Please, I need help. I'm dealing with this issue for 1 month!!
I would like to implement facebook connect login to my website, using PHP and php-sdk 3.1.1. In few words, my code works offline (on localhost) but not online which results in "Too many redirect loop (on Chrome)": Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects.
Here is my code:
1/ I load facebook connect SDK and init it:
require 'src/facebook.php';
$facebook = new Facebook(array(
'appId' => '209633612480053',
'secret' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'
));
Please, note that I created two apps on facebook-developper page, one for offline tests, and the other for online tests. And I'm sure to switch correctly betwwen the two pairs of appId/secret (online and offline) when testing. So it's not the problem of bad facebbok-connect init.
2/ I try to get user info:
$uid = $facebook->getUser();
if($uid)
{
/*
* Get user information.
*/
$user = $facebook->api('me/');
print_r($user); // Display user info.
}
else
{
/*
* Redirect to FB login URL to allow access.
*/
$loginURL = $facebook->getLoginURL();
echo '<script> top.location.href=\''.$loginURL.'\'</script>';
}
It's as simple as that: If user ic connected to facebook, so display it's information, else, redirect to facebook login page to allow access.
IT WORKS PERFECTLY OFFLINE, but online, I get a chrome error:
This webpage has a redirect loop
The webpage at https://www.facebook.com/dialog/oauth?client_id=209633612480053&redirect_uri=http%3A%2F%2Fwww.bluward.com%2Foauth%2Ffacebook&state=551f60cd4be6cd8ed1622f8168a5219a#_=_ has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.
Some additional information: Online, I use 1and1 host provider, and to be sure to have the same server configuration than offline server (which is a MAMP Pro), I uploaded the sams php.ini file.
Please, if someone has an idea, or get a similar problem, I'll be glad to have help.
Thank you in advance for all help.
UPDATE:
I updated my code to focus on the problematic line, so instead of redirecting to facebook login page, I display the redirect URL, so I just have to click to login:
$uid = $facebook->getUser();
if($uid)
{
/*
* Get user information.
*/
$user = $facebook->api('me/');
print_r($user); // Display user info.
}
else
{
/*
* Redirect to FB login URL to allow access.
*/
$loginURL = $facebook->getLoginURL();
echo $loginURL; // <-- HERE I CHANGED THE CODE TO DISPLAY LOGIN URL
}
What I noticed is that facebook is infinitely redirecting to my script page. Only code parameter on URL bar changes.
So, why facebbok is redirecting to my script page without giving me user info?
Please, any idea?
I had this problem, in my case I had to edit base_facebook.php from the SDK:
public static $CURL_OPTS = array(
CURLOPT_CONNECTTIMEOUT => 10,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_TIMEOUT => 60,
CURLOPT_USERAGENT => 'facebook-php-3.2',
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => false,
);
The last two options I added manually.
I had a similar issue with chrome browser, cookies always were incorrect or empty.
Then I downloaded a facebook example from Heroku (it uses a popup window as login instead of a js redirect) and noticed that it doesn't work in chrome when the base URL of the website isn't the server root URL (ex: localhost/somedirectory/).
But after creating a virtual host it looks like it works.
You can see an example of the index.php from the application here https://gist.github.com/2845986
Related
What are the basic steps for setting up a pure server flow facebook SSO, the docs are as usual a little ambiguous?
I set up the flow with javascript popups only to later realise you are not allowed to customise the login buttons.. which when you stick them next google and twitter sso the signin box look terrible.
http://www.codecademy.com/ seem to direct to their own server which then forwards onto a URL like this:
https://www.facebook.com/dialog/oauth?response_type=code
&client_id=212500508799908&
redirect_uri=http%3A%2F%2Fwww.codecademy.com%2Fauth%2Ffacebook%2Fcallback&state=8aac5bc63c5afe8fbabe572021e7750579fefd898d7b4316&
scope=email%2Cpublish_actions
How is this URL being generated? In the facebook docs there is a function "getLoginUrl".. is this being called which generates the correct URL?
I tried directing the user directly from their browser to:
var href = 'https://www.facebook.com/dialog/oauth?' +
'client_id='+app_id+'&'+
'redirect_uri=http://www.mysite.net/authenticate_facebook.php&'+
'scope=email&';+
'state='+$('body').attr('unique');
But the at the facebook php then the following recieving code resulted in errors about the 'state' not matching... I am assuming that the state is not just a random value generate by my server and must be aquired from the facebook server?
require_once(WEBROOT_PRIVATE.'authenticate/facebook-php-sdk/src/facebook.php');
$config = array(
'appId' => 'xxx',
'secret' => 'xxx',
'fileUpload' => false,
'allowSignedRequest' => false
);
$facebook = new \Facebook($config);
$user_id = $facebook->getUser();
if($user_id)
{
try
{
$user_profile = $facebook->api('/me','GET');
}
catch(FacebookApiException $e)
{
error_log($e->getType(), 0);
error_log($e->getMessage(), 0);
}
}
SO, is this correct flow:
1 - Direct the user to my server facebook_auth.php
2 - facebook_auth.php generate the get url and forwards the user onto it
3 - The user, if required logs into facebook, allows my app
4 - my facebook_auth.php script then checks the tokens and talks server to server with facebook to verify the rest
5 - my website then logs the user in
I had a similar issue last week, and tracked it down to the state field being overwritten by multiple calls to getLoginUrl(). Each time you call getLoginUrl(), a new state token is generated in the SDK and stored in the $_SESSION (it's just a random value), so if you call it twice and the user uses the first link to log in, the second call will have reset the SDK's internal state token, and you will get this error in your logs.
The SDK looks for the same state token in the URL coming back after Facebook authorizes the user and redirects them back to your site, and if it doesn't match it will log this error (here's a link to the source).
I've recently migrated our site to Amazon EC2 from another host. On the old server, our Facebook login worked fine, but it's failing on EC2. I've done some digging, and it looks like it's failing because no value is being passed back from Facebook for the signed_request variable. I've done print_r($_REQUEST) on my return page, and the only things Facebook is passing back is code and state, in the URL itself. Nothing in POST.
I did notice that the site URL defined in my app didn't have a slash at the end, which seems to be problematic based on some comments in this forum, but that didn't help. Other answers were from a couple of years ago, and seemed to be obsolete since I couldn't find what they were referring to.
I also tried adding my EC2 IP to my app's whitelist, and that didn't help either.
Here's my current code:
if(!session_start())session_start();
require_once("facebook.php");
require_once("config.php");
$facebook = new Facebook(array(
'appId' => constant("FB_CONSUMER_KEY"),
'secret' => constant("FB_CONSUMER_SECRET"),
'cookie' => false
));
$FbId = intval($facebook->getUser());
if($FbId != 0) {
...
} else {
// log in to FB
$login_url = $facebook->getLoginUrl(array(
'scope' => 'email,user_likes,publish_stream',
'next' => '<return_page>',
'cancel_url' => '<cancel_page>'
));
exit;
}
$FbId keeps coming back with a 0 value, even after logging into Facebook. Some digging showed that this is because the user is never being set in the getUserFromAvailableData function because $_REQUEST['signed_request'] doesn't have a value.
I've tried this both already logged into Facebook and not logged in, but $_REQUEST['signed_request'] isn't returned in either case.
I've seen some posts on here that indicate that old Facebook apps seem to have some kind of grandfathering where they continue to work until they get migrated, or another new app just like it gets created. Could that be the case here?
Any help would be appreciated.
Thanks,
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Facebook API error 191
I am getting the following error with some code that I am using. The error is
API Error Code: 191
API Error Description: The specified URL is not owned by the application
Error Message: redirect_uri is not owned by the application.
<?php
$facebook = new Facebook(array('appId' => $app_id,'secret' => $app_secret,'cookie' => true));
if($facebook->getUser() < 1)
{
$red_url = $page_url.'?sk=app_'.$app_id;
$redir = $facebook->getLoginUrl(array('redirect_uri'=>$red_url,'next'=>$red_url,'scope'=>'offline_access,publish_stream,status_update,photo_upload,user_birthday'));
echo "<script>top.location.href='".$redir."';</script>";
exit;
}
$user = $facebook->api('/me');
Can any one explain how to get around this and why this happens?
When you open a Facebook application you need to set the domain/s under which your application is intended to run - and (almost) every place that your app gets in contact with facebook (especially client side) must be from a url from the same domain (or a subdomain of it)
in your case you told asked facebook to authorize the app for the user and then redirect him to $red_url which I understand to be the page where your app is installed - BUT this link is not under the domain of your application (unless you registered facebook.com as your app domain in the application dashboard
if you want to redirect the user to that specific tab - you may create a proxy file under the domain of your application that will redirect the user to the tab, for example:
lets say you registered mydomain.com as your app domain in the app dashboard . then - create a file named redirect.php for example that will conatin the following script and put it under http://www.mydomain.com/my_directory/redirect.php :
<?php
$app_id ="ENTER_YOUR_APP_ID_HERE";
$page_url = "ENTER_THE_PAGE_URL_HERE"; //for example: http://www.facebook.com/techmarketing.co.il
$red_url = $page_url.'?sk=app_'.$app_id;
header("Location: {$red_url}");
and your script will change to be:
<?php
$facebook = new Facebook(array('appId' => $app_id,'secret' => $app_secret,'cookie' => true));
if($facebook->getUser()==0)
{
$red_url = "http://www.mydomain.com/my_directory/redirect.php";
$redir = $facebook->getLoginUrl(array('redirect_uri'=>$red_url,'next'=>$red_url,'scope'=>'offline_access,publish_stream,status_update,photo_upload,user_birthday'));
echo "<script>top.location.href='".$redir."';</script>";
exit;
}
$user = $facebook->api('/me');
Can you say "cross site scripting" ;)?
WORKAROUND:
Browser, Edit Setting, Web Site
<= add site URL to the app settings
Here's a bit more background:
*
http://techblog.hybris.com/2012/06/05/oauth2-the-implicit-flow-aka-as-the-client-side-flow/
redirect_uri: The server configured a redirect_uri (which we strongly recommend)
which needs to match the settings for the client_id. Client_id and
redirect_uri are both server-side settings that the app developer
needs to get at beforehand.
You need to tell Facebook that your app is allowed access to that website.
Edit your app settings (via the FB developer dashboard). On the basic settings page, click on 'Website with Facebook Login' and enter your site address.
I'm using the PHP-SDK for Facebook and got the example to work on my localhost. However, when building a script on a server the script stays quite busy with redirecting from my script to facebook and back. (Error: Fout 310 (net::ERR_TOO_MANY_REDIRECTS):)
It seems that many more people have got this issue (here, here, here, here). Though, I can't find a clear answer what goes wrong.
Redirect to facebook (response 302):
https://www.facebook.com/dialog/oauth?client_id=166958180001271&redirect_uri=http%3A%2F%2Fdomain.com%2Fscripts%2FGateway.php%3Faction%3DAllowFacebookAccessAction%26app%3D14&state=0dbc178a375595da4751265a7147c01e#_=_
Redirect to mydomain (response 302):
http://domain.com/scripts/Gateway.php?action=AllowFacebookAccessAction&app=14&state=0dbc178a375595da4751265a7147c01e&code=AQD-dTeyns0OWpGb_PzfHxUy2iRmpc1XgP6Q24DDRX8MiRTE10lV-b-aSNIlOLVHk576vRs3H8Pf9n0kGwU827MrkzUCUoQGFGEQBkkOJnCy9zb6hZs7TVBsKL2iSuZIhDjLsCOPeKy3zfb37Q6LGhtMICCdB_IQAvU0uRvAkSAX8tdVJ65PEv8imx-2yvLaMoGJleZwKogh7m03vlhV8hJk#_=_
Part of the code that creates this issue
...
$facebook = new FacebookApi(array(
'appId' => $app->getProperty('apiKey'),
'secret' => $app->getProperty('secretKey'),
));
$user = $facebook->getUser();
if (!$user) {
header('location: ' . $facebook->getLoginUrl());
exit;
}
...
UPDATE:
I ruled out that its a server setting. I was able to run the original example script on that server.
Recheck your app secret in your app settings https://developers.facebook.com/apps otherwise dump the session
<?php print_r($_SESSION); ?>
And lint the token returned https://developers.facebook.com/tools/debug
Pretty sure either the token is mangled or the secret.
If not, it's in code you haven't shown.
I am using Facebook PHP SDK to authenticate the user. After generating the LoginUrl using the PHP SDK, the user clicking on that LoginUrl gets redirected to the Facebook page asking for permission. After clicking on the Go to App link, the user gets redirected back to my website http://www.mydomain.com/login/facebook_connect.
Problem: After being 'authenticated' by Facebook, the PHP script at http://www.mydomain.com/login/facebook_connect is unable to determine that the user has logged in via Facebook. At this point, $user = $facebook->getUser(); is 0.
Did I do something wrong? Thanks!
PHP Code for page that generates LoginUrl
require 'libs/fb-php-sdk/facebook.php';
// Create our Application instance
$facebook = new Facebook(array(
'appId' => '123',
'secret' => '123'
));
// Get User ID
$user = $facebook->getUser();
// Get Login URL
$loginUrl = $facebook->getLoginUrl(array(
"scope" => "email,user_education_history,user_work_history",
"redirect_uri" => "http://www.mydomain.com/login/facebook_connect/"
));
$data['fb_login_url'] = $loginUrl;
$this->load->view('splash', $data);
PHP Code for page user is redirected to after Facebook authentication
*http://www.mydomain.com/login/facebook_connect/*
require 'libs/fb-php-sdk/facebook.php';
$facebook = new Facebook(array(
'appId' => '123',
'secret' => '123',
));
// See if there is a user from a cookie
$user = $facebook->getUser();
// We may or may not have this data based on whether the user is logged in.
//
// If we have a $user id here, it means we know the user is logged into
// Facebook, but we don't know if the access token is valid. An access
// token is invalid if the user logged out of Facebook.
if ($user) {
try {
// Proceed knowing you have a logged in user who's authenticated.
$user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
error_log($e);
$user = null;
}
}
print_r($user_profile);
echo $user;
All seems correct.
Questions:
1.- I supposed that http://www.mydomain.com/ contains all your scripts, right?
2.- Are you using codeigniter? Or a codeigniter-based CMS? In that case maybe you have a session problem (very common in CI). Check it and we continue...
EDIT 2: In case of being a cookie related problem. Here is an image showing as you can use firebug with a cookie module to easily track your cookies:
So you can check how facebook cookies are being generated.
EDIT 3: Ok. So you are using CI and your FB cookies are being deleted. Maybe is a session problem. Here is a related answer where I explain how to use a session CI library replacement that generally solve all these kind of painful issues. Believe me, give it a try!
a.- Here it is: Codeigniter's Native session (there is a download link at the bottom)
b.- BUT, due that it is an old library you MUST made some hacks. You can check those simple hacks in the library's forum
c.- Just drop this file in codeigniter's library directory.
$facebook->getUser() uses a cookie to get the user. If you use CodeIgniter, or another library that "eats" cookies that PHP assigns automatically, you need to create a proxy page outside CI, that would pick up the cookie the redirect back into CI.
In other words, take to code you currently have in
http://www.mydomain.com/login/facebook_connect/
and create a copy in a regular PHP file:
http://www.mydomain.com/facebook_pickup.php
do not echo anything from the script (remove print_r), just redirect to
http://www.mydomain.com/login/facebook_connect/
and it would magically start working.