Search code examples
phpfacebookfacebook-php-sdkfacebook-login

Cannot get past This is an invalid redirect URI for this application - Facebook

I'm creating a new Facebook APP and I need to login with a long lived access code.

I am writing in PHP using the PHP-SDK

I have a folder called -> 

/facebook/ - index.php
           - fb-callback.php

Issue I am having is that I get this error

URL Blocked: This redirect failed because the redirect URI is not whitelisted in the app’s Client OAuth Settings. Make sure Client and Web OAuth Login are on and add all your app domains as Valid OAuth Redirect URIs.

Here are some images of my app

https://gyazo.com/cabc185d9adf9bc402839e60f1a665e8.png [![https://gyazo.com/803b37a849e921be8b7ae345fba0c236.png][2]][2] [![https://gyazo.com/397bb12f93e0efa5f7105b6ec389a34e.png][3]][3]

I have already tried changing the url to many different combinations but feel there is something missing that I haven't tried

index.php

   <?php

    require_once __DIR__ . '/vendor/autoload.php'; // change path as needed
    session_start();
    $fb = new Facebook\Facebook([
      'app_id' => '384096482217240', // Replace {app-id} with your app id
      'app_secret' => '<App_secret :-)>',
      'default_graph_version' => 'v3.2',
      ]);

    $helper = $fb->getRedirectLoginHelper();

    $permissions = ['email']; // Optional permissions
    $loginUrl = $helper->getLoginUrl('https://dms.dev11.autohq.co.uk/test-scripts/facebook/fb-callback.php', $permissions);

    echo '<a href="' . htmlspecialchars($loginUrl) . '">Log in with Facebook!</a

>';

fb-callback.php

<?php

require_once __DIR__ . '/vendor/autoload.php'; // change path as needed
session_start();
$fb = new Facebook\Facebook([
  'app_id' => '384096482217240', // Replace {app-id} with your app id
  'app_secret' => '<App_secret :-)>',
  'default_graph_version' => 'v3.2',
  ]);

$helper = $fb->getRedirectLoginHelper();

try {
  $accessToken = $helper->getAccessToken();
} catch(Facebook\Exceptions\FacebookResponseException $e) {
  // When Graph returns an error
  echo 'Graph returned an error: ' . $e->getMessage();
  exit;
} catch(Facebook\Exceptions\FacebookSDKException $e) {
  // When validation fails or other local issues
  echo 'Facebook SDK returned an error: ' . $e->getMessage();
  exit;
}

if (! isset($accessToken)) {
  if ($helper->getError()) {
    header('HTTP/1.0 401 Unauthorized');
    echo "Error: " . $helper->getError() . "\n";
    echo "Error Code: " . $helper->getErrorCode() . "\n";
    echo "Error Reason: " . $helper->getErrorReason() . "\n";
    echo "Error Description: " . $helper->getErrorDescription() . "\n";
  } else {
    header('HTTP/1.0 400 Bad Request');
    echo 'Bad request';
  }
  exit;
}

// Logged in
echo '<h3>Access Token</h3>';
var_dump($accessToken->getValue());

// The OAuth 2.0 client handler helps us manage access tokens
$oAuth2Client = $fb->getOAuth2Client();

// Get the access token metadata from /debug_token
$tokenMetadata = $oAuth2Client->debugToken($accessToken);
echo '<h3>Metadata</h3>';
var_dump($tokenMetadata);

// Validation (these will throw FacebookSDKException's when they fail)
$tokenMetadata->validateAppId('{app-id}'); // Replace {app-id} with your app id
// If you know the user ID this access token belongs to, you can validate it here
//$tokenMetadata->validateUserId('123');
$tokenMetadata->validateExpiration();

if (! $accessToken->isLongLived()) {
  // Exchanges a short-lived access token for a long-lived one
  try {
    $accessToken = $oAuth2Client->getLongLivedAccessToken($accessToken);
  } catch (Facebook\Exceptions\FacebookSDKException $e) {
    echo "<p>Error getting long-lived access token: " . $e->getMessage() . "</p>\n\n";
    exit;
  }

  echo '<h3>Long-lived</h3>';
  var_dump($accessToken->getValue());
}

$_SESSION['fb_access_token'] = (string) $accessToken;

// User is logged in with a long-lived access token.
// You can redirect them to a members-only page.
//header('Location: https://example.com/members.php');

I'd like to be able to login and receive a long-access token

Solution

  • The Web OAuth Login setting needs to be switched to Yes allow your app to use this kind of login flow.

    (Yes, the error message is not very helpful in this regard. They could have made that say something like “this login flow is currently not allowed for app xy” perhaps in a situation like this, that would probably be a bit clearer.)