Search code examples
facebook-graph-apifacebook-php-sdk

"The domain of this URL isn't included in the app's domains" when it is

I'm trying to post to a Facebook wall from a PHP script. I've created a FB app, installed the Graph PHP API, and implemented some test scripts as follows:

fbinit.php:

<?php

session_start();

require_once('src/Facebook/autoload.php');

$fb = new Facebook\Facebook([
'app_id' => 'REDACTED',
'app_secret' => 'REDACTED',
'default_graph_version' => 'v2.9',
]);

?>

fbpost.php:

<?php

include('fbinit.php');

$helper = $fb->getRedirectLoginHelper();

$permissions = ['manage_pages','publish_pages']; //'publish_actions'
$loginUrl = $helper->getLoginUrl('https://www.REDACTED.net/fb-callback.php', $permissions);

echo '<a href="' . htmlspecialchars($loginUrl) . '">Log in with Facebook!</a>';

?>

fb-callback.php:

<?php

include('fbinit.php');

$helper = $fb->getRedirectLoginHelper();
$_SESSION['FBRLH_state']=$_GET['state'];

try {

  $accessToken = $helper->getAccessToken();

} catch(Facebook\Exceptions\FacebookResponseException $e) {

  echo 'Graph returned an error: ' . $e->getMessage();
  exit;

} catch(Facebook\Exceptions\FacebookSDKException $e) {

  echo 'Facebook SDK returned an error: ' . $e->getMessage();
  exit;

}

if (! isset($accessToken)) {
  echo 'No OAuth data could be obtained from the signed request. User has not authorized your app yet.';
  exit;
}

try {

  $response = $fb->get('me/accounts', $accessToken->getValue());
  $response = $response->getDecodedBody();

} catch(Facebook\Exceptions\FacebookResponseException $e) {

  echo 'Graph returned an error: ' . $e->getMessage();
  exit;

} catch(Facebook\Exceptions\FacebookSDKException $e) {

  echo 'Facebook SDK returned an error: ' . $e->getMessage();
  exit;

}

echo "<pre>";
print_r($response);
echo "</pre>";

?>

The first time I opened fbpost.php, I was asked to log in to Facebook as expected, and it asked for permission to post on my behalf on the page, which is fine. But then I am redirected to the call back page and presented with the following error:

Graph returned an error: Can't load URL: The domain of this URL isn't included in the app's domains. To be able to load this URL, add all domains and sub-domains of your app to the App Domains field in your app settings.

I have added every combination of the app URL's and callback URL's I can think of, but nothing works. See below for screenshots of the app settings. The App ID and secret are definitely correct.

enter image description here enter image description here enter image description here

Solution

  • The value of the redirect_uri parameter needs to be the exact same in your login dialog call, and the subsequent API call that tries to exchange the code for a token.

    When you have generation of the login URL and handling of the response spread over different scripts (i.e., called via different URLs), that can easily lead to problems like this. The SDK tries to figure out the value based on the current script URL, if left to its own devices.

    In such a case, explicitly specify the callback URL in your getAccessToken method call as well.