Geek Answers Handbook

API calls from the server require the appsecret_proof argument

I cannot make API requests with the Android Facebook SDK or even get the user from the login callback - it always returns null.

In particular, using newMeRequest, the following error message appears:

{ "error": { "message": "API calls from the server require an appsecret_proof argument", "type": "GraphMethodException", "code": 100 } }

In fact, this seems pretty obvious, because the flag is set to true in the options of the Facebook application. However, I know that for mobile sdks it is possible to make API requests without a secret. However, if I try to use the access token from currentSession in the Graph Graph API debugger, the answer will be the same as above.

I don’t know if this is related to the new Android Android SDK, but my code is basically the same as in the examples. The login goes well and I get a session token, but I cannot make any API requests ...

 loginButton.setUserInfoChangedCallback(new LoginButton.UserInfoChangedCallback() { @Override public void onUserInfoFetched(GraphUser user) { graphUser = user; } }); Request.newMeRequest(currentSession, new Request.GraphUserCallback() { @Override public void onCompleted(GraphUser user, Response response) { } } }).executeAsync();
+7
android facebook facebook-graph-api android facebook
source share
4 answers

The only way I could work was the No App Secret proof for API calls parameter in the advanced settings of the facebook application.

However, this is a fix, not a solution, since I could not fulfill the request in the option set to Yes (as is possible in iOS facebook sdk).

+20
source share

you need to add the parameter "appsecret_proof" to your request containing the hash code "sha256" accessToken and appSecret

https://developers.facebook.com/docs/graph-api/securing-requests

+8
source share

You need to disable Require App Secret in Facebook pre-access settings.

+4
source share

Until you are the actual answer to your question (as it is not related to the Android SDK), it seems that since March 2018 there are still some problems related to appsecret_proof and web page calls (Javascript) / and possibly mobile (not sure) customers.

Facebook bug report (February 2018) - question reappears

Facebook bug report (October 2016)

Facebook bug report (February 2015)

That is, for an application with Require Secret application, App Dashboard > Settings > Advanced > Security > Require App Secret Secret is turned on, it seems that it is impossible to make API calls from Javascript without passing appsecret_proof - at the time of writing (March 2018)).

A quick fix is ​​to disable the flag. Depending on your requirements, you can also choose two applications for Facebook: one for web pages / mobile calls (the flag is off) and one for server-side calls (the flag is on).

0
source share

More articles:


All Articles