Facebook redirect url issue OAuthException
Solution 1
I realize this is 6 weeks late, but I figured I'll post this here since I found a fix that worked for us. Had the same issue and after trying to encode the return url (which did not work), I realized that we were building our URL like:
$url = "http://example.com/";
$redirect_script = "/cgi-bin/redirect.cgi";
$redirect_url = $url . $redirect_script;
However this resulted in a return URL that looked like http://example.com//cgi-bin/redirect.cgi
-- note the "//" after example.com. When I removed the double-slashes from this URL, it worked again. OP, I see that your redirect URL has the same thing in /facebook/callback//empty?etc
which I believe is what's messing it up.
Solution 2
In my case I was using http://127.0.0.1:8000
- However FB changes that automatically to http://127.0.0.1:8000/
in the OAuth redirect to deal wihh passing query params. Changing my URL in my code to have an end slash solved the issue for me. I suspect they are storing the final useable version and comparing that to the 2nd request.
Solution 3
Niranjan, we saw the same error message, precisely. Like you, it started happening this month, without any changes to our code.
We verified carefully that the redirect_uri was indeed exactly the same in both calls - first the authorize call, and second the access_token call.
We filed with Facebook, but they triaged it as "Low": https://developers.facebook.com/bugs/307245456075215?browse=search_51964e3320a5b5556208759
In our case, we were doing something unusual (so this might not be relevant to your case). Our redirect_uri was a URL with another URL embedded as an encoded path element. The URL-within-a-URL, doubly-encoded when passed to FB, had started causing problems with the Facebook API servers.
We resolved this by changing the encoding of the nested URL to a long hex number rather than % encoding, so all Facebook servers see is a simple redirect_uri containing some hex within the path, unaffected by normal URL encoding/decoding.
My suspicion is that Facebook changed the way they encoded/decoded their URL parameters, perhaps decoding twice.
If you're doing something like us, try this approach. If not, try an altogether different and simpler redirect_uri, to see if you can get something to work. And make sure you're correctly encoding/decoding all URL query parameters.
Solution 4
Had the same problem today, the problem turned out to be that the redirect_uri used a http:// URL Schema, and Facebook only accepts https://
Solution 5
It's important to note that if you use https://
however in your login URL you are using http://
, then it will throw a OAuthException
about a url issue.
So you must use https://
in your login URL if you are using it.
This solved my problem.
Niranjan Sagar
Updated on July 09, 2022Comments
-
Niranjan Sagar almost 2 years
My app was working well for long time, but now I am getting the error from Facebook saying:
Content: {"error":{"message":"Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request","type":"OAuthException","code":100}}
https://www.facebook.com/dialog/oauth/?client_id=163840537126360&redirect_uri=http://mycloud.niranjan.com/facebook/callback//empty/?vTitle=Facebook&scope=email,sms,user_about_me,friends_about_me,user_activities,friends_activities,user_birthday,friends_birthday,user_education_history,friends_education_history,user_events,friends_events,user_likes,friends_likes,user_location,friends_location,user_photos,friends_photos,user_videos,friends_videos,user_relationships,friends_relationships,user_status,friends_status,user_checkins,friends_checkins,read_stream,publish_stream
Can anyone suggest a solution for this one?
-
Oleh Nechytailo over 10 yearsThank you! It's exactly what happened to me. I sent redirect url with other url in parameter. Possible workaround - encode inner url as base64, it works well.
-
Dev Null about 10 yearsI use http all the time without an issue.
-
Aakash over 8 yearsMy problem turned out to be "too few
/
".redirect_uri:"http://localhost:3001"
did not work. I had to add/
after the url.redirect_uri:"http://localhost:3001/"
worked. I thought it wouldn't matter because google accepted the former whereas facebook did not. Well, it mattered and now its working. Thank you all. -
Carl over 8 yearsHow do you change the redirect URI in omniauth-facebook so it goes to https?
-
Lothre1 almost 8 years
-
solarissmoke almost 8 yearsThis is the same solution that at least two other answers have already given.
-
Gregory Rusakov almost 8 yearsIt looks like as an opposite solution to thouse two answers. But it works.
-
fightingmamoru over 7 yearsI have same case, too. Thanks.
-
Tatyana over 7 yearsI have the same situation. could you please write an example - how did you encode url in parameter. uri for login i send from js, but uri for getting access_token from code i send from server side (c#). Should i encode in bith places?
-
Evan Knowles over 6 yearsSame here - that feels like a FB bug to me.