facebook error 'Error validating verification code'

Question

very strange error. i use gide http://developers.facebook.com/docs/authentication/. so i create request to fb and pass redirect_uri. i use test site on localhost. so if i pa

Answer 1

I just had the same problem.

Admittedly, I am a super n00b so excuse me if this solution doesnt make any sense in actual practice.

I simply set a short fuse cookie (1-2 min) with a test variable in the page with my FB Connect button. When FB came back with information to my data parsing/handling script I checked for this cookie where I was redirecting it and if found, directed the user to the proper URL using header:location.

Of course some browsers/users etc disable cookies. This obviously wont work there (maybe use a session var and destroy it in the fb data handler?) I am sure there is a better way to do it but at the moment, this bandaid works.

Answer 2

The answer for me was this:

$user = $facebook->getUser();     
if (!$user) {
    $loginUrl = $facebook->getLoginUrl(array(
        'scope' => '',
        'redirect_uri' => $this->domain,
    ));
    print('<script> top.location.href=\'' . $loginUrl . '\'</script>');
}

I've been cracking my head a long time before I found this solution, seeming I am not the only one with this issue I hope this works for you to!

Answer 3

I have had this problem. I knew for a fact that my URLs were the same because I used a class with the same $var, but I kept getting the 400 response and that error in the JSON response.

The only thing I did was change my redirect_uri from:

http://myredirecturi.com

to

http://myredirecturi.com/

Yeh, just added the trailing slash and it worked.

Answer 4

I was having the pb and finally fix it adding the type=client_cred parameter in the url.

Answer 5

There are presently (as of March 2011) undocumented requirements regarding what makes a valid redirect_uri.

First, both redirect_uri paramaters to authorize and access_token must match.

Apparently Facebook (or rather OAuth2) is using the redirect_uri as a internal key to encode the code returned for the access_token request. It's kinda clever since it verifies back to your site. It explains why the access_token request which wouldn't otherwise need a redirect_uri parameter requires one.

Second, you cannot use many special characters in the redirect_uri.

A lot of discussion rages whether parameters can be passed at all. They can, you're limited which characters are valid but no one has published a list that I know. Traditional methods like url/html encoding will fail because percent(%) is not valid. Slash (/) is not valid either so a nested redirection url will always fail. The ONLY way to overcome the special char limitation is to encode the value of the parameter to base64. If you're using ASP.NET, look up Convert.ToBase64.

Lastly, and this is more of a side-note. There are a lot of programmers passing along misinformation that a simple solution is to pass type=client_cred. This may limit your access to some of the permissions you requested in your authorization. It is inadvisable.

Answer 6

I noticed you are using Yii which I'm using as well and had the same problem for half the day. As mentioned, the problem is the special characters in your URL i.e. r=site/oath2

You can fix it by enabling pretty URLS in your config so that your URL becomes index.php/site/oath2

It seems to work without the trailing slash though.