I\'m trying to retrieve data using the new graph API, however the token I\'m retriving from OAuth doesn\'t appear to be working.
The call I\'m making is as follows;
I ran into the exact same problem but it turned out the issue is not the encoding of the redirect_uri parameter, or that I had a trailing slash or question mark it's simply that I passed in two different redirect urls (had not read the specification at that time).
The redirect_uri is only used as a redirect once (the first time) to redirect back to the relying party with the "code" token. The 2nd time, the redirect_uri is passed back to the auth server but this time it's not used as you'd expect (to redirect) rather it's used by the authentication server to verify the code. The server responds with the access_token.
http://tools.ietf.org/html/draft-ietf-oauth-v2-05#section-3.5.2
You'll notice facebook documentation (which is terrible) says fetch "Exchange it for an access token by fetching https://graph.facebook.com/oauth/access_token. "
In summary, I didn't have to encode or do anything special to the Uri, just pass in the same redirect_uri twice, and fetch the 2nd page to get the access_token inside.
you need to enter an actual values instead of the < app_id > and a secret value. the code is a unique value that you need to generate , and the redirect URL that you provide will then verify that the code is correct.
Don't use type=client_cred, this is not the access token that a user grants for your app to use. You don't need redirect_uri or code or any approval to get the client_cred type access token.
Facebook implements an early draft of OAuth 2 at this time. So there is not support for "state" yet.
But it is nice that you can suffix your state to the redirect_uri, the important point to note here is that the site url that you specified (which is the redirect_uri)
should not have a
question mark at the end or anywhere in what you suffix as client state, encoded or not. If you did, you will get the dreaded "Error validating verification code"
Don't use like that
http://www.Redirect.com?
Correct Url is http://www.Redirect.com/
Hope it helps.
Make sure you have url encoded your query parameters, your one should actually be:
000000000000%7CAaaAaaAaaAAaAaaaaAaaAa0aaAA
Note: also the type parameter seems to be required, without it you also get 500 error with message:
{
"error": {
"type": "OAuthException",
"message": "Error validating verification code."
}
}
rather than the message you get with other missing parameters. Cannot see that mentioned in the documentation.
This works for me :-)
header('Location: https://graph.facebook.com/oauth/access_token?' . http_build_query(array(
'client_id' => FB_APP_ID,
'type' => 'client_cred',
'client_secret' => FB_SECRET,
'code' => $code)));
Of course you would use file_get_contents instead and parse the token out of the response