Facebook redirect url issue OAuthException

facebook api facebook-graph-api oauth

23,149

Solution 1

I realize this is 6 weeks late, but I figured I'll post this here since I found a fix that worked for us. Had the same issue and after trying to encode the return url (which did not work), I realized that we were building our URL like:

$url = "http://example.com/";
$redirect_script = "/cgi-bin/redirect.cgi";

$redirect_url = $url . $redirect_script;

However this resulted in a return URL that looked like http://example.com//cgi-bin/redirect.cgi -- note the "//" after example.com. When I removed the double-slashes from this URL, it worked again. OP, I see that your redirect URL has the same thing in /facebook/callback//empty?etc which I believe is what's messing it up.

Solution 2

In my case I was using http://127.0.0.1:8000 - However FB changes that automatically to http://127.0.0.1:8000/ in the OAuth redirect to deal wihh passing query params. Changing my URL in my code to have an end slash solved the issue for me. I suspect they are storing the final useable version and comparing that to the 2nd request.

Solution 3

Niranjan, we saw the same error message, precisely. Like you, it started happening this month, without any changes to our code.

We verified carefully that the redirect_uri was indeed exactly the same in both calls - first the authorize call, and second the access_token call.

We filed with Facebook, but they triaged it as "Low": https://developers.facebook.com/bugs/307245456075215?browse=search_51964e3320a5b5556208759

In our case, we were doing something unusual (so this might not be relevant to your case). Our redirect_uri was a URL with another URL embedded as an encoded path element. The URL-within-a-URL, doubly-encoded when passed to FB, had started causing problems with the Facebook API servers.

We resolved this by changing the encoding of the nested URL to a long hex number rather than % encoding, so all Facebook servers see is a simple redirect_uri containing some hex within the path, unaffected by normal URL encoding/decoding.

My suspicion is that Facebook changed the way they encoded/decoded their URL parameters, perhaps decoding twice.

If you're doing something like us, try this approach. If not, try an altogether different and simpler redirect_uri, to see if you can get something to work. And make sure you're correctly encoding/decoding all URL query parameters.

Solution 4

Had the same problem today, the problem turned out to be that the redirect_uri used a http:// URL Schema, and Facebook only accepts https://

Solution 5

It's important to note that if you use https:// however in your login URL you are using http://, then it will throw a OAuthException about a url issue.

So you must use https:// in your login URL if you are using it.

This solved my problem.

View more solutions

23,149

Author by

Niranjan Sagar

Updated on July 09, 2022

Comments

Niranjan Sagar almost 2 years

My app was working well for long time, but now I am getting the error from Facebook saying:

Content: {"error":{"message":"Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request","type":"OAuthException","code":100}}

https://www.facebook.com/dialog/oauth/?client_id=163840537126360&redirect_uri=http://mycloud.niranjan.com/facebook/callback//empty/?vTitle=Facebook&scope=email,sms,user_about_me,friends_about_me,user_activities,friends_activities,user_birthday,friends_birthday,user_education_history,friends_education_history,user_events,friends_events,user_likes,friends_likes,user_location,friends_location,user_photos,friends_photos,user_videos,friends_videos,user_relationships,friends_relationships,user_status,friends_status,user_checkins,friends_checkins,read_stream,publish_stream

Can anyone suggest a solution for this one?
Oleh Nechytailo over 10 years

Thank you! It's exactly what happened to me. I sent redirect url with other url in parameter. Possible workaround - encode inner url as base64, it works well.
Dev Null about 10 years

I use http all the time without an issue.
Aakash over 8 years

My problem turned out to be "too few /". redirect_uri:"http://localhost:3001" did not work. I had to add / after the url. redirect_uri:"http://localhost:3001/" worked. I thought it wouldn't matter because google accepted the former whereas facebook did not. Well, it mattered and now its working. Thank you all.
Carl over 8 years

How do you change the redirect URI in omniauth-facebook so it goes to https?
Lothre1 almost 8 years

@Akash I confirm! I had the same problem with localhost and appending a / fixed my problem (localhost)
solarissmoke almost 8 years

This is the same solution that at least two other answers have already given.
Gregory Rusakov almost 8 years

It looks like as an opposite solution to thouse two answers. But it works.
fightingmamoru over 7 years

I have same case, too. Thanks.
Tatyana over 7 years

I have the same situation. could you please write an example - how did you encode url in parameter. uri for login i send from js, but uri for getting access_token from code i send from server side (c#). Should i encode in bith places?
Evan Knowles over 6 years

Same here - that feels like a FB bug to me.