Home/ Questions/Q 7041661
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T02:04:23+00:00

As stated in the Facebook Oauth Documentation , in order to use the Client

  • 0

As stated in the Facebook Oauth Documentation, in order to use the Client Side Flow with a Desktop App, the special return_uri https://www.facebook.com/connect/login_success.html is required.

Opening a new tab from Chrome to the url

https://www.facebook.com/dialog/oauth?client_id=MYAPPID&redirect_uri=https://www.facebook.com/connect/login_success.html&response_type=token

works as expected, I am redirected to the login_success page with an access_token parameter containing the token. I can request data from the Graph API using simple GET requests (e.g., with jQuery):

$.getJSON("https://graph.facebook.com/me", {access_token : token}, function (d) 
   {
     .. process returned data
    });

My question is, can I continue to use the Javascript SDK without using the SDK’s internal authorization methods.

FB.getLoginStatus returns an error that my Connect/Canvas URI isn’t correct. How am I supposed to check the token status without that method [apart from a manual GET and response matching]?

FB.login obviously fails with the following error:

API Error Code: 191

API Error Description: The specified URL is not owned by the application

Error Message: Invalid redirect_uri

(url does not match domain url in the app’s config), as there seems to be no way to internally specify the return_uri above.

Is there a way to still rely on the Javascript SDK (especially events) while accessing a token externally? Am I supposed to override the access token?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Yes, you can use it for the normal events (i.e. someone clicked a like button) like so:

    <div id="fb-root"></div>
<script type="text/javascript" src="http://connect.facebook.net/en_US/all.js#xfbml=1" id="facebook-jssdk"></script>
<script type="text/javascript">
    FB.Event.subscribe('edge.create',
        function(response) {
            console.log(response);
        }
    );
</script>

    Unfortunately for regular API calls you can’t use the Facebook JS SDK from within your extensions. You’ll have to roll your own API wrapper for that.

    An easy way to see if the access token is valid, is to make a graph API call to /me?fields=id with the access token you have saved. That will be fast and you can use the response to see if the access token is still valid. Best practice for extensions is to request the permission offline_access.

    Also, I would recommend having the redirect URI be on a domain you own. That way if other extensions are doing the same, your scripts won’t interfere. Accessing the token will be the same.

    • 0