Reputation: 21
Tried using Facebook SDK v5.0 but error appears
Now I'm Using Facebook SDK v5.0 after pressing "login With Facebook" its automatically redirect to "callback.php" and long lived access token should be issued. but
This error appears every time.
Facebook SDK returned an error: Cross-site request forgery validation failed. Required param "state" missing.
if you have any solutions to solve this error please tell me.
here is my code:callback.php
<html>
<meta charset="UTF-8" content="text/html">
<?php
session_start();
require_once __DIR__ . '/facebook-php-sdk-v4-5.0-dev/src/Facebook/autoload.php';
$fb = new Facebook\Facebook([
'app_id' => '3xxxxxxxxxxxxxxxxxx7',
'app_secret' => '0xxxxxxxxxxxxxxxxxxxx7',
'default_graph_version' => 'v2.4',
]);
$helper = $fb->getRedirectLoginHelper();
try {
$accessToken = $helper->getAccessToken();
} catch(Facebook\Exceptions\FacebookResponseException $e) {
// When Graph returns an error
echo 'Graph returned an error: ' . $e->getMessage();
exit;
} catch(Facebook\Exceptions\FacebookSDKException $e) {
// When validation fails or other local issues
echo 'Facebook SDK returned an error: ' . $e->getMessage();
exit;
}
if (! isset($accessToken)) {
if ($helper->getError()) {
header('HTTP/1.0 401 Unauthorized');
echo "Error: " . $helper->getError() . "\n";
echo "Error Code: " . $helper->getErrorCode() . "\n";
echo "Error Reason: " . $helper->getErrorReason() . "\n";
echo "Error Description: " . $helper->getErrorDescription() . "\n";
} else {
header('HTTP/1.0 400 Bad Request');
echo 'Bad request';
}
exit;
}
// Logged in
echo '<h3>Access Token</h3>';
var_dump($accessToken->getValue());
// The OAuth 2.0 client handler helps us manage access tokens
$oAuth2Client = $fb->getOAuth2Client();
// Get the access token metadata from /debug_token
$tokenMetadata = $oAuth2Client->debugToken($accessToken);
echo '<h3>Metadata</h3>';
var_dump($tokenMetadata);
// Validation (these will throw FacebookSDKException's when they fail)
$tokenMetadata->validateAppId($config['app_id']);
// If you know the user ID this access token belongs to, you can validate it here
//$tokenMetadata->validateUserId('123');
$tokenMetadata->validateExpiration();
if (! $accessToken->isLongLived()) {
// Exchanges a short-lived access token for a long-lived one
try {
$accessToken = $oAuth2Client->getLongLivedAccessToken($accessToken);
} catch (Facebook\Exceptions\FacebookSDKException $e) {
echo "<p>Error getting long-lived access token: " . $helper->getMessage() . "</p>\n\n";
exit;
}
echo '<h3>Long-lived</h3>';
var_dump($accessToken->getValue());
}
$_SESSION['fb_access_token'] = (string) $accessToken;
// User is logged in with a long-lived access token.
// You can redirect them to a members-only page.
//header('Location: https://example.com/members.php');
?>
</html>
just in case, I'm posting this too. :login.php
<html>
<meta charset="UTF-8" content="text/html">
<?php
session_start();
require_once __DIR__ . '/facebook-php-sdk-v4-5.0-dev/src/Facebook/autoload.php';
$fb = new Facebook\Facebook([
'app_id' => '3xxxxxxxxxxxxxxxxx7',
'app_secret' => '0xxxxxxxxxxxxxxxxxxx7',
'default_graph_version' => 'v2.4',
]);
$helper = $fb->getRedirectLoginHelper();
$permissions = ['email']; // Optional permissions
$loginUrl = $helper->getLoginUrl('http://127.0.0.1:8887/fb/fb-callback.php', $permissions);
echo '<a href="' . $loginUrl . '">Log in with Facebook!</a>';
?>
</html>
Upvotes: 2
Views: 1882
Answers (2)
Reputation: 51
Already asked here: Facebook SDK returned an error: Cross-site request forgery validation failed. The "state" param from the URL and session do not match, you need to make sure the native PHP session feature is properly set, you can check it by adding this code : die($_SESSION['FBRLH_' . 'state']);
Upvotes: 0
Reputation: 1
I didnt get `Cross Site request forgery...' error with this code, just got another basic errors which did not stop script running.
Here is the few changes I've made to fix basic errors:
1. Instead of "http://127.0.0.1:8887..." I have used "http://localhost...". (I'm running XAMPP server this might caused error on this one.)
2. Instead of $config['app_id'] I have used my app id value directly. Like this:
$app_id = '4xxxxxxxxxxx2';
$tokenMetadata->validateAppId($app_id);
As i said those errors didnt stop script running, so you should check your facebook app panel settings and getting started section.
Upvotes: 0
Related Questions
- Facebook PHP SDK with Graph API
- Facebook SDK v5 Graph returned an error: Invalid OAuth access token
- facebook-php-sdk login graph returned an error
- Facebook PHP SDK v5.0 - FacebookRequest not found Error
- Facebook PHP SDK giving an error
- Facebook SDK V4 Error
- Facebook login php sdk error
- FACEBOOK API CALL - PHP SDK FATAL ERROR
- Facebook PHP SDK Error in Wordpress
- Error SDK Facebook