Asked  7 Months ago    Answers:  5   Viewed   37 times

very strange error. i use gide http://developers.facebook.com/docs/authentication/. so i create request to fb and pass redirect_uri. i use test site on localhost. so if i pass

redirect_uri=http://localhost/test_blog/index.php

it works fine, but if i pass

redirect_uri=http://localhost/test_blog/index.php?r=site/oauth2

it don't want work. i try to use

redirect_uri= . urlencode('http://localhost/test_blog/index.php?r=site/oauth2)

but not work. i try to explaine. i success get code, but when i access https://graph.facebook.com/me?access_token i get error 'Error validating verification code'. i checked evering, error is in ?r=site/oauth2 but i need passing some params can somebody help me? i read post http://forum.developers.facebook.net/viewtopic.php?id=70855 but nothing work for me

 Answers

53

There are presently (as of March 2011) undocumented requirements regarding what makes a valid redirect_uri.

First, both redirect_uri paramaters to authorize and access_token must match.

Apparently Facebook (or rather OAuth2) is using the redirect_uri as a internal key to encode the code returned for the access_token request. It's kinda clever since it verifies back to your site. It explains why the access_token request which wouldn't otherwise need a redirect_uri parameter requires one.

Second, you cannot use many special characters in the redirect_uri.

A lot of discussion rages whether parameters can be passed at all. They can, you're limited which characters are valid but no one has published a list that I know. Traditional methods like url/html encoding will fail because percent(%) is not valid. Slash (/) is not valid either so a nested redirection url will always fail. The ONLY way to overcome the special char limitation is to encode the value of the parameter to base64. If you're using ASP.NET, look up Convert.ToBase64.

Lastly, and this is more of a side-note. There are a lot of programmers passing along misinformation that a simple solution is to pass type=client_cred. This may limit your access to some of the permissions you requested in your authorization. It is inadvisable.

Wednesday, March 31, 2021
 
Norgul
answered 7 Months ago
92

I keep running into problems with the post showing as the admin user, rather than the page.

Then get a page access token, not a user access token for the admin user …

Saturday, May 29, 2021
 
macha
answered 5 Months ago
68

I recently dealt with exactly this problem: everything matched, but it failed with the OAuthException. The thing that made it work was to change the redirect uri (in both requests for the flow) from:

http://foo.example.com

to

http://foo.example.com/

I.e., add the trailing slash. And then it worked. Stupid and silly, but there you go.

Tuesday, June 22, 2021
 
kensil
answered 4 Months ago
77

The URL you have specified is invalid. file_get_contents expects a valid http URI (more precisely, the underlying http wrapper does). As your invalid URI is not a valid URI, file_get_contents fails.

You can fix this by turning your invalid URI into a valid URI. Information how to write a valid URI is available in RFC3986. You need to take care that all special characters are represented correctly. e.g. spaces to plus-signs, and the commercial at sign has to be URL encoded. Also superfluous whitespace at beginning and end need to be removed.

When done, the webserver will tell you that the access is forbidden. You then might need to add additional request headers via HTTP context options for the HTTP file wrapper to solve that. You find the information in the PHP manual: http:// -- https:// — Accessing HTTP(s) URLs

Thursday, August 5, 2021
 
Anele
answered 3 Months ago
76

As written in How-To: Handle expired access tokens (link is broken) developers blog post

Access tokens for users can become invalid due to various reasons. In most cases, they can expire if it’s past the time specified by the expires field (by default access token have a 2 hour lifetime). What many developers do not realize is that an access token can also expire if a user changes her password, logs out or if she de-authorizes the app via the App Dashboard. It is very important that your apps handle such situations. If your access token expires, you need to reacquire a valid access token.

Before we could use offline_access permission to get token that not expire (unless user is connected with application), this permission is now deprecated, see Deprecation of Offline Access Permission to see how you can get access_token with longer expiration time.

Update:
As of Aug 2012 Facebook PHP-SDK have added simple way of extending access_token (see How to extend access token validity since offline_access deprecation for more details)

Update 2: Note that original blog-post from Facebook about expired tokens handling doesn't exists anymore. There is new documentation hewever that may be used to get the details. https://developers.facebook.com/docs/facebook-login/access-tokens/#extending

Monday, August 23, 2021
 
wim
answered 2 Months ago
wim
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :