Authenticated Referrals and Auth Server Stream - What is redirect_uri?
From an authenticated referral (like from history history) to my site, I am trying to use the server side authentication flow to get an access token for a specified user. I need to pass my app secret, auth code and original redirect URI to Facebook endpoint. Since I have not initiated the authentication request, how do I determine the original redirect_uri?
The Facebook timeline link looks like this:
http://www.facebook.com/connect/uiserver.php?app_id=153644678059870&method=permissions.request&redirect_uri=http%3A%2F%2Fwww.wnmlive.com%2Fpost%2F141833948%3Ffb_action_ids%3D10100708033267487%26fb_action_types%3Dwnm-live%253Acomment%26fb_source%3Drecent_activity&response_type=code&display=page&auth_referral=1
So, I believe the redirect URI that I need to pass is:
http%3A%2F%2Fwww.wnmlive.com%2Fpost%2F141833948%3Ffb_action_ids%3D10100708033267487%26fb_action_types%3Dwnm-live%253Acomment%26fb_source%3Drecent_activity
The URI that the user is ultimately redirected to is:
http://www.wnmlive.com/post/141833948?fb_action_ids=10100708032119787&fb_action_types=wnm-live%3Apost&fb_source=recent_activity&code=AQALK-Mwb_Nwi4z7FWnFaL6tEXvNtVJiRKrgarG9X73sp22TJyk8v2GWKtuXuevJk4hPSRNnuNpEgZXLFdOS_k-pY-mE15DYytIa8Y7VdSw3VL-XYi-CR9BCqRQGq4uBJvSSdZayCp6MWzDMaNqWd5r8OhKVnOhg_yDlvfoLl21N2SMwkJaOfD5mlPnPb5A-Q4A#_=_
Is it safe to assume that I can just chop off everything starting with "& code =" and use that as the redirect URI?
source to share
Currently (August 23, 2012) Facebook adds parameters after code = example, http://apps.coincident.tv/newgirltalk/mobile/?ref=bookmarks;code=AQCZmt8n9NyfKNj8Ea9yzeCYCh-m6FcrbFqqnpQRYpfTwsO8DCk5E6CIbYig1I7g5RxDZxNs7pLcQZDdfjdLJy-8IE4BAW56VPNVADTIa9zxsFEVGLTCjfP7tuSNAIeNZdWecI53pQipnt4YpnawoRXDYVVylFZnWoVYdMtVCaOjZ5DUrN9VSByNVkV5ojOoCEY;fb_source=bookmark_favorites;count= 0; fb_bmpos = 4_0
Removing everything from the code = does not give an access token and does not only remove the code = ....; section.
This can be recreated by adding a Facebook bookmark pointing to your app, opening www.facebook.com in your mobile device browser, and then navigating to your app via the bookmark.
source to share
In addition to what Karl said, I have narrowed down the issue because of the specific ref parameter.
If you have an oauth enabled referral, I will not exchange a code for access_token
a specific number.
Examples:
Those will not work with a referral, no matter which one redirect_uri
you use to create access_token
. There are probably other ref parameters that are not working.
This is very annoying because we do not have a mobile web application working with this problem
source to share
As Karl noted, additional parameters appear after the code. Unlike Carl, if I disable them and use the resulting url as the uri redirect, it works.
$redirecturi = $_SERVER['SCRIPT_URI'];
$delimiter = "?";
foreach ($_GET as $key=>$val) {
if ($key == "code") break;
$redirecturi .= $delimiter.$key."=".rawurlencode($val);
$delimiter = "&";
}
// now I can use $redirecturi to exchange the code for a token
http://developsocialapps.com/authenticated-referrals-facebook-apps/
source to share
I filed a bug on Facebook here: https://developers.facebook.com/bugs/141862359298314
If this still affects your application, follow the link.
source to share