pages/yourpagename/12345?sk=app_56789&app_data=var1=123456789&anothervar=rawr&athird=meow
In the app_data from this signed request, I ONLY got this value: var1=123456789 (Facebook dropped the rest)
You can even give your media team instructions like this =)
Media team,
Here is an online utility to urlencode the querysting data you want to
embed in the app_data param: http://meyerweb.com/eric/tools/dencoder/
Base Url: https://www.facebook.com/pages/yourpagename/12345?sk=app_56789&app_data=
Steps:
Go to http://meyerweb.com/eric/tools/dencoder/
Type var1=123456789&anothervar=rawr&athird=meow in the box
Hit the Encode button
You’ll get var1%3D123456789%26anothervar%3Drawr%26athird%3Dmeow which becomes your app_data param. Append that to the baseUrl noted above like this:
https://www.facebook.com/pages/yourpagename/12345?sk=app_56789&app_data=var1%3D123456789%26anothervar%3Drawr%26athird%3Dmeow (this is the URL with the tracking params for the [banner ad] [online media] [etc])
p.s. Querystring params in non-tab pages are handled fine (https://apps.facebook.com/yourappname/Canvas.aspx?var1=123456789&anothervar=rawr&athird=meow does not strip out qs params like what happens in the Tab, for example).
You must pass the app_data parameter in the URL:
http://facebook.com/pages/:page_id/:page_name?sk=app_:app_id&app_data=my_data
You will then access it through the signed_request param. For instance with Ruby and RestGraph:
user = RestGraph.new.parse_signed_request(params[:signed_request)
data = user['app_data'] # => "my_data"
Appending app_data worked for me.
http://www.facebook.com/pages/MyPage/11111111111111?sk=app_22222222229&app_data=foo_bar
Then retrieve signed request using PHP SDK (in my case). app_data is then available in the assoc. array returned.
I was wondering the same, in my case I had needed to pass a parameter "from" to identify if user was using mobile form or web form to login. My app use Spring Security. The way I was able to do that was creating my own SocialAuthenticationFilter:
1) Add a (hidden in my case) parameter to your login form ("from" in this example).
2) Get the right SocialAuthenticationFilter.java source (in accordance with your Spring version).
3) Create your MySocialAuthenticationFilter using it.
4) In method:
getRequestedProviderId(HttpServletRequest request) is where you can
grab your parameter:
private String getRequestedProviderId(HttpServletRequest request) {
String f = request.getParameter("from");
if(f!=null) {
final String dbValue = request.getParameter("from");
request.getSession().setAttribute("from", dbValue);
}
...
And thats all. In this way after a successful authentication you will be able to recover from session your parameter.
Be aware this method is called several times during OAuth exchanging, and when it is called from the authentication provider (Facebook for example) the parameter will be null. That is the reason to check the value before save in session in order to avoid delete your right value.
I answer myself by saying this is not possible.
to connect to an app on facebook, the user types in
www.facebook.com/login.php?api=12312312323123123
how can I add an extra get var to this url and pass it to my script on successful login?
Do you add a redirect_url as part of the login call?
If so you can add the GET parameter to that. For instance let us say you are asking Facebook to redirect to http://tld/fbhandler after user logs in. You can change that to http://tld/fbhandler?extra=value.
This URL is specified at the time of making the (OAuth) login call to Facebook and therefore you can change the value as you see fit.
You cannot do this. Facebook will strip custom query values from the url. I have found that there are two ways to do this. The first is that they will let you have a single query value at the end of the url if you encode the ? to %3F. For example:
redirect_url=http://www.example.com%3FmyextraParameter
You could use this approach to do something like base64url encode your values and add them at the end.
The other thing that I have done is to change the parameters to be path variables
redirect_url=http://www.example.com/realUrl/parameter1/parameter2
Neither are great solutions, but I have yet to find a way to send querystring values without them being stripped off.