Reputation: 831
Facebook mobile OAuth redirect_uri
Acknowledging that the authenticated referral mechanism is currently not working with the mobile web settings for Facebook applications, I'm running into an issue with verifying an access token based on a returned code.
The URL I'm trying to fetch an access token for is: https://staging.fanhood.com/facebook/mobile/challenge?fh_gameChallengeID=2678&ref=web_canvas&refid=9&refsrc=http://apps.facebook.com/fanhood-dev/challenge&returned=true
This is the URL that the visitor is sent to after being pre-authenticated from this URL: http://apps.facebook.com/fanhood-dev/challenge?fh_gameChallengeID=2678. However, unlike regular authenticated referrals, there is no additional data passed into the URL so that the application can shortcut the oauth redirect loop.
At this point, I'm redirecting the visitor to the mobile OAuth dialog to authenticate them: http://m.facebook.com/dialog/oauth?client_id=250258605018414&redirect_uri=https%3A%2F%2Fstaging.fanhood.com%2Ffacebook%2Fmobile%2Fchallenge%3Ffh_gameChallengeID%3D2678%26ref%3Dweb_canvas%26refid%3D9%26refsrc%3Dhttp%3A%2F%2Fapps.facebook.com%2Ffanhood-dev%2Fchallenge%26returned%3Dtrue&scope=email%2Cfriends_about_me%2Cfriends_education_history%2Cfriends_hometown%2Cfriends_interests%2Cfriends_likes%2Cfriends_location%2Coffline_access%2Cpublish_actions%2Cpublish_stream%2Cuser_activities%2Cuser_birthday%2Cuser_education_history%2Cuser_hometown%2Cuser_games_activity%2Cuser_interests%2Cuser_likes%2Cuser_location&response_type=code&display=touch
When the user is redirected back, I do receive a code to exchange:
Code: AQBCH25OC57BiMBgj3rCKGhkFi0ypp0R8e2yKGwFfhml9x1B47-w2Baex8oZ3BKgb2NhziRnSIuJ1MV9hErKBUhu0YqxaonwFF_7mcqozwpy3Ch08rkNh-YEIa6HV_LHxl6pymfkAbQEMgSA6F4BdtINsCQ7QlLpcRwrZWkzxZVyJbJDnqOesB3zFLr5ohpgtpQ
However, none of my requests to exchange this code are working currently. I'm trying different variations of the redirect_uri format, none of which are working:
Original URL as redirect_uri:
I have a mechanism in place to strip out specific query parameters, re-order them alphabetically, and re-assemble so that redirect_uris are consistent across requests. In this case, the redirect_uri matches exactly to what was passed to the dialog URL: https://staging.fanhood.com/facebook/mobile/challenge?fh_gameChallengeID=2678&ref=web_canvas&refid=9&refsrc=http://apps.facebook.com/fanhood-dev/challenge&returned=true == https://staging.fanhood.com/facebook/mobile/challenge?fh_gameChallengeID=2678&ref=web_canvas&refid=9&refsrc=http://apps.facebook.com/fanhood-dev/challenge&returned=true
Blank redirect_uri attempt for authenticated referrals:
redirect_uri structured as our mobile canvas URL:
redirect_uri structured as our canvas URL:
Does anyone know which redirect_uri format Facebook uses for mobile OAuth requests? And if query parameters are supported? This same URL works for our regular canvas application, just not our mobile version.
Upvotes: 0
Views: 2768
Answers (1)
Reputation: 31479
See Authenticated Referrals & Server-Side Auth Flow - What is the redirect_uri?
When I stripped the request_uri portion after &code=... it started working.
Upvotes: 1
Related Questions
- Valid OAuth redirect URIs for Facebook app login
- Redirect URIs are not allowed in facebook "Valid OAuth Redirect URIs"
- Facebook Android sdk throwing missing redirect uri on Authetication
- Facebook OAuth and redirect URI
- Facebook app does not redirect mobile site url
- Specify multiple redirect URIs for facebook OAuth2
- Android Facebook SDK valid redirect url
- What is supposed to be the redirect_uri when getting access token in facebook app?
- Facebook OAuth redirect_uri problem 'Given URL is not permitted by the application configuration.'
- Facebook OAuth redirect_uri not working