I know that in the last update of Facebook API, there exists the possibility of provide a appsecret_proof that is the access token signed with the app_secret.
Now the problem is that, irregardless of the option that I set on my facebook app (enable\disable : Require AppSecret Proof for Server API calls) I always get:
Invalid appsecret_proof provided in the API argument
I discovered that last version of php-facebook-sdk always inserts between parameters appsecret_proof
...
if (isset($params['access_token'])) {
$params['appsecret_proof'] = $this->getAppSecretProof($params['access_token']);
}
...
protected function getAppSecretProof($access_token) {
return hash_hmac('sha256', $access_token, $this->getAppSecret());
}
...
If I disable the check on my app, and comment the line that inserts the parameter, everything works fine, otherwise I get the error.
Now, where am I wrong?
I triple checked $access_token, $this->getAppSecret() and the doc, all seem correct.
Any clues?
Put your mind to work from the easy to the complex solutions of a problem. In this specific case, what I would first do is double (triple) check my: App-ID, App-Secret, API-Version (all 3 provided in the App Dashboard) and Access token (Tools & Support > Graph API Explorer).
For me the missing part was the access token. Make sure that under Graph API Explorer, find the dropdown on the right and choose your registered application name, instead of the default value of "Graph API Explorer".
So after all your code should look like this (Graph v2.4):
$fb = new Facebook\Facebook([
'app_id' => $app_id,
'app_secret' => $app_secret,
'default_graph_version' => $api_version
]);
I was finally able to get rid of the error by just granting permissions to everything.
Related
i am using facebook PHP sdk (v4) to fetch user information,
after installing SDK, i add the code
$fb = new Facebook\Facebook([
'app_id' => 'my app id',
'app_secret' => 'my app secret',
'default_graph_version' => 'v2.5',
]);
try {
// Returns a `Facebook\FacebookResponse` object
$access_token= //copied from my https://developers.facebook.com/tools/explorer/
$response = $fb->get('/me?fields=id,name', '$access_token');
} catch(Facebook\Exceptions\FacebookResponseException $e) {
echo 'Graph returned an error: ' . $e->getMessage();
exit;
} catch(Facebook\Exceptions\FacebookSDKException $e) {
echo 'Facebook SDK returned an error: ' . $e->getMessage();
exit;
}
$user = $response->getGraphUser();
echo 'Name: ' . $user['name'];
but when i run the page it gives me this error,
Graph returned an error: Invalid appsecret_proof provided in the API argument
i am copying the app secret correctly, what could be the reason for such error and how should i fix this ?
You may want to read this: https://developers.facebook.com/docs/graph-api/securing-requests
appsecret_proof is a separate parameter that is generated by using the App Secret, but it is NOT the App Secret. Information about how to generate it can be found in the docs.
This might help someone who lands here like me. This error also happens if the App Secret is wrong for the particular App ID
Late reply but in my case was something else, so I hope it helps someone else. I see you commented:
//copied from my https://developers.facebook.com/tools/explorer/
On the top right corner of the explorer tool make sure that the selected Application is the same with the one you are using for:
$fb = new Facebook\Facebook([
'app_id' => 'my app id',
'app_secret' => 'my app secret',
'default_graph_version' => 'vX.Y',
]);
If you have another Application selected and use an Access Token given for a different one (basically the default Explorer App) the hash creating the appsecret_proof will be incorrect and you will always see this error.
You need to select your created APP in the Facebook Graph Explorer. I was selecting my username. When I selected the app and click on "Get token" it shows me de "login panel" from my app and can generate the token.
It works for me.
Or the issue could be you haven't enabled API calls to your Fb App. To enable the Api call :
1. Go to your apps section
2. Select the app that you want to use for the intergration
3. Under the App setting select advanced
4. Under security, ensure that the Allow API Access to App Settings is enebale
to yes
5. If need be enable any other permission that might be required.
Hope that solves the issue
I've just gotten started with the latest facebook SDK (5.0). It's been a number of years since I last used it, and there's one thing I can't seem to get around...
Following the example code they have here: https://developers.facebook.com/docs/php/howto/example_facebook_login/5.0.0
I'm able to get a perfectly working login. My problem is, how do you keep this login alive on the next page load when you aren't being redirected back from facebook?
you used to be able to store the user access token, then reuse that token to keep the session authenticated. In version 5.0 of the SDK, I'm not seeing a way to do that, and i'm pretty lost how you remain logged in.
I wouldn't be asking this here, but I've been looking for a couple days now and have found an abundance of articles using older code that doesn't line up with the current 5.0 sdk I'm trying to use. I'm guessing this is something small that I've been missing or over looking, but I'd love any information you guys can give me.
At the end of the exemple in the link you give, there is this line:
$_SESSION['fb_access_token'] = (string) $accessToken;, so the access token is stored in the PHP session and then accessible from page to page.
You can also store it in your database as a field in your users table.
Below great upgrade guides:
Facebook PHP SDK v3.x to v5.x
Facebook PHP SDK v4.0 to v5
I know it's too late but I just wanted to leave an answer as a record. From FB official doc:
Configuration options
$fb = new Facebook\Facebook([
'app_id' => '{app-id}',
'app_secret' => '{app-secret}',
'default_access_token' => '{access-token}',
'enable_beta_mode' => true,
'default_graph_version' => 'v2.3',
'http_client_handler' => 'guzzle',
'persistent_data_handler' => 'memory',
'url_detection_handler' => new MyUrlDetectionHandler(),
'pseudo_random_string_generator' => new MyPseudoRandomStringGenerator(),
]);
If you don't provide a default_access_token in the configuration
options, or you wish to use a different access token than the default,
you can explicitly pass the access token as an argument to the get(),
post(), and delete() methods.
$res = $fb->get('/me', '{access-token}');
$res = $fb->post('/me/feed', ['foo' => 'bar'], '{access-token}');
$res = $fb->delete('/{node-id}', '{access-token}');
I'm posting here due to a problem with php and the sdk of facebook.
For a reason I don't really know, when I try to get the userID of the logged account, continuously I received the same value, 0, even if i'm logged.
I've been trying to debug some variables, $facebook, checking sessions, etc. but with unsuccessfully results, then i'm gonna step by detailing all what i'm doing and the debug log i'm doing:
I'm using hostinger servers, that hosts my website. Due to i've found many problems, i've created a test webpage in which i have 5 files:
index.php
callback.php
facebook.php (comes from facebook)
base_facebook.php
certificate
The code i have on index.php is what i've pasted here: [index.php]: http://pastebin.com/Mfdkxz8H This is only the first part of the code which tries to get the autentification.
The code i have on callback.php is what i've pasted here: [callback.php]: http://pastebin.com/Uw0A3NM8. There i try to get the userID.
I've read some post and for some reasons there were so many cases in which the token
wasn't received in the second file/call.
I don't really know what the problem is and would be happy to find a solution.
P.D It doesn't matter the appId and secret because facebook and webpage were created for a test.
Hard to tell what is going up from your code example (By the way, you should NEVER post your appId and secret in public like that otherwise someone will be able to compromise your application). A gave your code a quick glance and it "looks" fine but here are a couple of pointers:
But here are a couple of pointers.
1) Make sure you have the latest version of the Facebook SDK (assuming you do)
2) For SANITY sake, i would keep your Facebook API files in its their folder ('sdk')
3) DOUBLE CHECK your app settings to make sure the appID and secret are correct (I have made this mistake many times), also make sure that your at is NOT in sandbox mode
4) Then try something like this
include_once("sdk/facebook.php");
//Call Facebook API
$facebook = new Facebook(array(
'appId' => XXXXXXXXXXXXXXXX,
'secret' => XXXXXXXXXXXXXXXX,
'cookie' => true, // enable optional cookie support
));
$params = array(
'scope' => 'email',
'redirect_uri' => 'http://devstarlight.esy.es/facebook/callback.php'
);
$login_url = $facebook->getLoginUrl($params);
I'm trying to retrieve the app access token of my app in order to post notifications, but for some reason, it doesn't work. Here's the code:
$AppParams = array(
'client_id' => 'myclientid',
'&client_secret' => 'myclientsecret',
'&grant_type' =>'client_credentials'
);
$AppToken = $facebook->api('oauth/access_token?', 'GET', $AppParams);
I also replaced the first part with the full oauth/accesstoken link, but then it returns me general information about oauth and their facebook page, which I do not want.
I did nearly the same thing in C# and there it works.
You don't really have to request an application access token. You can simply assemble one yourself.
An application access token is formatted like this:
app_id|app_secret
That's the application's id, a pipe character | and the application secret.
Make sure that this app token is not accessible to your users! Only use and reference it on the serverside - never pass this to the client. For more info, check out the last few sentences in the relevant documentation.
With version 5 of the SDK you can get the access token with the accessToken() method of a FacebookApp instance. If you have a Facebook instance (as you normally would) you can get it like this:
$fb->getApp()->getAccessToken()
When I want to use my own app's access token I'm instantiating the API like this. I don't know if there's a cleaner way.
$fb = new \Facebook\Facebook([
'default_graph_version' => 'v2.8',
]);
$fb->setDefaultAccessToken($fb->getApp()->getAccessToken());
Replace -
'&client_secret' => 'client_secret'
'&grant_type' => 'grant_type'
it's weird this morning all my facebook applications don't work anymore. And when I use the graph API using request like : "graph.facebook.com/me"
I got :
{
"error": {
"type": "OAuthException",
"message": "An active access token must be used to query information about the current user."
}
}
Any idea?
Facebook did a developer update the past couple days..
http://developers.facebook.com/blog/post/518/
We had problems with the API key on older versions of the sdk, check that.
same thing here. I followed Ben Biddington's blog to get the access token. Same error when trying to use it. Facebook's OAuth implementation doesn't follow the spec completely, i am fine with it as long as the doc is clear, which obviously is not the case here. Aslo, it would be nice if the userid and username are returned with the access token.
You need to create an app so that you can get an appId and secret. Then you can create a facebook object like so:
$fb = new Facebook(array(
'appId' => $appId,
'secret' => $secret,
'cookie' => $cookie
));
and get the access token with $fb->getAccessToken(); this can then be appended to your graph api call url, and it should work.
when you click on facebook button, after login one cookie is generated with fbs_(token_access). by which it understands that you are logged in. may be because you are going directly you dont have sufficient access to get json encoded data..
this can be the problem for you.. make sure when you are loggedd in,cookie is generated ..
As the message states, you need to provide a valid access token. If you aren't providing one, then it obviously is the problem, as you need to have one, even when accessing your own information. If you are providing one, and it gives that error, then the token is not valid, which may be because it has expired or been revoked.