3

I am missing something in how the Valid OAuth redirect URIs of Facebook work, in combination with the 'Strict Mode'.

In my PHP code, I generate the authentication URL with the following line,

$fbauthurl = $fbhelper->getLoginUrl('https://new.didactigo.com/auth/facebookProcess', $permissions);

I have also added that exact URL to the Facebook Valid OAuth redirect URIs section, as shown in this image: enter image description here

I have also added that domain to my 'App Domains': enter image description here

However, when I enable 'Strict mode' (as will be required per March), this exception is raised;

Can't Load URL: The domain of this URL isn't included in the app's domains. To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings.

Without the 'Strict Mode', all works fine.

Similarly, the Facebook URL tester also tells me the URL the user finally lands on, is invalid and not added to the 'Valid OAuth redirect URLs'; as shown here:

Facebook URL tester

However, this is the same base URL. Without the query parameters, this URL is accepted.
Thus the query parameters are apparently not ignored. But how can that be, because Facebook adds the dynamic 'code' and 'state' parameter to the URL themselves, I cannot predict these values and write them into the Facebook Valid OAuth redirect URIs section? I seem to miss something.

Is this not necessary for my webapp, or am I doing something wrong there? Any comment on this is really appreciated!

Edit: This post is similar to my issue, however, at that time the "Strict mode" did not exists nor does any of the solutions provided solve my issue. I have however used their suggestions and doubled checked my app id & app secret.

Isaiah
  • 1,852
  • 4
  • 23
  • 48
  • did you add your domain into `App Domains`? – Ben Dec 21 '17 at 01:39
  • @Ben good question, yes I have! Updated the post to reflect this. – Isaiah Dec 21 '17 at 12:24
  • can you update your question to include all the `Client OAuth Settings`? – Ben Dec 21 '17 at 13:06
  • @Ben yes, of course, done so. I noticed that just one query parameter to the URL leads to the "invalid redirect URL". But, facebook passes the information via the query parameter, so I am utterly confused on how this 'strict match' is supposed to work if dynamic query parameters are passed along by Facebook itself. – Isaiah Dec 21 '17 at 13:20
  • https://stackoverflow.com/questions/37063685/facebook-oauth-the-domain-of-this-url-isnt-included-in-the-apps-domain – Ben Dec 21 '17 at 15:07
  • @Ben thanks; this post is indeed really similar. However, for me, the 'strict mode' is the issue, which didn't exist/wasn't required at the time of that post. – Isaiah Dec 21 '17 at 15:20
  • Also had this issue and found the solution here https://stackoverflow.com/questions/47898499/error-on-login-using-facebook-php-sdk-with-strict-mode-enabled – Connor Linfoot Dec 21 '17 at 23:04
  • @ConnorLinfoot this indeed provided the desired solution. Voted to close off my post as a duplicate (sorry!, didn't see it myself) – Isaiah Dec 21 '17 at 23:10

0 Answers0