Best IT Recipes

Facebook OAuth: callback_uri user options

I would like to have a dynamic redirect URL for my integration with Facebook OAuth2. For example, if my redirect URL is in my Facebook application:

  http://www.mysite.com/oauth_callback?foo=bar

I would like the redirect URL for a specific request to be something like this, so on the server I have some context on how to handle the authentication code:

  http://www.mysite.com/oauth_callback?foo=bar&user=6234

My redirect is called after sending the authorization dialog, and I return the auth code, but when I try to get the access token, I get an OAuthException from Facebook. My query looks like this (adding lines for clarity):

 https://graph.facebook.com/oauth/access_token
     ? client_id = MY_CLIENT_ID
     & redirect_uri = http% 3A% 2F% 2Fwww.mysite.com% 2Foauth_callback% 3Ffoo% 3Dbar% 26user% 3D6234
     & client_secret = MY_SECRET
     & code = RECEIVED_CODE

All my parameters are encoded at the URL and the code looks valid, so I assume the problem parameter is my redirect_uri. I tried setting redirect_uri to all of the following, to no avail:

  • Actual request URL to my site
  • URL request to my site, minus the code parameter
  • URL specified in my Facebook app setup

Are custom redirect URI options supported? If so, am I identifying them correctly? If not, will I be forced to set a cookie, or is there some better template for serving context to my website?

+53
facebook-oauth
Jun 24 2018-11-11T00:
source share
4 answers

I understood the answer; instead of adding additional parameters to the redirect URL, you can add the state parameter to the request https://www.facebook.com/dialog/oauth :

 https://www.facebook.com/dialog/oauth
     ? client_id = MY_CLIENT_ID
     & scope = MY_SCOPE
     & redirect_uri = http% 3A% 2F% 2Fwww.mysite.com% 2Foauth_callback% 3Ffoo% 3Dbar
     & state = 6234

This status parameter is then passed to the callback URL.

+77
Jun 24 '11 at 16:28
source share

If for some reason you cannot use the option suggested by Jacob as my argument, you can urlencode specify your redirect_uri parameter before passing it, and it will work even with a full request, for example foo=bar&morefoo=morebar .

+11
Apr 27 2018-12-12T00:
source share

I tried to implement Facebook login workflow with API v2.9 after this tutorial . I tried the solutions described above. Manuel's answer seems to be correct, but I noticed that url encoding is not needed. In addition, you can only pass one parameter. Only the first request parameter will be considered, the rest will be ignored. Here is an example

  • Request the code via https://www.facebook.com/v2.9/dialog/oauth?client_id={app-id}&redirect_uri=http://{url}/login-redirect?myExtraParameter={some-value}

  • You will receive a callback for your URL. It will look like http://{url}/login-redirect?code={code-from-facebook}&myExtraParameter={value-passed-in-step-1} . Note that facebook will make a callback using myExtraParameter . You can extract the value for myExtraParameter from the myExtraParameter url.

  • Then you can request an access token using https://graph.facebook.com/v2.9/oauth/access_token?client_id={app-id}&client_secret={app-secret}&code={code-from-facebook}&redirect_uri=http://{url}/login-redirect?myExtraParameter={value-extracted-in-step-2}

The optional parameter passed in step 1 after the first request parameter is ignored. Also, do not forget to specify any invalid characters in the query parameter (for details, see.

0
Jul 11 '17 at 4:58 on
source share

It is best to specify a unique callback for each oAuth provider, /oauth/facebook , /oauth/twitter , etc.

If you really want the same file to answer all oAuth requests, include it in separate files or configure the path that will call the same file on your server using .htaccess redirects or something similar: /oauth/* > oauth_callback.ext

-one
Jun 13 '16 at 4:22
source share


More articles:


All Articles