I a开发者_开发百科m using java and the purpose of my demo application is simple: Update user status. I followed the Server-side Flow on page http://developers.facebook.com/docs/authentication. I got the auth dialog, facebook lead to the callback url and I got the code in my callback page. Then I failed when I try to generate an access token.
In the guide page, it says the following url could be used to generated an access token:
https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&
client_secret=YOUR_APP_SECRET&code=THE_CODE_FROM_ABOVE
But what happens in my environment is I got the following error message:
{
"error": {
"type": "OAuthException",
"message": "Error validating verification code."
}
}
I am quite sure every parameter is correct because if I change the client_id value or client_secret parameter, I will got a different error message. The code parameter is what I got from facebook callback. So this should be correct, right? Really can't figure out what is the problem....
Any idea about this? I get stuck here...
I recently dealt with exactly this problem: everything matched, but it failed with the OAuthException. The thing that made it work was to change the redirect uri (in both requests for the flow) from:
http://foo.example.com
to
http://foo.example.com/
I.e., add the trailing slash. And then it worked. Stupid and silly, but there you go.
I had the same problem and tried the above suggestions. They helped, but in my case the problem was that my redir URL had a query parameter and Facebook wasn't cool with that. So, moral of the story is that the redir url you sent to exchange the token has to be identical the the original redir url and it can't have query parameters.
We had some fun with this as well.
In our case the trailing slash in the URL was already there, so I tried the Token we were using in the FB Debug Tool and it validated, so it looked like FB wasn't even seeing the Token in the request.
After some investigation I found the head-slapper - we doing a GET with HTTP Headers only not with a Querystring, so FB litterally wasn't seeing the Token at all.
The moral seems to be that if you can get the Token to validated in the FB Debug tool, there is likely /something/ amiss in your request -
It might be a missing "/" or some other mismatch with the App's defined URL (Domain mistmatch is a different error). I have not tried defining the App / Web Url for HTTPS and doing the request with HTTP but I suspect it would also hiccup somehow.
Or as in our case, the Request Method might be incorrect - GET with Headers or POSTing both throw the 2500, you have to do GET with a Querystring.
Hope that helps!
I had the same problem. It was a URL difference, but unlike the others that have posted, mine was the difference between HTTP and HTTPS.
We have BigIP handling HTTPS requests and forwarding over to an HTTP Apache server. When BaseFacebook's getCurrentUrl() function was called, it detected HTTP, and not the original HTTPS. I've modified that function like so:
protected function getCurrentUrl() {
if ((isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] == 1)) ||
(isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') ||
(isset($_SERVER['HTTP_PSEUDOSSL']) && $_SERVER['HTTP_PSEUDOSSL'] == 'true')) {
$protocol = 'https://';
}
else {
$protocol = 'http://';
}
...
This version supports the HTTP_PSEUDOSSL
key. I hope this helps someone.
Yes, the trailing slash worked for me too, thanks!
For debugging purposes, I found it helpful to use exactly the code fb provides on the developer page:
http://developers.facebook.com/docs/authentication/
Once you get that working, you can modify it to fit your own code.
I'm not sure, but you might also check to make sure your "Site URL" and "Site Domain" settings are correct on the App Edit screen, because according to the documentation, the redirect_uri must be in the same domain. (This is different from the canvas/tab page urls.)
I was also having a url problem, but the solution to it is different. I was passing the signedRequest
that the JavaScript SDK returns to the server, and using the code
value from that to request an access-token. However, according to some comments in the 3.1.1 version of the Facebook PHP SDK, the JavaScript SDK associates the code
with a redirect_uri
of empty string, i.e. ""
:
// the JS SDK puts a code in with the redirect_uri of ''
if (array_key_exists('code', $signed_request)) {
$code = $signed_request['code'];
$access_token = $this->getAccessTokenFromCode($code, '');
if ($access_token) {
// etc
}
}
After I changed my own server-side code to use a redirect_uri
of ""
, then the request for an access-token worked.
in my case, my code wasn't working on IE. The issue was in the following line
$user_id = $facebook->getUser();
if ($user_id)
Because somehow the getUser function always returned 0, so that condition was always true. Than he generated that error from invalid token. Well, i fixed it by just saying this:
if ($user_id>0)
Silly stuff...
精彩评论