Oauth 2.0 cannot get an access token from the signed_request 'code' value

孤街浪徒 提交于 2019-12-07 01:40:14

问题


I'm migrating to Oauth 2.0. My current site uses JS SDK, has a fb-login button, then I'm accessing Graph to get the users details.

I'm having problems getting an access token to get this data from Graph.

One problem could be that JS SDK dialog doesn't redirect my to the URL it says it should i.e. the one with ?code=XXXXXXX that I can then use to get an access token.

So I've looked at the php SDK (I'm using ASP) to see how it does it. I've parsed the signed-request value in the cookie, got the value in the 'code' param to add to the token URL but I can't get an access token. These are the values I'm using:

Parsed signed_request data:

{"algorithm":"HMAC-SHA256","code":"2.AQCovUOFCduELbna.3600.1323900000.1-773555243|Y_cW4riF4K7el_9a4oVNjL0qvZc","issued_at":1323895617,"user_id":"XXXXXXXXXX"}

Token URL: https://graph.facebook.com/oauth/access_token?
           client_id=XXXXXXXX&
           redirect_uri=XXXXXXXX&
           client_secret=XXXXXX&
           code=2.AQCovUOFCduELbna.3600.1323900000.1-773555243|Y_cW4riF4K7el_9a4oVNjL0qvZc

This is the response:

{"error":{"message":"Error validating verification code.","type":"OAuthException"}} 

Does the code value appear to be in the correct format? Any ideas as to what's wrong?


回答1:


exact same problem here...

solution: if code is extracted from cookie payload, leave parameter redirect_uri empty

try

Token URL: https://graph.facebook.com/oauth/access_token?client_id=XXXXXXXX&redirect_uri=&client_secret=XXXXXX&code=2.AQCovUOFCduELbna.3600.1323900000.1-773555243|Y_cW4riF4K7el_9a4oVNjL0qvZc

worked for me!



来源:https://stackoverflow.com/questions/8519501/oauth-2-0-cannot-get-an-access-token-from-the-signed-request-code-value

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!