I build some Facebook-login for my website. I send this parameter to Facebook api as so
https://www.facebook.com/dialog/oauth?client_id=myclient_id&redirect_uri=http%3A%2F%2Fmysite.fr%2Fmydir%2Findex.php%253Fpage%253Dlogin&state=mystate&scope=email%2Cpublish_actions
Everything goes well until the redirection process :
http://mysite.fr/mydir/index.php%3Fpage%3Dlogin?code=somecopde
I get this error message
The requested URL /mydir/index.php?page=login was not found on this server.
But everything goes normal if I replace %3F by ? in redirect_uri to
redirect_uri=http%3A%2F%2Fmysite.fr%2Fmydir%2Findex.php?page%253Dlogin&state=mystate&scope=email%2Cpublish_actions
Why is it so, How can I adjust this ?
Looks like you double url encodes your get parameters
See:
myclient_id&redirect_uri=http%3A%2F%2Fmysite.fr%2Fmydir%2Findex.php%253Fpage%253Dlogin&state=mystate&scope=email%2Cpublish_actions
Lets try url decode you url:
http%3A%2F%2Fmysite.fr%2Fmydir%2Findex.php%253Fpage%253Dlogin&state=mystate&scope=email%2Cpublish_actions
First time:
http://mysite.fr/mydir/index.php%3Fpage%3Dlogin&state=mystate&scope=email,publish_actions
You can see that the ? is still encoded to %3F and your = is still encoded to %3D
to fix this you should not urlencode you url twice. I need to know more about your implementation if this information is not enough.
Related
I have a file_get_contents($myUrl) call from a flat PHP script that isn't working.
If I run $myUrl in a browser it works fine, if I do it over the file_get_contents() it behaves as if the url is incorrect or incomplete.
The myUrl looks like this
https://login.myApp.com/getWifiSettings/ofBoSf593f
Where the last part is a token, and the sym2 webApp behaves as if that token is incorrect, the same way as if I were to paste everything but the last character in the browser (thus producing an incorrect token).
I don't know whether this is an issue caused by the file_get_contents() (do I need any parameters with it to work?) or if it is some security setting in my sym2 installation that denies access for such a call (how does it distinguish between a user's web browser calling the route and a script using file_get_contents to access the route?)
Try to us trim() on the string before you submit it to file_get_contents. It may be that a whitespace character is in the variable and is being submitted and interpreted as part of the URL.
I'm trying to create a intermediary page, i.e user clicks on a link that leaves the site a page tells you that you're now leaving the site.
An example link would look like this:
http://example.com/transitionpage.php?r=http://www.google.com
transitionpage.php then works with a simple
$redirectto = $_GET['r'];
header( "refresh:2;url=".$redirectto );
However I'm running into the problem that if the url you're redirecting to also has multiple GET parameters in it, the domain gets cut off at the first occurrence of &
So if the link was originally:
http://example.com/transitionpage.php?r=http://www.google.com?par=1&par=2
It would become:
http://example.com/transitionpage.php?r=http://www.google.com?par=1
Which is unfavorable.
How do I pass on the full URL via GET without it getting chopped off ? Do I have to escape it ?
You can do URL encoding: http://www.w3schools.com/tags/ref_urlencode.asp
Your get query would translate to: http://example.com/transitionpage.php?r=http%3A%2F%2Fwww.google.com%3Fpar%3D1%26par%3D2
These are the PHP methods you need: http://php.net/manual/en/function.urlencode.php http://php.net/manual/en/function.urldecode.php
Use:
$link = 'http://example.com/transitionpage.php?r='. urlencode('http://www.google.com?par=1&par=2');
Use the built in function for Encoding Urls
for example
urlencode("http://www.google.com");
for function refrence
Urlencode Php
I have a codeigniter app that has an authentication system. Sometimes a user will get logged out and they will get forwarded to site.com/login?redir=feature/9+1/abc. Upon logging in they should get forwarded to site.com/feature/9+1/abc
The problem arises when the user is forwarded: the + in the URL is changed to %20. % is a disallowed URL character so my users sees an error message saying an invalid character is in the URL. Even if I add % to the list of allowed characters site.com/feature/9%201/abc is not the same as site.com/feature/9+1/abc and the user sees a 404 error.
Is there there a way I can forward users using PHP to /feature/9+1/abc instead of /feature/9%201/abc?
Modify login url to site.com/login?redir=feature/9%2B1/abc. That should do the trick.
it may be useful for you as it worked for me
try urlencode function http://php.net/manual/en/function.urlencode.php in the time of sending and to fetch use urldecode function
very strange error. i use gide http://developers.facebook.com/docs/authentication/. so i create request to fb and pass redirect_uri. i use test site on localhost. so if i pass
redirect_uri=http://localhost/test_blog/index.php
it works fine, but if i pass
redirect_uri=http://localhost/test_blog/index.php?r=site/oauth2
it don't want work. i try to use
redirect_uri= .
urlencode('http://localhost/test_blog/index.php?r=site/oauth2)
but not work.
i try to explaine. i success get code, but when i access https://graph.facebook.com/me?access_token i get error 'Error validating verification code'. i checked evering, error is in ?r=site/oauth2 but i need passing some params
can somebody help me?
i read post http://forum.developers.facebook.net/viewtopic.php?id=70855 but nothing work for me
There are presently (as of March 2011) undocumented requirements regarding what makes a valid redirect_uri.
First, both redirect_uri paramaters to authorize and access_token must match.
Apparently Facebook (or rather OAuth2) is using the redirect_uri as a internal key to encode the code returned for the access_token request. It's kinda clever since it verifies back to your site. It explains why the access_token request which wouldn't otherwise need a redirect_uri parameter requires one.
Second, you cannot use many special characters in the redirect_uri.
A lot of discussion rages whether parameters can be passed at all. They can, you're limited which characters are valid but no one has published a list that I know. Traditional methods like url/html encoding will fail because percent(%) is not valid. Slash (/) is not valid either so a nested redirection url will always fail. The ONLY way to overcome the special char limitation is to encode the value of the parameter to base64. If you're using ASP.NET, look up Convert.ToBase64.
Lastly, and this is more of a side-note. There are a lot of programmers passing along misinformation that a simple solution is to pass type=client_cred. This may limit your access to some of the permissions you requested in your authorization. It is inadvisable.
Had the same problem all day when testing with redirect_uri=http://localhost:8000 (encoded to http%3A%2F%2Flocalhost%3A8000)...
Solution was simply to make sure to put the trailing slash / on the end of the uri. So redirect_uri=http://localhost:8000/ (encoded to http%3A%2F%2Flocalhost%3A8000%2F).
Again, make sure the redirect_uri is identical for both requests.
I have had this problem. I knew for a fact that my URLs were the same because I used a class with the same $var, but I kept getting the 400 response and that error in the JSON response.
The only thing I did was change my redirect_uri from:
http://myredirecturi.com
to
http://myredirecturi.com/
Yeh, just added the trailing slash and it worked.
You don't really need to encode, just put the '/' at the end of your redirect_url and everything should be fine!
Part of the information given by Aaron Wheeler is incorrect.
It is true that the 'redirect_uri' parameter must be identical in both requests, however it is perfectly possible to URL encode a regular URL and use that as the value for the 'redirect_url' parameter, so long as you're careful to further URL encode any inline URLs.
For instance, you wish facebook to redirect to the following URL:
http://www.mysite.com/Users/oAuthComplete?my_param_1=/Party/pants
Attempting to redirect the user to
'https://www.facebook.com/dialog/oauth?client_id=12345&redirect_uri='
. urlencode('http://www.mysite.com/Users/oAuthComplete?my_param_1=/Party/pants');
Will fail as /Party/Pants creates an invalid URL
However, redirecting to
'https://www.facebook.com/dialog/oauth?client_id=12345&redirect_uri='
.urlencode('http://www.mysite.com/Users/oAuthComplete?my_param_1='
.urlencode('/Party/pants'));
Will work as expected.
If you are using the returned the redrect_uri value in the second, authenticate application request, be sure to url encode again - the value is automatically URL decoded when populating the $_GET superglobal. - This is what tripped me up.
'https://graph.facebook.com/oauth/access_token?client_id=12345&&client_secret=SECRET&code=1234567'
.urlencode('http://www.mysite.com/Users/oAuthComplete?my_param_1='
.urlencode($_GET['my_param_1']));
P.s. In your actual code, I'd recommend using sprintf() rather than chaining string together like in my example, for better readability.
From what I can see, the problem here is that the redirect_uri must end with '/' and not contain '?' or other special characters. I think that is why you are getting 'Error validating verification code'. This error only appears if you are using file_get_contents(), and not when using the facebook php library.
This is the solution for php, don't know if this error appears in other SDK's.
I'm not sure if it will help, but i would suggest to encode only values in the url. Not the whole thing. eg:
redirect_uri='http://localhost/test_blog/index.php?r='.urlencode('site/oauth2');
I was having the pb and finally fix it adding the type=client_cred parameter in the url.
Struggled with this for a while. Since I didn't want a redirect, but the redirect parameter is required, my solution was to simply set it to nothing -
...&redirect_uri=&client_secret=...
I just had the same problem.
Admittedly, I am a super n00b so excuse me if this solution doesnt make any sense in actual practice.
I simply set a short fuse cookie (1-2 min) with a test variable in the page with my FB Connect button. When FB came back with information to my data parsing/handling script I checked for this cookie where I was redirecting it and if found, directed the user to the proper URL using header:location.
Of course some browsers/users etc disable cookies. This obviously wont work there (maybe use a session var and destroy it in the fb data handler?) I am sure there is a better way to do it but at the moment, this bandaid works.
The answer for me was this:
$user = $facebook->getUser();
if (!$user) {
$loginUrl = $facebook->getLoginUrl(array(
'scope' => '',
'redirect_uri' => $this->domain,
));
print('<script> top.location.href=\'' . $loginUrl . '\'</script>');
}
I've been cracking my head a long time before I found this solution, seeming I am not the only one with this issue I hope this works for you to!
I noticed you are using Yii which I'm using as well and had the same problem for half the day. As mentioned, the problem is the special characters in your URL i.e. r=site/oath2
You can fix it by enabling pretty URLS in your config so that your URL becomes index.php/site/oath2
It seems to work without the trailing slash though.
very strange error. i use gide http://developers.facebook.com/docs/authentication/. so i create request to fb and pass redirect_uri. i use test site on localhost. so if i pass
redirect_uri=http://localhost/test_blog/index.php
it works fine, but if i pass
redirect_uri=http://localhost/test_blog/index.php?r=site/oauth2
it don't want work. i try to use
redirect_uri= .
urlencode('http://localhost/test_blog/index.php?r=site/oauth2)
but not work.
i try to explaine. i success get code, but when i access https://graph.facebook.com/me?access_token i get error 'Error validating verification code'. i checked evering, error is in ?r=site/oauth2 but i need passing some params
can somebody help me?
i read post http://forum.developers.facebook.net/viewtopic.php?id=70855 but nothing work for me
There are presently (as of March 2011) undocumented requirements regarding what makes a valid redirect_uri.
First, both redirect_uri paramaters to authorize and access_token must match.
Apparently Facebook (or rather OAuth2) is using the redirect_uri as a internal key to encode the code returned for the access_token request. It's kinda clever since it verifies back to your site. It explains why the access_token request which wouldn't otherwise need a redirect_uri parameter requires one.
Second, you cannot use many special characters in the redirect_uri.
A lot of discussion rages whether parameters can be passed at all. They can, you're limited which characters are valid but no one has published a list that I know. Traditional methods like url/html encoding will fail because percent(%) is not valid. Slash (/) is not valid either so a nested redirection url will always fail. The ONLY way to overcome the special char limitation is to encode the value of the parameter to base64. If you're using ASP.NET, look up Convert.ToBase64.
Lastly, and this is more of a side-note. There are a lot of programmers passing along misinformation that a simple solution is to pass type=client_cred. This may limit your access to some of the permissions you requested in your authorization. It is inadvisable.
Had the same problem all day when testing with redirect_uri=http://localhost:8000 (encoded to http%3A%2F%2Flocalhost%3A8000)...
Solution was simply to make sure to put the trailing slash / on the end of the uri. So redirect_uri=http://localhost:8000/ (encoded to http%3A%2F%2Flocalhost%3A8000%2F).
Again, make sure the redirect_uri is identical for both requests.
I have had this problem. I knew for a fact that my URLs were the same because I used a class with the same $var, but I kept getting the 400 response and that error in the JSON response.
The only thing I did was change my redirect_uri from:
http://myredirecturi.com
to
http://myredirecturi.com/
Yeh, just added the trailing slash and it worked.
You don't really need to encode, just put the '/' at the end of your redirect_url and everything should be fine!
Part of the information given by Aaron Wheeler is incorrect.
It is true that the 'redirect_uri' parameter must be identical in both requests, however it is perfectly possible to URL encode a regular URL and use that as the value for the 'redirect_url' parameter, so long as you're careful to further URL encode any inline URLs.
For instance, you wish facebook to redirect to the following URL:
http://www.mysite.com/Users/oAuthComplete?my_param_1=/Party/pants
Attempting to redirect the user to
'https://www.facebook.com/dialog/oauth?client_id=12345&redirect_uri='
. urlencode('http://www.mysite.com/Users/oAuthComplete?my_param_1=/Party/pants');
Will fail as /Party/Pants creates an invalid URL
However, redirecting to
'https://www.facebook.com/dialog/oauth?client_id=12345&redirect_uri='
.urlencode('http://www.mysite.com/Users/oAuthComplete?my_param_1='
.urlencode('/Party/pants'));
Will work as expected.
If you are using the returned the redrect_uri value in the second, authenticate application request, be sure to url encode again - the value is automatically URL decoded when populating the $_GET superglobal. - This is what tripped me up.
'https://graph.facebook.com/oauth/access_token?client_id=12345&&client_secret=SECRET&code=1234567'
.urlencode('http://www.mysite.com/Users/oAuthComplete?my_param_1='
.urlencode($_GET['my_param_1']));
P.s. In your actual code, I'd recommend using sprintf() rather than chaining string together like in my example, for better readability.
From what I can see, the problem here is that the redirect_uri must end with '/' and not contain '?' or other special characters. I think that is why you are getting 'Error validating verification code'. This error only appears if you are using file_get_contents(), and not when using the facebook php library.
This is the solution for php, don't know if this error appears in other SDK's.
I'm not sure if it will help, but i would suggest to encode only values in the url. Not the whole thing. eg:
redirect_uri='http://localhost/test_blog/index.php?r='.urlencode('site/oauth2');
I was having the pb and finally fix it adding the type=client_cred parameter in the url.
Struggled with this for a while. Since I didn't want a redirect, but the redirect parameter is required, my solution was to simply set it to nothing -
...&redirect_uri=&client_secret=...
I just had the same problem.
Admittedly, I am a super n00b so excuse me if this solution doesnt make any sense in actual practice.
I simply set a short fuse cookie (1-2 min) with a test variable in the page with my FB Connect button. When FB came back with information to my data parsing/handling script I checked for this cookie where I was redirecting it and if found, directed the user to the proper URL using header:location.
Of course some browsers/users etc disable cookies. This obviously wont work there (maybe use a session var and destroy it in the fb data handler?) I am sure there is a better way to do it but at the moment, this bandaid works.
The answer for me was this:
$user = $facebook->getUser();
if (!$user) {
$loginUrl = $facebook->getLoginUrl(array(
'scope' => '',
'redirect_uri' => $this->domain,
));
print('<script> top.location.href=\'' . $loginUrl . '\'</script>');
}
I've been cracking my head a long time before I found this solution, seeming I am not the only one with this issue I hope this works for you to!
I noticed you are using Yii which I'm using as well and had the same problem for half the day. As mentioned, the problem is the special characters in your URL i.e. r=site/oath2
You can fix it by enabling pretty URLS in your config so that your URL becomes index.php/site/oath2
It seems to work without the trailing slash though.