This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Facebook API error 191
I am getting the following error with some code that I am using. The error is
API Error Code: 191
API Error Description: The specified URL is not owned by the application
Error Message: redirect_uri is not owned by the application.
<?php
$facebook = new Facebook(array('appId' => $app_id,'secret' => $app_secret,'cookie' => true));
if($facebook->getUser() < 1)
{
$red_url = $page_url.'?sk=app_'.$app_id;
$redir = $facebook->getLoginUrl(array('redirect_uri'=>$red_url,'next'=>$red_url,'scope'=>'offline_access,publish_stream,status_update,photo_upload,user_birthday'));
echo "<script>top.location.href='".$redir."';</script>";
exit;
}
$user = $facebook->api('/me');
Can any one explain how to get around this and why this happens?
When you open a Facebook application you need to set the domain/s under which your application is intended to run - and (almost) every place that your app gets in contact with facebook (especially client side) must be from a url from the same domain (or a subdomain of it)
in your case you told asked facebook to authorize the app for the user and then redirect him to $red_url which I understand to be the page where your app is installed - BUT this link is not under the domain of your application (unless you registered facebook.com as your app domain in the application dashboard
if you want to redirect the user to that specific tab - you may create a proxy file under the domain of your application that will redirect the user to the tab, for example:
lets say you registered mydomain.com as your app domain in the app dashboard . then - create a file named redirect.php for example that will conatin the following script and put it under http://www.mydomain.com/my_directory/redirect.php :
<?php
$app_id ="ENTER_YOUR_APP_ID_HERE";
$page_url = "ENTER_THE_PAGE_URL_HERE"; //for example: http://www.facebook.com/techmarketing.co.il
$red_url = $page_url.'?sk=app_'.$app_id;
header("Location: {$red_url}");
and your script will change to be:
<?php
$facebook = new Facebook(array('appId' => $app_id,'secret' => $app_secret,'cookie' => true));
if($facebook->getUser()==0)
{
$red_url = "http://www.mydomain.com/my_directory/redirect.php";
$redir = $facebook->getLoginUrl(array('redirect_uri'=>$red_url,'next'=>$red_url,'scope'=>'offline_access,publish_stream,status_update,photo_upload,user_birthday'));
echo "<script>top.location.href='".$redir."';</script>";
exit;
}
$user = $facebook->api('/me');
Can you say "cross site scripting" ;)?
WORKAROUND:
Browser, Edit Setting, Web Site
<= add site URL to the app settings
Here's a bit more background:
*
http://techblog.hybris.com/2012/06/05/oauth2-the-implicit-flow-aka-as-the-client-side-flow/
redirect_uri: The server configured a redirect_uri (which we strongly recommend)
which needs to match the settings for the client_id. Client_id and
redirect_uri are both server-side settings that the app developer
needs to get at beforehand.
You need to tell Facebook that your app is allowed access to that website.
Edit your app settings (via the FB developer dashboard). On the basic settings page, click on 'Website with Facebook Login' and enter your site address.
Related
I was put files in following url http://the-designhut.com/poststatus. i was placed the facebook-php-sdk files in above url. And also i created client id and secret id for this process.
my php code is,
<?php
require_once 'src/facebook.php';
$appId= 'appid';
$secret='secret code';
$returnurl='http://the-designhut.com/poststatus/';
$permission='manage_pages, publish_stream';
$fb = new Facebook(array('appId'=>$appId, 'secret'=>$secret));
$fbuser = $fb->getUser();
if($fbuser){
}
else{
$loginurl = $fb->getLoginUrl(array('scope'=>$permission, 'redirect- url'=>$returnurl));
echo'Login with FB';
}
?>
but when i run my file i got an error message. that is,
Given URL is not permitted by the Application configuration: One or more of the given URLs is not permitted by the App's settings. It must match the Website URL or Canvas URL, or the domain must be a subdomain of one of the App's domains.
what i do for clear the above error?
That error means that you have not added your domain to your Facebook App settings or the domain you have added is not the-designhut.com
https://developers.facebook.com/apps/{YOUR_APP_ID}/settings/ ("App Domains" field)
Update your settings and it will work.
I hope it helps.
What are the basic steps for setting up a pure server flow facebook SSO, the docs are as usual a little ambiguous?
I set up the flow with javascript popups only to later realise you are not allowed to customise the login buttons.. which when you stick them next google and twitter sso the signin box look terrible.
http://www.codecademy.com/ seem to direct to their own server which then forwards onto a URL like this:
https://www.facebook.com/dialog/oauth?response_type=code
&client_id=212500508799908&
redirect_uri=http%3A%2F%2Fwww.codecademy.com%2Fauth%2Ffacebook%2Fcallback&state=8aac5bc63c5afe8fbabe572021e7750579fefd898d7b4316&
scope=email%2Cpublish_actions
How is this URL being generated? In the facebook docs there is a function "getLoginUrl".. is this being called which generates the correct URL?
I tried directing the user directly from their browser to:
var href = 'https://www.facebook.com/dialog/oauth?' +
'client_id='+app_id+'&'+
'redirect_uri=http://www.mysite.net/authenticate_facebook.php&'+
'scope=email&';+
'state='+$('body').attr('unique');
But the at the facebook php then the following recieving code resulted in errors about the 'state' not matching... I am assuming that the state is not just a random value generate by my server and must be aquired from the facebook server?
require_once(WEBROOT_PRIVATE.'authenticate/facebook-php-sdk/src/facebook.php');
$config = array(
'appId' => 'xxx',
'secret' => 'xxx',
'fileUpload' => false,
'allowSignedRequest' => false
);
$facebook = new \Facebook($config);
$user_id = $facebook->getUser();
if($user_id)
{
try
{
$user_profile = $facebook->api('/me','GET');
}
catch(FacebookApiException $e)
{
error_log($e->getType(), 0);
error_log($e->getMessage(), 0);
}
}
SO, is this correct flow:
1 - Direct the user to my server facebook_auth.php
2 - facebook_auth.php generate the get url and forwards the user onto it
3 - The user, if required logs into facebook, allows my app
4 - my facebook_auth.php script then checks the tokens and talks server to server with facebook to verify the rest
5 - my website then logs the user in
I had a similar issue last week, and tracked it down to the state field being overwritten by multiple calls to getLoginUrl(). Each time you call getLoginUrl(), a new state token is generated in the SDK and stored in the $_SESSION (it's just a random value), so if you call it twice and the user uses the first link to log in, the second call will have reset the SDK's internal state token, and you will get this error in your logs.
The SDK looks for the same state token in the URL coming back after Facebook authorizes the user and redirects them back to your site, and if it doesn't match it will log this error (here's a link to the source).
I am attempting to use the facebook api with my php web application. I have downlaoded the api and in my app settings is added a website platform with the Site URL as my localhost address http://localhost:8080/app/ for testing.
However it does't add to the seetings with this, when I try to save this in the App Dashboard I get an error message, but when I set it as http://localhost/app/, it saves it.
I am doing this to sort out the error I get when I try to use the api.
When I go to http://localhost:8080/app/, the page redirects to:
https://www.facebook.com/dialog/oauth?client_id=648801771829346&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fkfc%2Ffacebook_connect&state=1e655991943d79a58aac8d22fbd2c61f&sdk=php-sdk-3.2.3
with the error:
Given URL is not permitted by the application configuration.: One or
more of the given URLs is not allowed by the App's settings. It must
match the Website URL or Canvas URL, or the domain must be a subdomain
of one of the App's domains.
My code:
<?php
require_once('facebook-php-sdk/src/facebook.php');
// Create our Application instance (replace this with your appId and secret).
$facebook= new Facebook(array(
'appId' => '648801771829346',
'secret' => 'd4a528ad0614314a9d3aaf59c978fbfa',
));
$user = $facebook->getUser();
if ($user) {
try {
// Get the user profile data you have permission to view
$user_profile = $facebook->api('/me');
echo "<pre>";
print_r($user_profile);
echo "</pre>";
} catch (FacebookApiException $e) {
$user = null;
}
} else {
die('<script>top.location.href="'.$facebook->getLoginUrl().'";</script>');
}
How do I fix this do that I can test locally on http://localhost:8080/app/, this is my xampp server.
DashBoard:
First, Add a platform -> Website
Settings -> Basics -> App on Facebook -> Canvas URL -> http://localhost/app?
Settings -> Basics -> Website -> Site URL as http://localhost/app/
There is a toggle button in the Settings->Advanced part of your application which says "Native or desktop app? Enable if your app is a native or desktop app". When you turn on that switch, I think you will be able to send back to localhost the information from Facebook.
Please, I need help. I'm dealing with this issue for 1 month!!
I would like to implement facebook connect login to my website, using PHP and php-sdk 3.1.1. In few words, my code works offline (on localhost) but not online which results in "Too many redirect loop (on Chrome)": Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects.
Here is my code:
1/ I load facebook connect SDK and init it:
require 'src/facebook.php';
$facebook = new Facebook(array(
'appId' => '209633612480053',
'secret' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'
));
Please, note that I created two apps on facebook-developper page, one for offline tests, and the other for online tests. And I'm sure to switch correctly betwwen the two pairs of appId/secret (online and offline) when testing. So it's not the problem of bad facebbok-connect init.
2/ I try to get user info:
$uid = $facebook->getUser();
if($uid)
{
/*
* Get user information.
*/
$user = $facebook->api('me/');
print_r($user); // Display user info.
}
else
{
/*
* Redirect to FB login URL to allow access.
*/
$loginURL = $facebook->getLoginURL();
echo '<script> top.location.href=\''.$loginURL.'\'</script>';
}
It's as simple as that: If user ic connected to facebook, so display it's information, else, redirect to facebook login page to allow access.
IT WORKS PERFECTLY OFFLINE, but online, I get a chrome error:
This webpage has a redirect loop
The webpage at https://www.facebook.com/dialog/oauth?client_id=209633612480053&redirect_uri=http%3A%2F%2Fwww.bluward.com%2Foauth%2Ffacebook&state=551f60cd4be6cd8ed1622f8168a5219a#_=_ has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.
Some additional information: Online, I use 1and1 host provider, and to be sure to have the same server configuration than offline server (which is a MAMP Pro), I uploaded the sams php.ini file.
Please, if someone has an idea, or get a similar problem, I'll be glad to have help.
Thank you in advance for all help.
UPDATE:
I updated my code to focus on the problematic line, so instead of redirecting to facebook login page, I display the redirect URL, so I just have to click to login:
$uid = $facebook->getUser();
if($uid)
{
/*
* Get user information.
*/
$user = $facebook->api('me/');
print_r($user); // Display user info.
}
else
{
/*
* Redirect to FB login URL to allow access.
*/
$loginURL = $facebook->getLoginURL();
echo $loginURL; // <-- HERE I CHANGED THE CODE TO DISPLAY LOGIN URL
}
What I noticed is that facebook is infinitely redirecting to my script page. Only code parameter on URL bar changes.
So, why facebbok is redirecting to my script page without giving me user info?
Please, any idea?
I had this problem, in my case I had to edit base_facebook.php from the SDK:
public static $CURL_OPTS = array(
CURLOPT_CONNECTTIMEOUT => 10,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_TIMEOUT => 60,
CURLOPT_USERAGENT => 'facebook-php-3.2',
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => false,
);
The last two options I added manually.
I had a similar issue with chrome browser, cookies always were incorrect or empty.
Then I downloaded a facebook example from Heroku (it uses a popup window as login instead of a js redirect) and noticed that it doesn't work in chrome when the base URL of the website isn't the server root URL (ex: localhost/somedirectory/).
But after creating a virtual host it looks like it works.
You can see an example of the index.php from the application here https://gist.github.com/2845986
I'm upgrading my existing FB apps, and going absolutely bonkers trying to get a simple PHP iframe canvas app to authorize and authenticate (as well as use SSL). Never looked through so many examples...
Here's where I'm stuck: After the user authorizes the app, and the app authenticates the user (I am able to make a graph request with the token OK), the redirect_uri happens, and the whole page refreshes, leaving Facebook and thenjust shows me the contents of my "Canvas URL" page (with my server's domain), rather than iframed on Facebook.
I currently have this as a crude two step process...
Here's what my code looks like on the first page (index.php):
<?php
require('src/facebook.php');
$app_id = '123456789';
$app_secret = '1234secrets1234';
$canvas_page = "https://apps.facebook.com/123456789/";
$canvas_url = "https://myserver.com/apptest/";
$code = $_REQUEST['code'];
if(!$code){
$display= 'page';
$scope= 'manage_pages, offline_access, read_insights, publish_stream, user_about_me, user_likes, email';
$redirect_url = 'https://myserver.com/apptest/step2.php';
$oauth_url = 'https://www.facebook.com/dialog/oauth?canvas=1&client_id='.$app_id.'&display='.$display.'&redirect_uri='.urlencode($redirect_url).'&scope='.$scope;
$config = array('appId' => $app_id,'secret' => $app_secret,'cookie' => true,'domain' => true);
$facebook_client = new Facebook($config);
echo "<script type=\"text/javascript\">top.location.href = \"".$oauth_url."\";</script>";
}
?>
and the second page (step2.php):
<?php
require('src/facebook.php');
$app_id = '123456789';
$app_secret = '1234secrets1234';
$canvas_page = "https://apps.facebook.com/123456789/";
$canvas_url = "https://myserver.com/apptest/";
if($_REQUEST['code']){
$code=$_REQUEST['code'];
$redirect_url = 'https://myserver.com/apptest/step2.php';
$link="https://graph.facebook.com/oauth/access_token?canvas=1&client_id=".$app_id."&redirect_uri=".urlencode($redirect_url)."&client_secret=".$app_secret."&code=".$code;
$string = file_get_contents($link);
$auth_token=substr($string, 13, 150);
$graph_url = "https://graph.facebook.com/me?access_token=".$auth_token;
$user = json_decode(file_get_contents($graph_url));
echo("Hello " . $user->name);
}
Again, once the user has authorized the app, and the app has authenticated the user, the graph call works.
Any ideas?
When navigating to the OAuth dialog the web page (not the frame your app is in) is navigated to the OAuth URL. To get back into the Facebook iframe after authentication you need to set the OAuth redirect URL to the canvas_page URL. The code shown above is navigating to the URL of myserver when redirected so your app takes up the entire page (because you left the Facebook iframe when navigating to the OAuth dialog). Your code at canvas_url needs to determine if it is being entered from authorization (success or failure) or if it is being entered with a valid access token after authentication.
Also your canvas_page URL appears to be comprised of the facebook apps host and your application ID. It should be the facebook apps host and your application name (the redirect URL should be the same as the "Canvas Page" URL on your app's developer page).
Well I did get this working. On the app > settings > basic I hadn't set a namespace, so the URL it gave me for the app on facebook was like this: https://apps.facebook.com/123456789/ and now with the namespace they changed it to: https://apps.facebook.com/myappname. So that may have been it. I tried to carefully follow the simple PHP autorization demo on this page: https://developers.facebook.com/docs/appsonfacebook/tutorial/ and it seems to work ok now.
Thanks for the help!