Facebook exchange code for token

Question

When you successfully exchange a "code" for a token

facebook responses with the following (html body)

 access_token=USER_ACCESS_TOKEN&expires=NUMBER_OF_SECONDS_UNTIL_TOKEN_EXPIRES

But what happens when this code for token exchange fails? how does facebook response when the exchange fails?

Reference https://developers.facebook.com/docs/howtos/login/server-side-login/

Answer 1

facebook can fail to return an access token to your application whenever one of the parameters in the request is incorrect. during development of my oauth framework i tested setting each required parameter to an incorrect value (ie i appended the string 123abc to the start of the correct value). here are the results:

wrong client id when requesting the access token from facebook, returns json error:

{
   "error": {
      "message": "Error validating application. Invalid application ID.",
      "type": "OAuthException",
      "code": 101
   }
}

wrong client secret when requesting the access token from facebook, returns json error:

{
   "error": {
      "message": "Error validating client secret.",
      "type": "OAuthException",
      "code": 1
   }
}

wrong code when requesting the access token from facebook, returns json error:

{
   "error": {
      "message": "Invalid verification code format.",
      "type": "OAuthException",
      "code": 100
   }
}

wrong grant type when requesting the access token from facebook, returns json error:

{
   "error": {
      "message": "Invalid grant_type: '123abcauthorization_code'. Supported types: authorization_code, client_credentials",
      "type": "OAuthException",
      "code": 100
   }
}

wrong scope when requesting the access token from facebook, returns json error:

{
   "error": {
      "message": "Unsupported scope: '123abcemail'. Supported scopes: ads_management create_event create_note email export_stream friends_about_me friends_activities friends_birthday friends_checkins friends_education_history friends_events friends_games_activity friends_groups friends_hometown friends_interests friends_likes friends_location friends_notes friends_online_presence friends_photo_video_tags friends_photos friends_questions friends_relationship_details friends_relationships friends_religion_politics friends_status friends_subscriptions friends_videos friends_website friends_work_history manage_friendlists manage_notifications manage_pages offline_access photo_upload publish_actions publish_checkins publish_stream read_friendlists read_insights read_mailbox read_page_mailboxes read_requests read_stream rsvp_event share_item sms status_update user_about_me user_activities user_birthday user_checkins user_education_history user_events user_games_activity user_groups user_hometown user_interests user_likes user_location user_notes user_online_presence user_photo_video_tags user_photos user_questions user_relationship_details user_relationships user_religion_politics user_status user_subscriptions user_videos user_website user_work_history video_upload xmpp_login",
      "type": "OAuthException",
      "code": 100
   }
}

and of course when i do not append 123abc to the values then the access token is returned correctly in each case.

these responses are as of december 2012, but of course facebook may decide to change them at any point in the future without warning.