Reputation: 1098
OAUTH: Facebook API throws error because of wrong redirect-url parameter
I am using FB Login on my site and the integration works seamlessly for more than two years.
For a few days now, though, I am seeing occasionally this error in my log:
Can't Load URL: The domain of this URL isn't included in the app's domains. To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings.
The URL that is called looks like this:
https://www.mydomain/de/oauth2/facebook?code=abcdefgxyz&deferred_redirect_uri&state=12345
I have no clue what the parameter deferred_redirect_uri is (it is not a valid standard parameter) or where it comes from, but I guess this is the reason why the login fails.
It is important to notice that the FB login still works wonderfully in 99,99 percent of the cases, so all the right URLs are present in the APP setup in the developer backend on Facebook. The setup absolutely works.
So I wonder where this rare error comes from and if this is some kind of hacking attempt?
Any insight would be appreciated.
Upvotes: 0
Views: 331
Answers (1)
Reputation: 113
You're right, we are experiencing the same problem because when the URL contains deferred_redirect_uri, the login fails and returns that error.
The fix that we found working is a little bit tricky, and it shouldn't be used as a "final" solution: in Helpers/FacebookRedirectLoginHelper.php in the FacebookRedirectLoginHelper class, there is the getAccessToken function that calls static function removeParamsFromUrl of FacebookUrlManipulator.
That function basically removes all the unwanted params before getting the OAuth2 token, so after we've added the weird parameter to that array the login error is gone.
public function getAccessToken($redirectUrl = null)
{
if (!$code = $this->getCode()) {
return null;
}
$this->validateCsrf();
$this->resetCsrf();
$redirectUrl = $redirectUrl ?: $this->urlDetectionHandler->getCurrentUrl();
// At minimum we need to remove the 'code', 'enforce_https' and 'state' params
$redirectUrl = FacebookUrlManipulator::removeParamsFromUrl($redirectUrl, ['code', 'enforce_https', 'state', 'deferred_redirect_uri']);
return $this->oAuth2Client->getAccessTokenFromCode($code, $redirectUrl);
}
Upvotes: 1
Related Questions
- Valid OAuth redirect URIs not able to add localhost in Facebook
- Facebook Login Redirect Issue with new facebook policy
- How Can I solve the facebook redirect uri error?
- Facebook redirect url issue OAuthException
- Facebook php sdk v4 oauth error for redirect uri
- Facebook - OAuth Token - redirect_uri isn't an absolute URL
- Facebook OAuth redirect_uri problem 'Given URL is not permitted by the application configuration.'
- FAcebook graph API - URL supplied invalid OAuthException: (#1500)
- Facebook OAuth redirect_uri problem 'Given URL is not permitted by the application configuration.'
- Facebook OAuth redirect_uri not working