Oauth 2.0 cannot get an access token from the signed_request 'code' value

Question

I'm migrating to Oauth 2.0. My current site uses JS SDK, has a fb-login button, then I'm accessing Graph to get the users details.

I'm having problems getting an access token to get this data from Graph.

One problem could be that JS SDK dialog doesn't redirect my to the URL it says it should i.e. the one with ?code=XXXXXXX that I can then use to get an access token.

So I've looked at the php SDK (I'm using ASP) to see how it does it. I've parsed the signed-request value in the cookie, got the value in the 'code' param to add to the token URL but I can't get an access token. These are the values I'm using:

Parsed signed_request data:

{"algorithm":"HMAC-SHA256","code":"2.AQCovUOFCduELbna.3600.1323900000.1-773555243|Y_cW4riF4K7el_9a4oVNjL0qvZc","issued_at":1323895617,"user_id":"XXXXXXXXXX"}

Token URL: https://graph.facebook.com/oauth/access_token?
           client_id=XXXXXXXX&
           redirect_uri=XXXXXXXX&
           client_secret=XXXXXX&
           code=2.AQCovUOFCduELbna.3600.1323900000.1-773555243|Y_cW4riF4K7el_9a4oVNjL0qvZc

This is the response:

{"error":{"message":"Error validating verification code.","type":"OAuthException"}} 

Does the code value appear to be in the correct format? Any ideas as to what's wrong?

Answer 1

exact same problem here...

solution: if code is extracted from cookie payload, leave parameter redirect_uri empty

try

Token URL: https://graph.facebook.com/oauth/access_token?client_id=XXXXXXXX&redirect_uri=&client_secret=XXXXXX&code=2.AQCovUOFCduELbna.3600.1323900000.1-773555243|Y_cW4riF4K7el_9a4oVNjL0qvZc

worked for me!