I have a Laravel4 project in which I use Facebook PHP SDK.
In that I use the code to redirect to facebook for auth
$facebook = new Facebook(Config::get('facebook'));
$params = array(
'redirect_uri' => url('/fbcallback'),
'scope' => 'email',
);
return Redirect::to($facebook->getLoginUrl($params));
It was all okay when the project was in local (development) environment but as soon as I deployed the code to (client's) production server (Shared Hosting, cPanel) I started getting errors in redirection.
First I thought it was Facebook but then I realized the errors occur in every redirection that uses the Redirect::to() or similar.
The error is a page
Apart from the fact that the Laravel Redirector class defines the status code 302 as default value (source) which might be the problem here, check out this SO post for details and examples that might help you figure it out:
401 redirect magically results in a 302 redirect
try this instead of the Redirect::to()
return Response::make()->header( 'Location', (string)$facebook->getLoginUrl($params) );
Related
I'm struggling to get user info after authenticating using the auth0 PHP SDK. This is on my localhost using ngrok. I'm just using the basic example files in the SDK and I'm able to log in fine. However, after login when it re-directs to my callback url and attempts to exchange the auth code, I get a 401 error with "unauthorized".
Here is the error in wamp:
In the logs I can see that the login happened successfully, but when attempting to exchange the auth code, it fails.
I can also confirm that I'm getting the code and the state back in my query parameters:
https://myurl.ngrok.io/auth/?code=ygKukP3B5_xk0pbb&state=5ae5b7a643aa46.52329844
I've made a couple of slight modifications to the example files while trying to get this to work, but I don't think that's the culprit. Just in case, here's the code:
require 'vendor/autoload.php';
//require 'dotenv-loader.php';
use Auth0\SDK\Auth0;
$domain = 'mydomain.auth0.com';
$client_id = 'MYCLIENT';
$client_secret = 'MYSECRET';
$redirect_uri = 'https://myurl.ngrok.io/auth/';
$auth0 = new Auth0([
'domain' => $domain,
'client_id' => $client_id,
'client_secret' => $client_secret,
'redirect_uri' => $redirect_uri,
'persist_id_token' => true,
'persist_refresh_token' => true,
'audience' => 'https://mydomain.auth0.com/userinfo',
'scope' => 'openid profile'
]);
if (isset($_REQUEST['logout'])) {
$auth0->logout();
session_destroy();
header("Location: /");
die();
}
if(isset($_REQUEST['code'])) {
$userInfo = $auth0->getUser();
var_dump($userInfo);
} else {
$auth0->login();
}
UPDATE:
I also noticed that when the page first loads I get the previously mentioned error. If I refresh the page, I get Fatal error: Uncaught Auth0\SDK\Exception\CoreException: Invalid state
I had this issue on an application that was available on two subdomains a and b but uses only b as an configured application domain. When user accesses a Auth0's nonce (aka state) was created only for a leading to a failing validation due to an empty session when Auth0 redirected back to the configured application url on b.
I solved this issue by setting php's cookie domain to b.. Concretely in my laravel app i set the envvar
SESSION_DOMAIN=b
I followed this article written to setup OAuth2 for my API that I'm writing in Lumen. I finished setting it up and I implemented the client so that I could test that it works. I haven't been able to get it to work. When I click the 'Login to API' button, it sends a POST to http://myserver.com/login and it never finishes. It hangs here and I get no exceptions or errors of any kind. Also, when it hangs like that I cannot just refresh the page. I have to serve it on another port, if that's a clue as to what's happening. I output a bunch of log messages and I've narrowed the trouble down to this:
$guzzleResponse = $client->post(sprintf('%s/oauth/access-token', $config->get('app.url')), [
'body' => $data
]);
I checked the parameters and they look good. $client is a GuzzleHttp Client. The post method inside looks like this:
public function post($url = null, array $options = [])
{
return $this->send($this->createRequest('POST', $url, $options));
}
I think I may have to enable cookies in Lumen. Where would I go to find that out? Does anyone have any other ideas?
To enable cookie, you can do this in .env file -
SESSION_DRIVER=cookie
Then run composer update command.
Had you check your .env?.. please add AUTH_MODEL=App\Auth\User if that no there.
Sometimes Guzzle doesnot work with port eg localhost:8888. If you are runnnig your server on some port change it to default 80 and guzzle will work
We're building a web app in PHP. We've set up SSL certificate and right after that the FB login stopped working. When the script tries to get user ID, exception is thrown
An active access token must be used to query information about the current user.
I'm 100% positive the SSL is the problem because it works fine on my localhost and it also worked on the production before setting up the SSL.
We're using Facebook PHP SDK. Here is the first part (getting login url)
$facebook = new Facebook([
"appId" => "APP_ID",
"secret" => "SECRET"
]);
$permissions = ["email", "user_birthday", "publish_stream", "offline_access"];
$loginURL = $facebook->getLoginUrl([
"scope" => join(",", $permissions),
"redirect_uri" => "REDIRECT_URI"
]);
// redirect to $loginURL
And here's the callback
$facebook = new Facebook([
"appId" => "APP_ID",
"secret" => "SECRET"
]);
$userID = $facebook->getUser();
$token = $_GET['code'];
if(isset($userID) && isset($token)) {
// ... some cool stuff
} else {
// error, something happened
}
Thanx for help
EDIT: I was getting the error because I was trying to get details about user by the $userID. Problem was, the $userID is always 0 so no wonder I got error. Somehow I can't get user's ID on the website with SSL...
OK in the end I found the cause of my problems and it was realy stupid (like almost always, right?). When I was building the callback URL that is sent as an argument to the FB login page, I was getting the base url with a method from the framework I use. For some reason it gave me domain.com:443/ instead of domain.com/. After I fixed it, it suddenly works.
In mu case it was the WWW that was missing from the redirect URL. SSL cert was working only with it
I've recently migrated our site to Amazon EC2 from another host. On the old server, our Facebook login worked fine, but it's failing on EC2. I've done some digging, and it looks like it's failing because no value is being passed back from Facebook for the signed_request variable. I've done print_r($_REQUEST) on my return page, and the only things Facebook is passing back is code and state, in the URL itself. Nothing in POST.
I did notice that the site URL defined in my app didn't have a slash at the end, which seems to be problematic based on some comments in this forum, but that didn't help. Other answers were from a couple of years ago, and seemed to be obsolete since I couldn't find what they were referring to.
I also tried adding my EC2 IP to my app's whitelist, and that didn't help either.
Here's my current code:
if(!session_start())session_start();
require_once("facebook.php");
require_once("config.php");
$facebook = new Facebook(array(
'appId' => constant("FB_CONSUMER_KEY"),
'secret' => constant("FB_CONSUMER_SECRET"),
'cookie' => false
));
$FbId = intval($facebook->getUser());
if($FbId != 0) {
...
} else {
// log in to FB
$login_url = $facebook->getLoginUrl(array(
'scope' => 'email,user_likes,publish_stream',
'next' => '<return_page>',
'cancel_url' => '<cancel_page>'
));
exit;
}
$FbId keeps coming back with a 0 value, even after logging into Facebook. Some digging showed that this is because the user is never being set in the getUserFromAvailableData function because $_REQUEST['signed_request'] doesn't have a value.
I've tried this both already logged into Facebook and not logged in, but $_REQUEST['signed_request'] isn't returned in either case.
I've seen some posts on here that indicate that old Facebook apps seem to have some kind of grandfathering where they continue to work until they get migrated, or another new app just like it gets created. Could that be the case here?
Any help would be appreciated.
Thanks,
I've got a login with facebook on my website. This has worked well for some time but yesterday suddenly stopped working. I've tracked the problem to the getUser() method which seems to always returns 0 now.
my code looks like:
<?php
require_once('facebook.php');
$facebook = new Facebook(array(
'appId' => 'xxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxxxxxxxxxxxx'
));
$user = $facebook->getUser();
if ($user) {
try {
$profile = $facebook->api('/me');
$logoutUrl = $facebook->getLogoutUrl(
array(
'next'=>$baseUrl.'/fblogin/fblogin.php?logout'
)
);
$userIsLoggedIn=true;
} catch (FacebookApiException $e) {
echo '<pre>'.htmlspecialchars(print_r($e, true)).'</pre>';
$user = null;
$loginUrl = $facebook->getLoginUrl(
array(
'scope'=>'email,publish_stream',
'redirect_uri'=>$returnAfterLoginUrl
)
);
}
}else{
$loginUrl = $facebook->getLoginUrl(
array(
'scope'=>'email,publish_stream',
'redirect_uri'=>$returnAfterLoginUrl
)
);
}
?>
What I've tried (and could find back in my history)
Update the SDK to the latest version
Solution of Facebook PHP SDK - getUser() suddenly returns 0 (adding 2 $CURL_OPTS)
Solution of suddenly, getUser became to return 0.(PHP 3.1.1 SDK) (adding base_domain to $DROP_QUERY_PARAMS)
Solution of Facebook login is suddenly not working anymore? (increasing curlopt_connecttimeout)
Creating a new app, without luck
I'm using PHP Version 5.3.3
I've been trying to get it working since yesterday afternoon, without any luck :(
Does anyone know what might be the problem and more importantly, what might be the solution?
Thank you
Your port 80 or port 241 may be blocked causing a CurlException 7. To check that just upload the example file in your website. It will show the error.
In my case, I had my beta domain hosted on 000webhost.com. It had recently blocked the port 80 which caused the same error. When I moved my domain to another hosting service, the problem was solved.
I hope this helps.
=====EDIT=====
The solution to the problem is that (I think although it is not proven) get an https connection as it my observance that the php sdk does not work in an http connection. Look at my question here
======YEAH! THE FINAL AND CORRECT ANSWER AT LAST=======
This situation can only arise when cURL has been disabled by your web host(applicable for 100% of the cases of similar problem). Your website will run properly if cURL is installed. Usually, the error that users receive (if errorreporting is turned on) is
Fatal error: Uncaught CurlException: 7: couldn't connect to host thrown in /home/.../base_facebook.php on line ...
Make sure sandbox mode is disabled and recheck your settings again including appId, secret .
and try changing your login url to $loginUrl = $this->facebook->getLoginUrl($pram);
Solved it by moving the script to another subdirectory on the server...
/login/ became /facebook/login/
I haven't got the slightest clue why that makes a difference...
$facebook = new Facebook(array(
'appId' => '***************',
'secret' => '**************************',
'cookie' => false //add this and try
));
and try adding permission "read_stream"
check this after clearing your browser cookies..
Its Happen to me and when i check my apache log i found this :
And i found its an SSL problems when communicate with Facebook via PHP SDK (using Curl).
You have to set CURL_OPTS "CURLOPT_SSL_VERIFYPEER" to "false" .
Ex:
facebook::$CURL_OPTS[CURLOPT_SSL_VERIFYPEER] = false;