Facebook OAuth "The domain of this URL isn't included in the app's domain"

facebook laravel facebook-graph-api oauth laravel-socialite

412,972

Solution 1

This usually happens if you have entered the wrong details when you created the App in Facebook. Or have you changed a URL's of an existing App?

Can you please recheck the settings of your APP in this page?

https://developers.facebook.com/apps

Select the correct App and click in the edit button;
Check the URLs & paths are correctly entered and are pointing to the site where you have installed Ultimate Facebook plugin.

Solution 2

In case someone comes across this and is looking for these settings (like I was)

You have to

On the left hand side, click "+Add Product" and select "Facebook Login" (it was at the top for me)
See the new settings available on the left hand side
You will now have these OAuth settings on that "Product Settings"

enter image description here

Additional Info: Make sure to add the Callback URL like http://localhost:3000 to the Valid OAuth redirect URIs field on the settings page of Facebook Login

Solution 3

I had the same problem. I solved it by adding my OAuth redirect URI as a argument to the getAccessToken function call:

$redirectLoginHelper->getAccessToken("https://www.example.com/myfacebookcallback")

If no argument is sent into that function the SDK generates the redirect URI by itself which should work but in my case it didn't.

Hope this helps someone.

Solution 4

Make sure your app is public. Click on + Add product Now go to products => Facebook Login Now do the following:

Valid OAuth redirect URIs : example.com/

Deauthorize Callback URL : https://example.com/facebookapp

Solution 5

Here's what I did to solve this issue:

Basically:

1) Enable "Embedded Browser OAuth Login"

2) Disable "Use Strict Mode for Redirect URIs" and enter a redirect URI like the way I did.

3) Leave all the rest of the options as they are.

4) Save your changes.

5) Enjoy :)

View more solutions

412,972

dangel

SOreadytohelp

Updated on February 22, 2022

Comments

dangel about 2 years
Let me first start with saying I've searched for an answer to this question for quite some time...

I'm trying to setup Facebook OAuth to work with my application that is being developed locally on my machine. Everything was working perfect with Facebook authorization UNTIL I moved from using localhost to another domain name (still local to my machine.) Now I'm getting the following error.

Can't Load URL: The domain of this URL isn't included in the app's domains. To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings.

My hosts file contains 127.0.0.1 domain.dev (works perfect)

My redirect in my app (using Socialite) is http://domain.dev/auth/facebook/callback

In my Facebook App Settings...
- my App Domain is domain.dev
- my Site URL is http://domain.dev/
- my Valid OAuth redirect URIs is http://domain.dev/auth/facebook/callback
The URL at the time of the error message is..

https://www.facebook.com/v2.5/dialog/oauth?client_id=XXXXXXXXXXXXXXX&redirect_uri=http%3A%2F%2Fdomain.dev%2Fauth%2Ffacebook%2Fcallback&scope=email&response_type=code&state=0ztcKhmWwFLtj72TWE8uOKTcf65JmePtG95MZLDD

I'm at a loss of what the problem is...

Screen Shot 1

Screen Shot 2
- a.benain about 7 years
  
  Hi dangel, you might want to obfuscate your FB client_id from this post
- Ghimire over 6 years
  
  @dangel how you solved this issue??i am having same issue ,but not able to solve.
- dangel over 6 years
  
  @Ghimire, in my situation, I had changed the URL and didn't update my client\secret. From reading the solutions below, it looks like there could actually be various different reasons all giving the same error.
- Ghimire over 6 years
  
  @dangel check this .stackoverflow.com/questions/46626914/…
dangel about 8 years

All I did was change the domain and site URL to correspond from changing from localhost to photovote.dev. I updated the redirect URI on my App and also in the Facebook settings. I might just try creating a new app
dangel about 8 years

hmm, I guess I changed something on the app settings that caused a new ID to be generated, because you're right it wasn't matching anymore. Perhaps when I updated the site URL? regardless it's working again
dangel about 8 years

I just now saw what you said about "you changed a URL's of an existing App" that's exactly what happened, and I guess it caused a new client\secret ID to be generated
Chris over 7 years

This is the only way I could make it work after moving my website from http to https. Even after changing all the domains in the Facebook Api settings it just wouldn't work.
Anand over 7 years

Hi, I am also trying to implement fb oauth in my app. I have give all details on fb app. But, following error will appear while callback redirect. InternalOAuthError: Failed to obtain access token at Strategy.OAuth2Strategy._createOAuthError (D:\node_tutorials\fb\node_modules\passport-oauth2\lib\strat‌egy.js:370:17) at D:\node_tutorials\fb\node_modules\passport-oauth2\lib\strate‌gy.js:166:45 at D:\node_tutorials\fb\node_modules\oauth\lib\oauth2.js:177:18
Josh1billion about 7 years

Another thing to try that worked for me: try switching your callbacks from https to http. That involves changing both the code that calls getLoginUrl() as well as changing the callback URLs in the app settings. The callbacks never worked with HTTPS for me, for some reason, despite the site using HTTPS.
Marcus W almost 7 years

This worked for me. Was using an old app id in production.
timeon over 6 years

Thanks. I had the same problem and this was the switch I missed.
fritzmg over 6 years

This is not what the error message refers to. There is a specific error message regarding Valid OAuth redirect URIs, which is not what is happening here. The message clearly refers to Settings » Basic » App Domains. However, the problem is that even though the correct domains are filled in, the error message still appears.
Craig Lambie over 6 years

@HakamFostok urban dictionary aside, Maths reigns in higher order for the meaning of LHS/ RHS en.wikipedia.org/wiki/Sides_of_an_equation, especially in the world of coding.
PHBeagle over 6 years

This solved it for me. I did not want to take my app public as I was only doing a tutorial and testing it locally. Thank you @bangbang
mwang25 over 6 years

Thanks! This also worked for me (I was using Google Firebase. I also had to set the "Valid OAuth redirect URIs" to the OAuth redirect URI given to me by google for my project.)
Jordan over 6 years

What is the Deauthorize Callback URL : https://example.com/facebookapp needed for? Will it work without that?
tormuto over 6 years

This should be the accepted answer. Solves the problem!
Sanjoy Kanrar over 6 years

Deauthorize Callback URL is not mandatory ... when user will deauthorize our app , facebook will ping us by the url.
zzxyz about 6 years

2 year old question, and links to external sites should not be the primary content of an answer.
Chlind about 6 years

In my case, the url itself should not include empty parameters. When I give "www.example.com?param" to getAccessToken, FB always said it doesn't match URI I gave to getLoginUrl, which I'm absolutely sure is exactly the same. Using "www.example.com" doesn't rise such error.
Richard Garside about 6 years

This fixed it for me. Even though I had the domain filled in correctly I had not added a redirect url. Adding the redirect URL fixed the issue. Looks like at the moment FB are sending the wrong error message for this issue.
digitalzoomstudio about 6 years

thank you . solved by this - really bad from facebook because all these errors are abstract / ambiguous and you don't know where too look
John about 6 years

This answers the question.
Andy Holmes about 6 years

Thanks for this, had no idea the trailing slash was required!
John Smith about 6 years

I exactly had this problem! I was using "5.4.2" and upgraded to "5.6.2"
Amorphous about 6 years

This is correct answer. I also had problem when switching to htpps.
Youssef Boudaya about 6 years

i'm working locally and this is my url 127.0.0.1/CM/public what should be my Valid OAuth redirect URI ?
Youssef Boudaya about 6 years

i'm working with javascript SDK where should i add the redirect url ?
Craig Lambie about 6 years

@YoussefBoudaya it would be the same, 127.0.0.1/CM/public the same as the localhost example
Youssef Boudaya about 6 years

t tried that but i get this error "can't load url the domain of this url isn't included in the app's domains" and this is the redirect uri i found in the facebook login dialog "&redirect_uri=http%3A%2F%2Fstaticxx.facebook.com%2Fconnect%‌2Fxd_arbiter%2Fr%2Fn‌j6HSwERpgK.js%3Fvers‌ion%3D42%23cb%3Df884‌c7929ff818%26domain%‌3D127.0.0.1%26origin‌%3Dhttp%253A%252F%25‌2F127.0.0.1%252Ff1d7‌7e19e92c75c%26relati‌on%3Dopener%26frame%‌3Df3ef56bf37b9618"
Yuda Prawira about 6 years

in May 11 2018, callback url on apps and valid oauth redirect URIs at facebook must be same. and https is must though.
Rafik Bari almost 6 years

Bravo !! WORKS. You saved my day bro
johnsampson almost 6 years

This worked for me in api v2.7 and @RichardGarside's comment is accurate. I had no value set for Valid OAuth Redirect URIs and adding this field value resolved the bad FB error message relating to updating your App Domains.
jumpjack about 5 years

I have same issue, but upon opening the page locally; I added 127.0.0.1:8000 to the authorized addresses, as it is how my easyphp installation is configured, but it still does not work. Can I only test FB scripts online?!?
Alexander Mills about 5 years

"click in the edit button" ummm which button is that?
Magnus Smith about 5 years

Yes, I had to do this extra step too. I share your views on the documentation!
fdehanne about 5 years

For me, Use Strict Mode for Redirect URIs cannot be disabled.
Mitya over 4 years

Wow, literally the only thing that worked. FB's oAuth implementation is BONKERS.
Stanislav Potapenko over 4 years

Thank you! My problem was that $redirectLoginHelper->getAccessToken() - working good without any params for my NGROK on LOCAL development, BUT for my remote server I had an error. After put callback in param ($redirectLoginHelper->getAccessToken("example.com/myfaceboo‌kcallback") - it is working!
HyoJin KIM over 4 years

Trailing slash saves my time. Thanks!
absin over 4 years

I was also using the browser based login, so the same problem I was facing. Also there is an input box below where I had to put my exact redirect URI.
Čamo over 3 years

Exactly. Looking on the valid doains and everything was right. After tens of minutes I open the login section and see redirect url again and it is empty. It is against all standards to have the same thing on two places. But what to expects from Facebook.
Čamo over 3 years

Besides having the "app domains" in two different locations without much information (3 if you add a "web" platform), you also need to go to app products / facebook login / settings and add your redirect URL under Valid OAuth Redirect URIs
Čamo over 3 years

Besides having the "app domains" in two different locations without much information (3 if you add a "web" platform), you also need to go to app products / facebook login / settings and add your redirect URL under Valid OAuth Redirect URIs
Dayán Ruiz about 3 years

After 2019 strict mode can not be disabled, this solutions won´t work anymore
neelmeg about 3 years

This is the correct answer. In mobile browser, a random url with alphanumerics was getting generated and since it was not in the whitelist, login was failing. Adding the OAuth redirect url in the getAccessToken method as parameter, it works.
neelmeg about 3 years

url i provided was getAccessToken('sitename.com/callback/facebook')
Atiab Jobayer almost 3 years

This solved my problem. THANK YOU SO MUCH.
Risto Libera over 2 years

You just save my life!
ChaosFreak about 2 years

I can also confirm that adding the redirect_uri solved the problem, even though the error message says to update the app domains. The error message is wrong in this case and misleads you.