I'm migrating to Oauth 2.0. My current site uses JS SDK, has a fb-login button, then I'm accessing Graph to get the users details.
I'm having problems getting an access token to get this data from Graph.
One problem could be that JS SDK dialog doesn't redirect my to the URL it says it should i.e. the one with ?code=XXXXXXX that I can then use to get an access token.
So I've looked at the php SDK (I'm using ASP) to see how it does it. I've parsed the signed-request value in the cookie, got the value in the 'code' param to add to the token URL but I can't get an access token. These are the values I'm using:
Parsed signed_request data:
{"algorithm":"HMAC-SHA256","code":"2.AQCovUOFCduELbna.3600.1323900000.1-773555243|Y_cW4riF4K7el_9a4oVNjL0qvZc","issued_at":1323895617,"user_id":"XXXXXXXXXX"}
Token URL: https://graph.facebook.com/oauth/access_token?
client_id=XXXXXXXX&
redirect_uri=XXXXXXXX&
client_secret=XXXXXX&
code=2.AQCovUOFCduELbna.3600.1323900000.1-773555243|Y_cW4riF4K7el_9a4oVNjL0qvZc
This is the response:
{"error":{"message":"Error validating verification code.","type":"OAuthException"}}
Does the code value appear to be in the correct format? Any ideas as to what's wrong?
To get a new access token, use the refresh token as you would an authorization code, but with a grant_type value of refresh_token and a refresh_token parameter that holds the contents of the refresh token. The type of grant being used. To exchange a refresh token for an access token, use refresh_token .
There are two ways to fix the error: (RECOMMENDED) Change the application signature algorithm to RS256 instead of HS256. Change the value of your responseType parameter to token id_token (instead of the default), so that you receive an access token in the response.
If the access token request is invalid, such as the redirect URL didn't match the one used during authorization, then the server needs to return an error response. Error responses are returned with an HTTP 400 status code (unless specified otherwise), with error and error_description parameters.
exact same problem here...
solution: if code is extracted from cookie payload, leave parameter redirect_uri empty
try
Token URL: https://graph.facebook.com/oauth/access_token?client_id=XXXXXXXX&redirect_uri=&client_secret=XXXXXX&code=2.AQCovUOFCduELbna.3600.1323900000.1-773555243|Y_cW4riF4K7el_9a4oVNjL0qvZc
worked for me!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With