can't get access token with code

Question

I'm using javascript sdk for user login

FB.init({appId: applicationId, status: true, cookie: true, xfbml: true, oauth: true});
FB.login(callbackFunction, {scope:permissions});

i get valid access token in authResponse, and also a signed cookie is set, which decoded has code.

according to documentation access token could be retrieved with

https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&client_secret=YOUR_APP_SECRET&code=THE_CODE_FROM_ABOVE

when i try this with the code i receive error Error validating verification code. 100

as redirect_uri i've tried uri that is set as App Domain and siteURL. these give that error. with other uri i get Invalid redirect_uri: Given URL is not permitted by the application configuration. 191

Am i here mixing client-side flow and server-side flow in bad way or should i use some redirect_uri parameter when using FB.init or FB.login and use that exact uri when getting access token by code?

Answer 1

FB.login(callbackFunction, {scope:permissions}); the callback function is sent an object

       authResponse: {          /* Information about the current session */
          userID: ""          /* String representing the current user's ID */
          signedRequest: "",  /* String with the current signedRequest */
          expiresIn: "",      /* UNIX time when the session expires */
          accessToken: "",    /* Access token of the user */
       }

In here is the user access token that does not need to be converted by calling another URL. It's ready to go for about an hour, then you'll need to get a new one.