Facebook php sdk problom: Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request

Question

Graph returned an error: Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request

I don't know how to fix it

login.php

<?
session_start();
$fb = new Facebook\Facebook([
'app_id' => '$id', // Replace {app-id} with your app id
'app_secret' => '$secret',
'default_graph_version' => 'v2.2', 
]);

$helper = $fb->getRedirectLoginHelper();

$permissions = ['email']; // Optional permissions
$loginUrl = $helper->getLoginUrl('http://localhost:80/fb_test/fb-
callback.php', $permissions);

echo '<a href="' . htmlspecialchars($loginUrl) . '">Log in with Facebook!
</a>';
 ?>

fb-callback.php

 <?
session_start();

$fb = new Facebook\Facebook([
'app_id' => '1428245583931211', // Replace {app-id} with your app id
'app_secret' => 'cf045e5b4da0abf920b01447f23b09cd',
'default_graph_version' => 'v2.2',
]);

$helper = $fb->getRedirectLoginHelper();

try {$accessToken = $helper->getAccessToken();
} catch(Facebook\Exceptions\FacebookResponseException $e) {
// When Graph returns an error
echo 'Graph returned an error: ' . $e->getMessage();
exit;
} catch(Facebook\Exceptions\FacebookSDKException $e) {
// When validation fails or other local issues
echo 'Facebook SDK returned an error: ' . $e->getMessage();
exit;
}

if (! isset($accessToken)) {
if ($helper->getError()) {
header('HTTP/1.0 401 Unauthorized');
echo "Error: " . $helper->getError() . "\n";
echo "Error Code: " . $helper->getErrorCode() . "\n";
echo "Error Reason: " . $helper->getErrorReason() . "\n";
echo "Error Description: " . $helper->getErrorDescription() . "\n";
} else {
header('HTTP/1.0 400 Bad Request');
echo 'Bad request';
}
exit;
}

// Logged in
echo '<h3>Access Token</h3>';
var_dump($accessToken->getValue());

// The OAuth 2.0 client handler helps us manage access tokens
$oAuth2Client = $fb->getOAuth2Client();

// Get the access token metadata from /debug_token
$tokenMetadata = $oAuth2Client->debugToken($accessToken);
echo '<h3>Metadata</h3>';
var_dump($tokenMetadata);

// Validation (these will throw FacebookSDKException's when they fail)
$tokenMetadata->validateAppId('{app-id}'); // Replace {app-id} with 
your app id
// If you know the user ID this access token belongs to, you can validate it 
here
//$tokenMetadata->validateUserId('123');
$tokenMetadata->validateExpiration();

if (! $accessToken->isLongLived()) {
// Exchanges a short-lived access token for a long-lived one
try {
$accessToken = $oAuth2Client->getLongLivedAccessToken($accessToken);
} catch (Facebook\Exceptions\FacebookSDKException $e) {
echo "<p>Error getting long-lived access token: " . $helper->getMessage() . 
"</p>\n\n";
exit;
}

echo '<h3>Long-lived</h3>';
var_dump($accessToken->getValue());
}

$_SESSION['fb_access_token'] = (string) $accessToken;

// User is logged in with a long-lived access token.
// You can redirect them to a members-only page.
//header('Location: http:/localhost:80/fb_test/');
?>

this is my app settings enter image description here

Answer 1

The getAccessToken method generates the redirect URI parameter for the API call to exchange the code for a token based on the current URL, if none is passed explicitly.

So if you are not handling the triggering of login (meaning, the call to getLoginUrl) and processing the returned code value in the same script under the same URL, then you have to pass the first URL to getAccessToken explicitly, so that it sets the same value when making the API request, as getLoginUrl specified when the whole process was started.

try {$accessToken = $helper->getAccessToken('http(s)://whatever/path/login.php');