Authenticated Referrals and Auth Server Stream - What is redirect_uri?

From an authenticated referral (like from history history) to my site, I am trying to use the server side authentication flow to get an access token for a specified user. I need to pass my app secret, auth code and original redirect URI to Facebook endpoint. Since I have not initiated the authentication request, how do I determine the original redirect_uri?

The Facebook timeline link looks like this:


So, I believe the redirect URI that I need to pass is:


The URI that the user is ultimately redirected to is:


Is it safe to assume that I can just chop off everything starting with "& code =" and use that as the redirect URI?


source to share

5 answers

According to a Facebook engineer, redirect_uri is the current URI before "& code =". The code will always be the final name / value string of the query string. I have also confirmed that this works.



Currently (August 23, 2012) Facebook adds parameters after code = example,;code=AQCZmt8n9NyfKNj8Ea9yzeCYCh-m6FcrbFqqnpQRYpfTwsO8DCk5E6CIbYig1I7g5RxDZxNs7pLcQZDdfjdLJy-8IE4BAW56VPNVADTIa9zxsFEVGLTCjfP7tuSNAIeNZdWecI53pQipnt4YpnawoRXDYVVylFZnWoVYdMtVCaOjZ5DUrN9VSByNVkV5ojOoCEY;fb_source=bookmark_favorites;count= 0; fb_bmpos = 4_0

Removing everything from the code = does not give an access token and does not only remove the code = ....; section.

This can be recreated by adding a Facebook bookmark pointing to your app, opening in your mobile device browser, and then navigating to your app via the bookmark.



In addition to what Karl said, I have narrowed down the issue because of the specific ref parameter.

If you have an oauth enabled referral, I will not exchange a code for access_token

a specific number.


Those will not work with a referral, no matter which one redirect_uri

you use to create access_token

. There are probably other ref parameters that are not working.

This is very annoying because we do not have a mobile web application working with this problem



As Karl noted, additional parameters appear after the code. Unlike Carl, if I disable them and use the resulting url as the uri redirect, it works.

$redirecturi = $_SERVER['SCRIPT_URI'];
$delimiter = "?";
foreach ($_GET as $key=>$val) {
    if ($key == "code") break;
    $redirecturi .= $delimiter.$key."=".rawurlencode($val);
    $delimiter = "&";
// now I can use $redirecturi to exchange the code for a token



I filed a bug on Facebook here:

If this still affects your application, follow the link.



All Articles