Need Help on OAuthException Code 2500

Question

I am trying to develop an Facebook application (apps.facebook.com/some_app) using PHP where I need to present some information based on user's music interests. I found that its under "user_likes > games".

My problems are as follows:

To gain access, I have implemented the oauth dialog method as suggested in API in my index page.

$auth_url = "http://www.facebook.com/dialog/oauth?client_id="
            . $app_id . "&redirect_uri=" 
            . urlencode($canvas_page)
            ."&scope=user_likes";

After successful authorization I come back to index page with "code" as parameters.

http://MY_CANVAS_PAGE/?code=some base64 encoded letters

Firstly I don't know if I need access_token just to read user's music interests but I have tried all the methods suggested. I couldn't move forward from this point
I have a code like this (in my index page), which redirects for authorization if code parameters is not set.

if(empty($code) && !isset($_REQUEST['error'])) {
  $_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
  echo("<script> top.location.href='" . $auth_url . "'</script>");
}

Currently I am just trying to get user's public information here but with no success. I have tried the signed_request method as suggested but no success

$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
echo ("Welcome User: " . $data["user_id"]);

Also tried the code found in http://developers.facebook.com/blog/post/500/

but I am getting error when trying to get the debug info using

print_r($decoded_response);

stdClass Object ( [error] => stdClass Object ( [message] => An active 
access token must be used to query information about the current user. 
[type] => OAuthException [code] => 2500 ) )

To get user's public info, I have tried also the suggested example in PHP SDK

$facebook = new Facebook(array(
'appId'  => MY_APP_ID, //registered facebook APP ID
'secret' => MY_SECRET, //secret key for APP
));

$fb_user = $facebook->getUser();

if($fb_user){
    try {
      $user_profile = $facebook->api('/me');
      echo $user_profile['email'];
    }
    catch(FacebookApiException $e) {
      $fb_user = null;
    }
}

But no success. Can somebody explain me why I am getting this error and how to access the user's music interest properly. Probably I misunderstood the API.

Thanks

Deepak

Did you find a solution? I get this error even on https://graph.facebook.com/me url. Shouldn't it return me my facebook informations? — aiternal, Jun 17 '12 at 20:31

Igy · Answer 1 · 2013-02-11T05:13:33.997

Error 2500 means you have no access token or an app access token but are trying to access /me/ - 'me' is a placeholder for 'current user or page ID' so won't be valid without an access token for a user or page.

To access the user's list of likes you'll also need the user_likes Permission when authorising them

The most likely causes i've seen for apps not being able to exchange the code for an access token are:

The redirect_uri you used is to a folder or server root and is missing a trailing slash (i.e it's http://www.example.com instead of http://www.example.com/)
The redirect_uri you used in the first call to the auth dialog wasn't precisely the same as the redirect_uri you used in the call to exchagne the code for an access_token

If your auth flow is broken for some other reason and you can't figure it out from the SDK examples or the Authentication documentation, this could take a while for someone to talk you through because you may be missing some background knowledge necessary to understand their answers

score 1 · Answer 2 · edited May 23 '17 at 11:47

For me, I was trying to get an auth token with php and found out that the 2500 error was due to an issue with file_get_contents not returning anything. I could access the URL in my browser, but not by using file_get_contents. I fixed it by using CURL instead as described here: https://stackoverflow.com/a/6325313.

The result was that I used the code from https://developers.facebook.com/docs/authentication/server-side/ and replaced the line:

$response = file_get_contents($token_url);

with

$ch = curl_init($token_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);

It therefore became:

   $token_url = "https://graph.facebook.com/oauth/access_token?client_id="
        . $app_id . "&redirect_uri=" . urlencode($redirect_url)
        . "&client_secret=" . $app_secret
        . "&code=" . $code;

    /* Facebook say to use this, but file_get_contents isn't working!
    $response = file_get_contents($token_url,null, $val);
    */

    // Use this as an alternative
    $ch = curl_init($token_url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    $response = curl_exec($ch);

    // From https://developers.facebook.com/docs/authentication/server-side/
    $params = null;
    parse_str($response, $params);
    $access_token = $params['access_token'];

aiternal · Answer 3 · 2012-06-18T16:36:00.887

0

I have solved my problem thanks to https://developers.facebook.com/blog/post/534/

I just copied the sample and pasted into my script. It fully fits. It is kind of hybrid usage of PHP and Javascript.

edited Jun 18 '12 at 16:36

answered Jun 18 '12 at 15:16

aiternal

1,080
3
16
33

What $me variable? there isn't such a variable in the example you listed or in the code – Igy Jun 18 '12 at 15:20
I have coded my project about 2 years ago and those times facebook was using `$me` variable instead of current `$user_id` at `$user_id = $facebook->getUser();` So the `$me` is that `$me`. But you are right, there is no `$me` on page. Sorry, I have deleted it. – aiternal Jun 18 '12 at 16:34

Pooya Estakhri · Answer 4 · 2012-02-20T06:32:00.960

0

try This code

$code = $_REQUEST["code"];
  if(empty($code)) {
    $dialog_url = "http://www.facebook.com/dialog/oauth?client_id=" 
    . $app_id . "&redirect_uri=" . urlencode($my_url) ;
    echo("<script>top.location.href='" . $dialog_url . "'</script>");
  }

  $token_url = "https://graph.facebook.com/oauth/access_token?client_id="
    . $app_id . "&redirect_uri=" . urlencode($my_url) 
    . "&client_secret=" . $app_secret 
    . "&code=" . $code;
    $response = file_get_contents($token_url);
    $params = null;
    parse_str($response, $params);
    $access_token = $params['access_token'];

PS:user email address is not a public info & you need user_email permission for it

edited Feb 20 '12 at 06:32

answered Feb 20 '12 at 06:25

Pooya Estakhri

1,129
1
11
25

But i strongly recommend you to use PHP-sdk. – Pooya Estakhri Feb 20 '12 at 06:28
that is pretty much same code in the Facebook blog link I have posted above http://developers.facebook.com/blog/post/500/. I have tried that already. With above code, if I try to echo $access_token, nothing gets printed. Simply blank. – Deepak Shrestha Feb 20 '12 at 13:50
For debugging purpose I have tried to echo $response or print_r($response) but got nothing. Don't know why I am getting null/blank response. I think the things went wrong from there. Thanks – Deepak Shrestha Feb 20 '12 at 14:23
can you get access token your self with your browser ? i mean by visiting this url https://graph.facebook.com/ oauth/access_token?client_id="APPID&redirect_uri=ENCODED URL OF YOU APP LIKE http%3A%2F%2FAPPS.FACEBOOK.COM%2FXXX%2F&client_secret=APP SECRET&code=THE CODE YOU CAN GET IT FROM APP – Pooya Estakhri Feb 20 '12 at 16:32

Need Help on OAuthException Code 2500

4 Answers4

Linked