I'm seeing a strange error calling FB graph API with a valid token. This is in the context of a Cordova angular JS application.
I use $cordovaOAuth.facebook to login and that succeeds and I get back the access token.
Then the code fetches some public profile details: image, name, location and gender like so:
$http.get('https://graph.facebook.com/v2.2/me', {params: {access_token: [token obtained from $cordovaOAuth.facebook() call],fields: "name,gender,location,picture", format: "json" }}....);
This returns error 404
In chrome://inspect the URL appears as https://graph.facebook.com/v2.2/me?access_token=[token]&fields=name,gender,picture&format=json
When this URL is used in a browser it returns valid JSON response with all requested fields.
Any ideas why this does not work in the cordova app?
NOTE. This used to work before. No changes on the app or Facebook back end.
Thank you
Andy
Related
I've made a simple website for my personal usage using flask where I can post something to my facebook page. There is a textarea where I write text and then submit it. Then the server process the text and post it on that page using graph api and access token. It works well on my system. But when I deploy this project on live server the access token expired. If I put the token on access token debugger it says facebook removed access to the token duo session change.
I search about this on google (my bestfriend ;) but found nothing. I want to post on my page without expiring token while changing server. Or is there any alternative way to post on page?
Edit:
Here is the code I'm trying to post with...
import requests
from urllib.parse import quote_plus
acc_tk='EAA....MY_PAGE_ACCESS_TOKEN'
def post_fb(message):
resp=requests.post(f"https://graph.facebook.com/v15.0/113023048137080/feed?message={quote_plus(message)}&access_token={acc_tk}")
if resp.status_code==200:
return True
else:
return False
When I create a new page access token and run this function, it returns true and the post is published on the page. But if I deploy this to live server the access token expires and then this function doesn't work any more even on local machine. If I debug this token this warning shows up~
After 1 day of debugging, I realized that the token get expired when I store token in a variable (like I showed in the question) and push it on github and then deploy it to render.com. So I managed to store token in my database and retrieve it when needed. And that's it! My code is working now.
But one thing I didn't understand that why my token get expired if I push it to github and deploy it on render.com... I found no reason about this.
How can I setup PAW to work with Facebook locally for development? Or even at all for that matter?
I have a node.js backend that I'm setting up with Facebook Auth. Every one of my routes needs the user to be logged in. I have two endpoints related to FB Auth. localhost:3000/api/v1/loginFB and localhost:3000/api/v1/callbackFB. Both of these work great in a web browser.
loginFB simply returns this string... https://www.facebook.com/dialog/oauth?client_id=523534457345&redirect_uri=https://localhost:3000/api/v1/callbackFB&scope=email,public_profile,user_friends.
When I call that URI in a browser, it returns a code=blahblah which my callbackFB endpoint uses to fire off another request to get the access token. All good.
So now in PAW I'm confused by the difference between the request URI and the Authorization URL text field? Should I use the loginFB URI for my request URI? And then https://www.facebook.com/dialog/oauth in the Authorization URL textfield?
Basically what's happening is that when I click Get Access Token, it returns the code but my callbackFB endpoint 500's by saying "This authorization code has been used." The code that it's getting returned is definitely different each time I Get Access Token.
This is where I'm at with this thing (Client ID and Client Secret are actually my App ID and App Secret from fb's dev management site, and the Access Token URL is actually set to https://graph.facebook.com/v2.3/oauth/access_token which I'm 99% sure is the correct URI):
This is the error I get when I click Get Access Token button:
It would be awesome to get some advice from anyone with experience with this issue. Thanks.
Re: #MichaMazaheri
tl;dr Fixed in version 2.2.2
Sorry for the super late follow-up. We actually fix this exact issue in Paw 2.2.2, which is already released on our website, and pending review for the Mac App Store. (It was some JSON vs. Form URL-Encoded parsing issue). Thanks for reporting.
I am using oauth.io to handle authentication in an Android app. I login using the service and then pass the access token to the server. As part of the server-side verification, I make a call to https://graph.facebook.com/debug_token?input_token={user access token}&access_token={app token}. I was receiving a response with the error message "(#100) The App_id in the input_token did not match the Viewing App".
I took this to mean that the app that generated the access token was not the same as the app that owns the app token I was sending in the request. Upon further inspection, I noticed that when I debugged the token with Facebook's tool (https://developers.facebook.com/tools/debug/accesstoken) I was seeing a different app id that belonged to oauth.io itself instead of my app. Since the app token is based on the app id and app secret, it obviously would not be correct if it was expecting oauth.io's app token.
Is there any way to continue using the debug_token endpoint through Facebook with a token generated by oauth.io?
Sorry this is a bit late - but it may still help you :) I had the same issue. In my perl code, I just did:
use LWP::Simple;
my $check_session_first = LWP::Simple::get("https://graph.facebook.com/me?access_token=$in->{token}");
if (!$check_session_first) {
print $IN->header;
print Links::SiteHTML::display('error', { error => qq|Sorry, we couldn't log you in. |});
return;
}
Basically, if $check_session_first is empty, then it means the session isn't valid. If its valid, it'll return a JSON object (which in my case, I process using the "JSON" perl module)
I'm trying to do authentication from app center for mobile devices but I get this error when I try to exchange code parameter for access token:
{
"error": {
"message": "Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request",
"type": "OAuthException",
"code": 100
}
}
Auth token parameter is in Query String format because my app uses server-side authentication.
The url I'm calling is https://graph.facebook.com/oauth/access_token and the redirect_uri parameter I'm sending to is like the following one:
http://www.example.com?ref=app_directory&code=codefromfb&fb_source=appcenter_mobile&fb_appcenter=1
www.example.com is the value I've set in mobile site url field in app settings.
Authentication from app center for web it's ok.
I don't understand what it's wrong in redirect uri form mobile devices...
Could you help me?
I found this post referencing needing a trailing slash on the URI
redirect_uri error in oauth for facebook django app
I had the same error. I couldn't solve it but found a workaround:
I ignore the code param that is sent to my mobile web app by Facebook automatically; instead I make a request for code myself, then I exchange code for access_token using the same redirect_uri I used to request for code.
To make it easier to apply the workaround, in your app > settings > permissions, you can change Auth Token Parameter from query string to URI fragment. Then Facebook won't send you code param automatically--you will have to make a request for it--that's what is needed.
Another way to solve it is to implement client-side authentification flow using URI fragment or parse URI fragment at the client-side and send access_token to the server as a param. I didn't test this approach yet.
Redirect URLs that are working for app center authentication
desktop: http://www.example.com/?fb_source=appcenter&fb_appcenter=1
mobile: http://www.example.com/?ref=app_directory
(part fb_source=appcenter_mobile&fb_appcenter=1 should be excluded for mobile, I think that it's FB bug)
Where:
http/https - depends on request
www.example.com - you should use exactly same string as saved at application settings (https://developers.facebook.com/apps/YOUR_APPLICATION_NUMBER/summary) Domain name is case sensitive for Facebook (also bug)
I'm migrating to Oauth 2.0. My current site uses JS SDK, has a fb-login button, then I'm accessing Graph to get the users details.
I'm having problems getting an access token to get this data from Graph.
One problem could be that JS SDK dialog doesn't redirect my to the URL it says it should i.e. the one with ?code=XXXXXXX that I can then use to get an access token.
So I've looked at the php SDK (I'm using ASP) to see how it does it. I've parsed the signed-request value in the cookie, got the value in the 'code' param to add to the token URL but I can't get an access token. These are the values I'm using:
Parsed signed_request data:
{"algorithm":"HMAC-SHA256","code":"2.AQCovUOFCduELbna.3600.1323900000.1-773555243|Y_cW4riF4K7el_9a4oVNjL0qvZc","issued_at":1323895617,"user_id":"XXXXXXXXXX"}
Token URL: https://graph.facebook.com/oauth/access_token?
client_id=XXXXXXXX&
redirect_uri=XXXXXXXX&
client_secret=XXXXXX&
code=2.AQCovUOFCduELbna.3600.1323900000.1-773555243|Y_cW4riF4K7el_9a4oVNjL0qvZc
This is the response:
{"error":{"message":"Error validating verification code.","type":"OAuthException"}}
Does the code value appear to be in the correct format? Any ideas as to what's wrong?
exact same problem here...
solution: if code is extracted from cookie payload, leave parameter redirect_uri empty
try
Token URL: https://graph.facebook.com/oauth/access_token?client_id=XXXXXXXX&redirect_uri=&client_secret=XXXXXX&code=2.AQCovUOFCduELbna.3600.1323900000.1-773555243|Y_cW4riF4K7el_9a4oVNjL0qvZc
worked for me!