Facebook redirect url issue OAuthException

Question

My app was working well for long time, but now I am getting the error from Facebook saying:

Content: {\"error\":{\"message\":\"Error validating verification c

Answer 1

I've faced some strange Facebook behavior.

My site runs https and I've always got an error "Error validating verification code. Please make sure your redirect_uri is identical".

But then I've change https to http in redirect_uri and in developer panel (OAuth urls) then error disappear and authentification start to work correctly. But site still runs https...

Hope this helps someone.

Answer 2

It's important to note that if you use https:// however in your login URL you are using http://, then it will throw a OAuthException about a url issue.

So you must use https:// in your login URL if you are using it.

This solved my problem.

Answer 3

Mo Hrad A is right, I didn't even manage to use $ character.

I wrote 2 simple functions that allows me to use complex return urls with parameters:

public static string EncodeFacebookReturnUrl(string url)
{
    return Regex.Replace(HttpUtility.UrlEncode(url), "%", "_-_");
}

public static string DecodeFacebookReturnUrl(string url)
{
    return HttpUtility.UrlDecode(Regex.Replace(url, "_-_", "%"));
}

Translating with UrlEncode results in only 1 "illegal" character (%), which I'm replacing with the legal string _-_. Makes it simple to decode too.

Answer 4

In my case I was using http://127.0.0.1:8000 - However FB changes that automatically to http://127.0.0.1:8000/ in the OAuth redirect to deal wihh passing query params. Changing my URL in my code to have an end slash solved the issue for me. I suspect they are storing the final useable version and comparing that to the 2nd request.

Answer 5

Niranjan, we saw the same error message, precisely. Like you, it started happening this month, without any changes to our code.

We verified carefully that the redirect_uri was indeed exactly the same in both calls - first the authorize call, and second the access_token call.

We filed with Facebook, but they triaged it as "Low": https://developers.facebook.com/bugs/307245456075215?browse=search_51964e3320a5b5556208759

In our case, we were doing something unusual (so this might not be relevant to your case). Our redirect_uri was a URL with another URL embedded as an encoded path element. The URL-within-a-URL, doubly-encoded when passed to FB, had started causing problems with the Facebook API servers.

We resolved this by changing the encoding of the nested URL to a long hex number rather than % encoding, so all Facebook servers see is a simple redirect_uri containing some hex within the path, unaffected by normal URL encoding/decoding.

My suspicion is that Facebook changed the way they encoded/decoded their URL parameters, perhaps decoding twice.

If you're doing something like us, try this approach. If not, try an altogether different and simpler redirect_uri, to see if you can get something to work. And make sure you're correctly encoding/decoding all URL query parameters.

Answer 6

in my case it caused by special characters in my query string, i had base64 code that contain / and =, i tried some characters like ! @ = / ; all throw same error

only two character that look like is valid is - _ # $

P.S / at the end of the query didn't help. also it was forbidden in the middle of the query string