Search code examples
phpfacebook-php-sdk

Facebook OAuth asks permission again and again

App keeps asking for "allow permission" even thought I did it.

https://www.facebook.com/v3.3/dialog/oauth?client_id=CLIENTID&state=StateHASH&response_type=code&sdk=php-sdk-5.7.0&redirect_uri=HTTPS://MYWEB/fb-callback.php&scope=email%2Cpages_show_list%2Cpublish_pages%2Cmanage_pages

I'm visiting this link after the first time of allowing the permission, and I'm confused. Shouldn't the second time or third, just send me to the redirect link and not asking me again for the permission that I've allowed already?

When I click log in with Facebook, it ask to authorize already authorized user. I am using PHP SDK 5.7.0. I got this problem when I migrated my site to another host, but however I don't believe that this is the main problem.

NOTE: If the code is asking JUST for "email" permission and no other permission, it works perfectly. config-fb.php

  if(!isset($_SESSION))
    session_start();
require_once "Facebook/autoload.php";
$FB = new \Facebook\Facebook([
    'app_id' => '{APP_ID}',
    'app_secret' => '{APP_SECRET}',
    'default_graph_version' => 'v3.3'
]);
$helper = $FB->getRedirectLoginHelper();
$permissions = ['email', 'manage_pages']; //if there is only the email permission, it works perfectly
$redirectURL = "http://localhost/fb-callback.php";
$loginURL = $helper->getLoginUrl($redirectURL, $permissions);
echo "<a href='".$loginURL."'>Login</a>";

fb-callback.php

<?php
require_once "config-fb.php";


if (isset($_GET['state'])) {
$helper->getPersistentDataHandler()->set('state', $_GET['state']);
}

try {
    $accessToken = $helper->getAccessToken();
} catch (\Facebook\Exceptions\FacebookResponseException $e) {
    echo "Response Exception: " . $e->getMessage();
    exit();
} catch (\Facebook\Exceptions\FacebookSDKException $e) {
    echo "SDK Exception: " . $e->getMessage();
    exit();
}

if (!$accessToken) {
    echo "Access token missing";
    exit();
}

$oAuth2Client = $FB->getOAuth2Client();
if (!$accessToken->isLongLived())
    $accessToken = $oAuth2Client->getLongLivedAccessToken($accessToken);

$response = $FB->get("/me?fields=id, accounts{id,name,picture,access_token}, first_name, last_name, email, picture.type(large)", $accessToken);
$userData = $response->getGraphNode()->asArray();



if(!isset($_SESSION)){
    session_start();
}

echo "Good";
//Then do something with $accessToken;
Solution

  • I just found the answer. In fact I don't really know why this should happen, but however. As I mentioned on the question that this problem happens when I add more permission except "email", now I realized that this happens even if any permission is missing. My app has access on other permission and features, and I didn't write all of them on $permission array. So make sure that you have wrote all permissions that Facebook gave you.

    This worked for me!