Search code examples
c#facebookfacebook-graph-apioauthfacebook-oauth

Facebook - Exchange code for access_token (C# / Windows Phone / NO SDK)

I am authenticating to facebook via oauth 2.0 using C# on a Windows Phone. I am only using REST service calls. Not using the Facebook SDK at all. I am currently able to launch a browser on the phone, have the user sign in and approve the scope of the app, and retrieve my authorization code.

However, I cannot for the life of me exchange my authorization code for an access token.

My Facebook app has the following switches turned on under 'Settings' --> 'Advanced':

  • Native or Desktop App? [Yes]
  • Is your App Secret embedded? [No]
  • Client OAuth Login? [Yes]
  • Embedded Browser OAuth Login? [Yes]

I should note that my model authenticates the user and retrieves the authorization code all on the phone, and then I pass the authorization code up to a secure service where I exchange it for an access_token. I was having issues though, so I have temporarily moved this server call into my phone app for troubleshooting, but I get the same error.

The error I receive is:

{"error":{"message":"Invalid verification code format.","type":"OAuthException","code":100}}

I have tried several combinations of things including wrapping the authorization code with HTTPUtility.UrlEncode()

Here is a sample of my code (actual values swapped out). 

        string FacebookClientID = "123456789123456789";
        string FacebookRedirectURI = "https://www.facebook.com/connect/login_success.html";
        string FacebookClientSecret = "d156df15dfds1f561fds5f1ds6f1";
        string FacebookUrl = "https://graph.facebook.com/oauth/access_token";

        HttpRequestMessage tokenRequest = new HttpRequestMessage(HttpMethod.Get, new Uri(FacebookUrl + "?client_id=" + FacebookClientID + "&redirect_uri=" + HttpUtility.UrlEncode(FacebookRedirectURI) + "&client_secret=" + FacebookClientSecret + "&code=" + HttpUtility.UrlEncode(FacebookAuthorizationCode)));

        HttpResponseMessage tokenResponse = await hc.SendAsync(tokenRequest);

        var json = tokenResponse.Content.ReadAsStringAsync().Result;

json ends up containing the error string reported above stating that my authorization code is bad.

Any ideas?

Kind Regards,

goodbar

Solution

  • Dah... nevermind, I was setting the authorization code .ToLower() prior to exchanging it for an access_token. Removed that and now works like a charm...

    For the record though, I am able to get the access_token with ALL of the switches in the Facebook settings --> advanced turned off