Retrieving Facebook Access Token doesn't work with curl or file_get_contents

Question

This problem is really frustrating because I can see what's causing it but can't find a solution.

When attempting to achieve a facebook access token first have my url:

$token_url = "https://graph.facebook.com/oauth/access_token?client_id=".$app_id."&redirect_uri=".urlencode($my_url)."&client_secret=".$app_secret."&code=".$code;

I next have tried to both use url_decode and curl like so:

$ch = curl_init();
curl_setopt($ch, CURLOPT_AUTOREFERER, TRUE);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $token_url);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);       
$response = curl_exec($ch);
curl_close($ch);

With curl, the response is empty (even with returntransfer set to true).

So next I try with file_get_contents like so:

$response = file_get_contents($token_url);
echo $response;

This then produces an error which suggests that it is not parsing the url correctly.

Warning: file_get_contents(https://graph.facebook.com/oauth/access_token?client_id=XXXXXXXX&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2F&client_secret=XXXXXXXXXXXXXXXXXX&code=AQAw8Y3fehv2IWxhmQs9M28IsP4hAzwL5pnvSJkb2v_9H61Gpt659IgMHLgvgRH46tXl8BAL0SRyilKqVay4b4Su68nzT2OmbVK88eNHdGQqIaR_N7X8noIkQTeq_HuEImLlxQwbFcg_PJ5EGh9l392KL2OFqi8qplgOE5m21qlKOvVvUE3cZrcfk_mmr9FUm5eQXIvEp8sUYHxHAXvvyNmV [function.file-get-contents]: failed to open stream: HTTP request failed! HTTP/1.0 400 Bad Request in C:\Users\Mark\workspace\Never\aqueous-sands-5942\index.php on line 65

By removing the "amp;" the url works and you can see the correct response by opening the url directly in browser.

How do I prevent the "amp;" becoming a part of the url? I can't see any extra spaces anywhere and I have encoded my url (http://localhost:8000/)

What am I doing wrong?

UPDATE:

Larger code sample:

require 'sdk/src/facebook.php';

   $app_id = "123456778";
   $app_secret = "XXXXXXXXXXXXX";
   $my_url = "http://localhost:8000/";

  session_start();

    @$code = $_REQUEST["code"];

    if (!isset($_REQUEST["code"])) {

     $_SESSION['state'] = md5(uniqid(rand(), TRUE)); // CSRF protection
     $dialog_url = "https://www.facebook.com/dialog/oauth?client_id=". $app_id . "&redirect_uri=" . $my_url . "&state=" . $_SESSION['state'] . "&scope=email";

     echo("<script>top.location.href='" . $dialog_url . "'</script>");
    }

 if( $_SESSION['state'] && ( $_SESSION['state'] === $_REQUEST['state'] ) ) {

    $token_url = "https://graph.facebook.com/oauth/access_token?client_id=".$app_id."&redirect_uri=".urlencode($my_url)."&client_secret=".$app_secret."&code=".$code;
    echo "value of token:";
    echo $token_url;

  /* curl section (commenting out) */ /*
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_AUTOREFERER, TRUE);
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_URL, $token_url);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);       
    $response = curl_exec($ch);
    curl_close($ch); */

    echo "command:"; 
    echo $token_url;
    echo "value:";
    $response = file_get_contents($token_url);
    echo $response;
    $params = null;
    parse_str($response, $params);

If you are seeing `&` in places where you would expect just an `&` – then most likely your are URL-encoding the value that contained `&` originally one time to much or in a wrong way. Where you might be doing that, can not be found in the current code snippet. — CBroe, Jan 19 '13 at 17:32
Hi @CBroe, I have updated and attached a larger code snippet. I did try using urlencode on $dialog_url but it didn't help. — Mark, Jan 19 '13 at 18:24
Why are you trying to implement all that stuff yourself – why don’t you just use the PHP SDK, which handles all of that neatly for you? — CBroe, Jan 19 '13 at 18:45
@CBroe, I'm following the example code found here: https://developers.facebook.com/docs/howtos/login/server-side-login/ — Mark, Jan 19 '13 at 19:13
I've attempted with the FB SDK e.g. using $user = $facebook->getUser(); etc but can't seem to find any documentation on how to handle permissions changing, or not having permissions etc — Mark, Jan 19 '13 at 20:11
https://developers.facebook.com/docs/howtos/login/handling-revoked-permissions/ — CBroe, Jan 19 '13 at 20:17
Am trying different authentication now using the sdk which is working, only there are some problems with the access tokens: http://stackoverflow.com/questions/14420410/facebook-php-sdk-dealing-with-access-tokens — Mark, Jan 20 '13 at 00:23

score 1 · Answer 1 · answered Aug 10 '14 at 20:18

1

I had the same problem and setting

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

worked.

From cURL 7.10 is set to TRUE by default.

answered Aug 10 '14 at 20:18

vicgilbcn

149
3

Retrieving Facebook Access Token doesn't work with curl or file_get_contents

1 Answers1