Saturday, March 5, 2022

[FIXED] Facebook php sdk v4 oauth error for redirect uri

      , ,      No comments   

Issue

I've got a bit of a weird issue going on with the new php-sdk and I can't seem to work it out.

I've got a phalconphp application where I present the user with the sign up view if they are not currently signed in, regardless of the url I present this view (Without redirecting the url)

When I set-up my FacebookRedirectLoginHelper I pass in the http host and the request uri, so that I can redirect the user back to the same page they intially tried to access e.g

  Facebook\FacebookRedirectLoginHelper('http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);

unfortunately this does not work. I always get an SDK exception telling me the redirect_uri isn't the one passed in. This is the case even if I am on the homepage e.g 

  var_dump($_SERVER['REQUEST_URI']);
  returns "/"

However if I explicitly put the trailing slash in instead of the request_uri then it works correctly. e.g

 Facebook\FacebookRedirectLoginHelper('http://'.$_SERVER['HTTP_HOST'].'/');

I've even compared the 2 generated urls (again just on the index page so the path is simply "/") and they are exactly the same. The only issue appears to be trying to dynamically generate this. I can't for the life of me work out what is going on here. It doesn't seem to be any kind of double encoding and I'm just a bit stumped as to why this wouldn't work.

At first I thought it might be something to do with PhalconPHP and the routing but this doesn't seem to be the case as even a simple example fails.

An example simple php file is below. You will obviously need to include the sdk and set-up an app

 <?php
   ob_start();
   session_start();
   $appId = 'xxxxxxxxxxxxxxxxxxxxxxxx';
   $secret = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';

   //require all the facebook stuff
   Facebook\FacebookSession::setDefaultApplication($appId,$secret);
   $helper = new Facebook\FacebookRedirectLoginHelper('http://'.$_SERVER['HTTP_HOST'] .'/'); //will work
   //$helper = new Facebook\FacebookRedirectLoginHelper('http://'.$_SERVER['HTTP_HOST'] .$_SERVER['REQUEST_URI']); //won't work


// see if a existing session exists
if ( isset( $_SESSION ) && isset( $_SESSION['fb_token'] ) ) {
// create new session from saved access_token
$session = new FacebookSession( $_SESSION['fb_token'] );

 // validate the access_token to make sure it's still valid
 try {
   if ( !$session->validate() ) {
     $session = null;
   }   
  } catch ( Exception $e ) {
  // catch any exceptions
  $session = null;
 }
 }  

if ( !isset( $session ) || $session === null ) {
// no session exists

try {
$session = $helper->getSessionFromRedirect();
} catch( FacebookRequestException $ex ) {
// When Facebook returns an error
// handle this better in production code
print_r( $ex );
} catch( Exception $ex ) {
// When validation fails or other local issues
// handle this better in production code
print_r( $ex );
}

}

// see if we have a session
 if ( isset( $session ) ) {

 // save the session
 $_SESSION['fb_token'] = $session->getToken();
  // create a session using saved token or the new one we generated at login
   $session = new FacebookSession( $session->getToken() );

  // graph api request for user data
   $request = new FacebookRequest( $session, 'GET', '/me' );
 $response = $request->execute();
  // get response
   $graphObject = $response->getGraphObject()->asArray();

  // print profile data
   echo '<pre>' . print_r( $graphObject, 1 ) . '</pre>';

  // print logout url using session and redirect_uri (logout.php page should destroy the session)
   echo '<a href="' . $helper->getLogoutUrl( $session, 'http://yourwebsite.com/app/logout.php' ) . '">Logout</a>';

} else {
  // show login url
  echo '<a href="' . $helper->getLoginUrl( array( 'email', 'user_friends' ) ) . '">Login</a>';
   }

The actual exception is :

Facebook\FacebookAuthorizationException Object ( [statusCode:Facebook\FacebookRequestException:private] => 400 [rawResponse:Facebook\FacebookRequestException:private] => {"error":{"message":"Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request","type":"OAuthException","code":100}} 

 [responseData:Facebook\FacebookRequestException:private] => Array ( [error] => Array ( [message] => Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request [type] => OAuthException [code] => 100 ) ) [message:protected] => Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request

Solution

I've worked this out. It was stupid of me. When the login url is generated with $_SERVER['REQUEST_URI'] it obviously comes back as "/" on the second run through it is instantiated again, but this time has the returned query string in it, thus the redirected uri set in the helper class is no longer the same as the base uri. Basically I need the request uri without the querystring

so now I just use

  $_SERVER['HTTP_HOST']. strtok($_SERVER['REQUEST_URI'], '?')


Answered By - TommyBs

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...