Facebook cannot redirect the next parameter - facebook

When I authenticate the user, after authentication it does not redirect the next parameter. Instead it redirect the user to the "Canvas Callback URL". If I dont give the convas callback url. then it gives the error
An error occurred with experiement. Please try again later.
API Error Code: 100
API Error Description: Invalid parameter
Error Message: next is not owned by the application.
on the other hand if the user cannot allow my app then it redirect the next parameter.
My url for authentication is:
https://login.facebook.com/login.php?api_key=**KEY**&v=1.0&popup=1&next=**NEXT**&
next_cancel=**NEXT_CANCEL**&skipcookie=1
I try to this on localhost.
in any one have idea about this?

Try using this url instead to get permissions:
$facebook->redirect('https://graph.facebook.com/oauth/authorize?
client_id=[YOUR APP ID]&
redirect_uri=[YOUR APP URL]&
scope=publish_stream, offline_access');
Replace [YOUR APP ID] with application id that you can see from application settings where you created the site in Facebook Developers section. Also replace the [YOUR APP URL] with your app url.
And $facebook variables is the one you get by initiating the facebook client that is:
$facebook = new Facebook($appapikey, $appsecret);

Yes it always redirects to canvas url instead of app url. You just need to create your own server side redirect that would redirect user back to app url.
You can separate regular app calls from the one after authorization that requires manual redirect by looking at request parameters. After authorization you would get some unique params like auth_token that are not present in a regular request. If those params are present - it means that it is authorization redirect and you need to send user back to app url.

Related

Facebook Login error: Can't Load URL: The domain of this URL isn't included in the app's domains

Users on my site can login with Facebook from this page: https://www.wonderweddings.com/login
However, I'm getting the error
Can't Load URL: The domain of this URL isn't included in the app's domains. To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings.
I checked these posts to see what I could do:
How to turn off "Use Strict Mode for Redirect URIs" in facebook app
Facebook OAuth "The domain of this URL isn't included in the app's domain"
So I added what I thought were all possible URLs, but I keep getting the same error. Whether I disable or enable "Enforce HTTPS" does not matter. I also tried with "Embedded Browser OAuth Login" enabled and disabled.
https://www.wonderweddings.com/login.aspx
https://www.wonderweddings.com/login.aspx?loggedin=true&scope=email
https://www.wonderweddings.com/login
https://www.wonderweddings.com/login?loggedin=true
https://www.wonderweddings.com:443/login.aspx
https://www.wonderweddings.com:443/login.aspx?loggedin=true&scope=email
https://www.wonderweddings.com:443/login
https://www.wonderweddings.com:443/login?loggedin=true
I also tested if appId or app secret was changed due to saving, but that is not the case either.
I have a copy of this site running on another domain. This domain connects to another app, but other than that has similar settings, only this other app still has the setting "Use Strict Mode for Redirect URIs" disabled. There my code works perfectly. So I'm sure it's something I'm missing on Facebook with these settings.
My settings:
What else can I try?
The login button on your site is currently loading this URL:
https://www.facebook.com/v2.8/dialog/oauth?client_id=143381855734017&redirect_uri=https://www.wonderweddings.com/login.aspx?loggedin=true&scope=email
Facebook receives these query parameters:
client_id = 143381855734017
redirect_uri = https://www.wonderweddings.com/login.aspx?loggedin=true
scope = email
So the callback they are expecting is probably: https://www.wonderweddings.com/login.aspx?loggedin=true
Note that to be safe, the callback parameter should be URL encoded so that special characters are handled correctly (: / ? = all mean something in URLs)
You should change your site so that the link it opens is:
https://www.facebook.com/v2.8/dialog/oauth?client_id=143381855734017&redirect_uri=https%3A%2F%2Fwww.wonderweddings.com%2Flogin.aspx%3Floggedin%3Dtrue&scope=email
There has been Facebook update in October 2017. Use Strict Mode for Redirect URIs is now always enabled in Facebook App dashboard.
Solution in my case was related to that update: make sure that Valid Oauth redirect URIs input contains the same URI as provided in redirect_uri param.

"Redirect URI doesnot match registered redirect URI" in instagram integration in IOS app

I am working on iPad app, and I need to integrate Instagram. I found a sample that works fine. But coming to my app I registered as new user in instagram developer account. Though I am following the steps as said in Instagram API docs, I am getting an error "Redirect URI doesnot match registered redirect URI".
Can someone guide me on how to generate Redirect URI?
Here is what I did in Instagram.
And in my simulator I am getting this error :
Use REDIRECT URI : igeb6240d263fb4736b3740af87edd18ea://authorize
for your Application
your REDIRECT URI should be : "ig" + "your clientId" + "://authorize"
You can use whatever you want as your redirect URI. You have to pass the redirect URI as a Get-parameter in your authorize request.
Make sure both of them match! You can navigate to subfolders or add additional parameters to it, but the beginning of it has to stay the same.
I would suggest not to use your website, but to link to one of your apps url schemes.
For a guide on how to set those up, look here: http://www.idev101.com/code/Objective-C/custom_url_schemes.html
So for example you could use myapp:// as your default redirect URI, that you want to register with instagram.
Inside your app you can add additional parameters to it. Instagram will pass those on to your redirect URI, so you can read them out again in your AppDelegate or on your Server. Make sure you encode the redirect URI properly. The easiest way to do this would be:
NSString *unescaped = [NSString stringWithFormat:#"myapp://?someparameter=%#",theparametersvalue];
NSString *redirectURI = (NSString *)CFBridgingRelease(CFURLCreateStringByAddingPercentEscapes(
NULL,
(__bridge CFStringRef) unescaped,
NULL,
CFSTR("!*'();:#&=+$,/?%#[]"),
kCFStringEncodingUTF8));
Now insert redirectURI together with your client id into this URL and fire off the request:
https://api.instagram.com/oauth/authorize/?client_id=YOURCLIENTID&redirect_uri=YOURREDIRECTURI&response_type=code
If you need more than the basic permissions, check out scopes in the documentation.

Facebook share link error

I created a facebook app and tried it to send invite a friend or share something on my wall, but I'm getting an error.
The same link is working with another app:
my app id:313714785358239
my link: https://www.facebook.com/dialog/apprequests?app_id=313714785358239&message=Facebook%20Dialogs%20are%20so%20easy!&redirect_uri=http://www.example.com/response
and another link(working):
https://www.facebook.com/dialog/apprequests?app_id=123050457758183&message=Facebook%20Dialogs%20are%20so%20easy!&redirect_uri=http://www.example.com/response
my error:
API Error Code: 191
API Error Description: The specified URL is not owned by the application
Error Message: redirect_uri is not owned by the application.
Make sure you correctly configure domain and site URL (callback URL) to match the redirect_uri you're specifying as a parameter at the app request dialog.
You can configure these settings on https://developers.facebook.com/apps/313714785358239/summary
The App ID 123050457758183 has http://www.example.com as the callback URL and that's why it works.

Facebook canvas authentication: No signed_request parameter after redirect

In my canvas page, I try to authenticate the user the way it is described in http://developers.facebook.com/docs/guides/canvas/, by using essentially this code (example code from developers.facebook.com):
<?php
$app_id = "YOUR_APP_ID";
$canvas_page = "YOUR_CANVAS_PAGE_URL";
$auth_url = "http://www.facebook.com/dialog/oauth?client_id="
. $app_id . "&redirect_uri=" . urlencode($canvas_page);
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($data["user_id"])) {
echo("<script> top.location.href='" . $auth_url . "'</script>");
} else {
echo ("Welcome User: " . $data["user_id"]);
}
?>
The problem is, the first time the user authorizes my canvas application, Facebook doesn't pass a signed_request parameter when redirecting back (as described in the example code), but a code parameter. When accessing the application the second time (already having confirmed the rights), it passes a signed_request parameter as expected.
Why does it pass a code parameter the first time? The documentation doesn't explain when Facebook passes a code / signed_request parameter.
The problem was that for $canvas_page, I used the canvas URL (e.g. mysite.com/canvas) instead of the canvas page URL (e.g. apps.facebook.com/myapp).
I think you need to append "&response_type=token" to your authentication url:
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&response_type=token
Then you get back something that looks like:
http://apps.facebook.com/APP_NAME/#access_token=YOUR_APP_ID%YADA_YADA_YADA0&expires_in=3948
And you can extract it with some Javascript:
if (window.location.hash.length == 1)
{
var accessToken = window.location.hash.substring(1);
}
Facebook uses the code parameter to authenticate your application. In the documentation, it states:
*If the user presses Allow, your app is authorized. The OAuth Dialog will redirect (via HTTP 302) the user's browser to the URL you passed in the redirect_uri parameter with an authorization code*
To complete the authorization, you must now take the code parameter and your app secret and pass it to the Graph API token endpoint (paraphrasing the documentation). This will grant you access to the access token. From this point onward, your application will not require the code parameter for this user because they are already authenticated.
Facebook uses the signed_request to share information with your application. The documentation states three scenarios in which it will pass the signed request. These are:
A signed_request is passed to Apps on Facebook.com when they are loaded into the Facebook environment
A signed_request is passed to any app that has registered an Deauthorized Callback in the Developer App whenever a given user removes the app using the App Dashboard
A signed_request is passed to apps that use the Registration Plugin whenever a user successfully registers with their app
So to conclude, the code parameter is only sent to authenticate the application, while the signed_request is utilized to pass information once the application has been authorized.
Saj-and is very correct.
I too struggeled with this alot.
When setting the redirect_uri to my domain name, I got an infinate redirect loop.
When setting the redirect_uri to the facebook app url, I got an error saying the url is not on my domain and so cannot be accessed.
It took the "/" at the end to solve this
I had the same problem with my canvas app, I fixed it by simply redirecting to my application's canvas url in the case that there is a code GET request parameter. After that Facebook sends me POST request that contains the signed_request parameter as expected. Here is the Python Django snippet:
if 'code' in request.GET.keys():
return HttpResponseRedirect(FACEBOOK_CANVAS_URL)
# ...rest of your canvas handling code here
I struggled with this issue (not getting oauth ID in the signed_request and instead get the "code" after user approves the app) for over a week, and this post (and few others posts) helped me get very close to resolving the issue (I was using my apps canvas URL instead of the canvas page url in the redirect URI, and I didn't specify the namespace in the settings).
After making these corrections, I faced a different issue where the app approval page won't show up for a new user and instead facebook throws the message" application has an error etc.. and finally I figured I was missing a / at the end of the canvas page url in my redirect url.. I had it as https://apps.facebook.com/myappname instead of https://apps.facebook.com/myappname/ in the redirect uri. Adding the / at the end resolved the issue and when a new user access my app using https://apps.facebook.com/myappname (if the user is already logged in ) facebook shows the approval page (upon receiving the response from my server) and once the user approves the app, facebook sends the signed-request with the required auth code to my application. Hope this will be useful for anyone else who might encounter the same issue.
Just to clear the confusion about the code parameter.. Facebook will always send this parameter when user allows the application.. however the signed_request parameter is sent using post or some other method.. it is not sent in the url.. You can access it using $_REQUEST['signed_request']
I had a similar problem that was solved when I assigned a namespace to my app, so it would look like apps.facebook.com/myapp and not apps.facebook.com/1234.
I was experiencing the problem you describe with firefox and with third-party cookies disabled.
I enabled third-party cookies and then the signed_request was suddenly available.

Facebook API error 191

I'm trying to integrate my project with Facebook. I'm taking baby steps at first and just trying to login, get a Facebook session, and get some user data. I'm developing it locally so my Facebook application settings are:
site URL: http://127.0.0.1:8888/mySite/
The canvas URL is the same as above. I haven't specified a site domain.
However, when I click on the login button, I get an error:
API Error Code: 191
API Error Description: The specified URL is not owned by the application
Error Message: redirect_uri is not owned by the application.
At the moment I haven't written any server-side code to deal with redirects, etc. All I've done is add the JavaScript SDK based on the tutorial in Facebook for Websites.
What have I done wrong? It's obviously something to do with my Facebook application settings, but I can't see what!
UPDATE:
To answer the API Error Code: 191
The redirect_uri should be equal (or relative) to the Site URL.
Tip: Use base URLs instead of full URLs pointing to specific pages.
NOT RECOMMENDED: For example, if you use www.mydomain.com/fb/test.html as your Site URL and having www.mydomain.com/fb/secondPage.html as redirect_uri this will give you the 191 error.
RECOMMENDED: So instead have your Site URL set to a base URL like: www.mydomain.com/ OR www.mydomain.com/fb/.
I went through the Facebook Python sample application today, and I was shocked it was stating clearly that you can use http://localhost:8080/ as Site URL if you are developing locally:
Configure the Site URL, and point it
to your Web Server. If you're
developing locally, you can use
http://localhost:8080/
While I was sure you can't do that, based on my own experience (very old test though) it seems that you actually CAN test your Facebook application locally!
So I picked up an old application of mine and edited its name, Site URL and Canvas URL:
Site URL: http://localhost:80/fblocal/
I downloaded the latest Facebook PHP-SDK and threw it in my xampp/htdocs/fblocal/ folder.
But I got the same error as yours! I noticed that XAMPP is doing an automatic redirection to http://localhost/fblocal/ so I changed the setting to simply http://localhost/fblocal/ and the error was gone BUT I had to remove the application (from privacy settings) and re-install my application and here are the results:
After that, asked for the publish_stream permission, and I was able to publish to my profile (using the PHP-SDK):
$user = $facebook->getUser();
if ($user) {
try {
$post = $facebook->api('/me/feed', 'post', array('message'=>'Hello World, from localhost!'));
} catch (FacebookApiException $e) {
error_log($e);
$user = null;
}
}
Results:
For me, it was a missing app domain. Go into the app, and make sure that you have the root of your site set up as an app domain. See screenshot.
This is just because of a URL mistake.
Whatever website URL is specified should be correct.
I mentioned website URL as http://localhost:3000/
and domain as localhost, but in my browser I was running http://0.0.0.0:3000/.
When I ran server as localhost:3000 it solved the problem.
As I mentioned, the site URL as localhost Facebook will redirect to the same, if we are running
0.0.0.0:3000, it will rise error that "Given URL is not allowed by the Application configuration".
I was also facing the same problem when I am using the facebook authentication method.
But I rectify that issue with following changes in Facebook api (Apps >> My App >> Basic).
I removed the url which i have given in
===> App on Facebook (Canvas URLs)
I gave site url only in
===> Website with Facebook Login option
Then i gave that AppId and App Secret in my webpage.
So by clicking on login button, It ask for access permissions then it redirect it to give url (Website with Facebook Login ).
I fixed this by passing the redirect url to the FacebookRedirectLoginHelper::getAccessToken() in my callback function:
Changing from
try {
$accessToken = $helper->getAccessToken();
}
...
to
try {
$accessToken = $helper->getAccessToken($fbRedirectUrl);
}
...
I am developing on a vagrant box, and it seems FacebookRedirectLoginHelper::getCurrentUrl() had issues generating a valid url.
Had the same problem:
$params = array('redirect_uri' => 'facebook.com/pages/foobar-dev');
$facebook->getLoginUrl($params);
When I changed the redirect_uri from the devloper page to the live page, 191 Error came up.
So I deleted the $params:
$facebook->getLoginUrl();
After the app-request now FB redirects to the app url itself f.e.: my.domain.com
What I do now is checking in index.php of my app if I'm inside FB iframe or not. If not I redirect to the live FB page f.e.:
$app = 'facebook.com/pages/foobar-live';
$rd = (isset($_SERVER['HTTP_REFERER'])) ? parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) : false;
if ($rd == 'apps.facebook.com' || (!isset($_REQUEST['signed_request']))) {
echo '<script>window.parent.location = "'.$app.'";</script>';
die();
}
I have noticed also that even if you specify your website under secion - Website With Facebook Login -> Site url as e.g. http://example.com, but if your App Domains section is empty, and you open website as www.example.com you will get this error, too. To avoid it in "App Domains" section write example.com, that will allow subdomains, like www.example.com, something.example.com etc
in the facebook App Page, goto the basic tab. find "Website with Facebook Login" Option.
you will find Site URL: input there put the full URL ( for example http://Mywebsite.com/MyLogin.aspx ). this is the URL you can use with the call like If the APP ID is 123456789
https://graph.facebook.com/oauth/authorize?client_id=123456789&redirect_uri=http://Mywebsite/MyLogin.aspx&scope=publish_actions
Something I'd like to add, since this is error 191 first question on google:
When redirecting to facebook instead of your own site for a signed request, you might experience this error if the user has secure browsing on and your app does redirect to facebook without SSL.
Working locally...
I couldn't get the feeds api to work, but the share api worked pretty much straight away with no problems.
For me it's the Valid OAuth Redirect URIs in Facebook Login Settings. The 191 error is gone once I updated the correct redirect URI.