Search code examples
facebook-graph-apifacebook-php-sdk

Facebook PHP SDK telling me my domain isn't in my list of 'App Domains'

I have been trying to implement facebook login into my project, but keeps telling me 'The domain of this URL isn't included in the app's domains.'

xdebug screenshot

I have check the domain is set in the app settings page on facebook, but it still doesn't seem to work.

app details 1

app details 2

app details 3

The page that calls the login is login.php

<?php
if(!session_id()) {
    session_start();
}

require(__DIR__ . '/../vendor/autoload.php');  // Autoload Composer Classes
/**
 * Load required packages
 */
use Symfony\Component\Dotenv\Dotenv; // Dotenv
use Ark\Database\Connection; // ARK Database

/**
 * Initiate Dotenv and Load Variable
 */
try {
    $dotenv = new Dotenv();
    $dotenv->load(__DIR__ . '/../.env');
} catch (\Exception $e) {
    echo "Unable to load Dotenv File!";
    exit;
}

/**
 * Intiate database connection
 */
try {
    $db = new Connection(getenv('DB_NAME'));
} catch (\Exception $e) {
    echo "Unable to load Database";
    exit;
}


$fb = new Facebook\Facebook([
    'app_id' => getenv('FACEBOOK_APP_ID'),
    'app_secret' => getenv('FACEBOOK_APP_SECRET'),
    'default_graph_version' => 'v3.0'
  ]);

  $helper = $fb->getRedirectLoginHelper();

  $permissions = ['email']; // Optional permissions
  $loginUrl = $helper->getLoginUrl(getenv('FACEBOOK_CALLBACK_URL'), $permissions);
  echo urldecode($loginUrl);
  header('Location: ' . $loginUrl);
  die();

and the callback page is fb-callback.php

<?php



if(!session_id()) {
    session_start();
}
// session_start();
require(__DIR__ . '/../vendor/autoload.php');  // Autoload Composer Classes
/**
 * Load required packages
 */
use Symfony\Component\Dotenv\Dotenv; // Dotenv
use Ark\Database\Connection; // ARK Database

/**
 * Initiate Dotenv and Load Variable
 */
try {
    $dotenv = new Dotenv();
    $dotenv->load(__DIR__ . '/../.env');
} catch (\Exception $e) {
    echo "Unable to load Dotenv File!";
    exit;
}

/**
 * Intiate database connection
 */
try {
    $db = new Connection(getenv('DB_NAME'));
} catch (\Exception $e) {
    echo "Unable to load Database";
    exit;
}
/**
 * Process Facebook Callback
 */

 $fb = new Facebook\Facebook([
     'app_id' => getenv('FACEBOOK_APP_ID'),
     'app_secret' => getenv('FACEBOOK_APP_SECRET'),
     'default_graph_version' => 'v3.0'
   ]);
 $helper = $fb->getRedirectLoginHelper();
 try {
   $accessToken = $helper->getAccessToken();
 } catch(Facebook\Exceptions\FacebookResponseException $e) {
   // When Graph returns an error
   echo 'Graph returned an error: ' . $e->getMessage();
   // exit;
 } catch(Facebook\Exceptions\FacebookSDKException $e) {
   // When validation fails or other local issues
   echo 'Facebook SDK returned an error: ' . $e->getMessage();
   // exit;
 }

 if (! isset($accessToken)) {
   if ($helper->getError()) {
     header('HTTP/1.0 401 Unauthorized');
     echo "Error: " . $helper->getError() . "\n";
     echo "Error Code: " . $helper->getErrorCode() . "\n";
     echo "Error Reason: " . $helper->getErrorReason() . "\n";
     echo "Error Description: " . $helper->getErrorDescription() . "\n";
   } else {
     header('HTTP/1.0 400 Bad Request');
     echo 'Bad request';
   }
   exit;
 }

 // Logged in
 echo '<h3>Access Token</h3>';
 var_dump($accessToken->getValue());

 // The OAuth 2.0 client handler helps us manage access tokens
 $oAuth2Client = $fb->getOAuth2Client();

 // Get the access token metadata from /debug_token
 $tokenMetadata = $oAuth2Client->debugToken($accessToken);
 echo '<h3>Metadata</h3>';
 var_dump($tokenMetadata);

 // // Validation (these will throw FacebookSDKException's when they fail)
 // $tokenMetadata->validateAppId(getenv('FACEBOOK_APP_ID'));
 // // If you know the user ID this access token belongs to, you can validate it here
 // //$tokenMetadata->validateUserId('123');
 // $tokenMetadata->validateExpiration();

 if (! $accessToken->isLongLived()) {
   // Exchanges a short-lived access token for a long-lived one
   try {
     $accessToken = $oAuth2Client->getLongLivedAccessToken($accessToken);
   } catch (Facebook\Exceptions\FacebookSDKException $e) {
     echo "<p>Error getting long-lived access token: " . $e->getMessage() . "</p>\n\n";
     exit;
   }

   echo '<h3>Long-lived</h3>';
   var_dump($accessToken->getValue());
 }

 $_SESSION['fb_access_token'] = (string) $accessToken;

 // User is logged in with a long-lived access token.
 // You can redirect them to a members-only page.
 //header('Location: https://example.com/members.php');

with the .env file bellow

FACEBOOK_APP_ID=859496847556600
FACEBOOK_APP_SECRET= ** Removed for Stackexchange **
FACEBOOK_DEFAULT_GRAPH=v3.0
FACEBOOK_CALLBACK_URL=https://dev.danielcoates.co.uk/fb-callback.php?
FACEBOOK_LOGIN_URL=https://dev.danielcoates.co.uk/login.php
Solution

  • I have solved this issue by adding the callback url to the $fb->getAccessToken() call on line 47 as described here Solution Link

    fb-callback.php now looks like this

    /**
 * Process Facebook Callback
 */

 $fb = new Facebook\Facebook([
     'app_id' => getenv('FACEBOOK_APP_ID'),
     'app_secret' => getenv('FACEBOOK_APP_SECRET'),
     'default_graph_version' => 'v3.0'
   ]);
 $helper = $fb->getRedirectLoginHelper();
 try {
   $accessToken = $helper->getAccessToken(getenv('FACEBOOK_CALLBACK_URL'));
 } catch(Facebook\Exceptions\FacebookResponseException $e) {
   // When Graph returns an error
   echo 'Graph returned an error: ' . $e->getMessage();
   // exit;
 } catch(Facebook\Exceptions\FacebookSDKException $e) {
   // When validation fails or other local issues
   echo 'Facebook SDK returned an error: ' . $e->getMessage();
   // exit;
 }

 if (! isset($accessToken)) {
   if ($helper->getError()) {
     header('HTTP/1.0 401 Unauthorized');
     echo "Error: " . $helper->getError() . "\n";
     echo "Error Code: " . $helper->getErrorCode() . "\n";
     echo "Error Reason: " . $helper->getErrorReason() . "\n";
     echo "Error Description: " . $helper->getErrorDescription() . "\n";
   } else {
     header('HTTP/1.0 400 Bad Request');
     echo 'Bad request';
   }
   exit;
 }

 // Logged in
 echo '<h3>Access Token</h3>';
 var_dump($accessToken->getValue());

 // The OAuth 2.0 client handler helps us manage access tokens
 $oAuth2Client = $fb->getOAuth2Client();

 // Get the access token metadata from /debug_token
 $tokenMetadata = $oAuth2Client->debugToken($accessToken);
 echo '<h3>Metadata</h3>';
 var_dump($tokenMetadata);

 // // Validation (these will throw FacebookSDKException's when they fail)
 // $tokenMetadata->validateAppId(getenv('FACEBOOK_APP_ID'));
 // // If you know the user ID this access token belongs to, you can validate it here
 // //$tokenMetadata->validateUserId('123');
 // $tokenMetadata->validateExpiration();

 if (! $accessToken->isLongLived()) {
   // Exchanges a short-lived access token for a long-lived one
   try {
     $accessToken = $oAuth2Client->getLongLivedAccessToken($accessToken);
   } catch (Facebook\Exceptions\FacebookSDKException $e) {
     echo "<p>Error getting long-lived access token: " . $e->getMessage() . "</p>\n\n";
     exit;
   }

   echo '<h3>Long-lived</h3>';
   var_dump($accessToken->getValue());
 }

 $_SESSION['fb_access_token'] = (string) $accessToken;

 // User is logged in with a long-lived access token.
 // You can redirect them to a members-only page.
 //header('Location: https://example.com/members.php');