I am using Facebook C# SDK version 6.0.20 to authenticate the user.
It worked fine for me and I was able to get the user’s first and last names. But when I tried at a later time, I am getting the access token, but fbClient.Get(“me”) is failing with the following error:
(OAuthException – #190) Error validating access token: Session does not match current stored session. This may be because the user changed the password since the time the session was created or Facebook has changed the session for security reasons.
Please help.
I run the following code when user is redirected back from the auth dialog:
protected void Page_Load(object sender, EventArgs e)
{
if (Request.Params["code"] != null)
{
Facebook.FacebookClient fbClient = new Facebook.FacebookClient(GetAccessToken());
dynamic me = fbClient.Get("me");
string firstName = me.first_name;
string lastName = me.last_name;
string email = me.email;
string userID = me.id;
string gender = me.gender;
string dob = me.birthday;
string locale = me.locale;
string mStatus = me.relationship_status;
}
}
private string GetAccessToken()
{
if (HttpRuntime.Cache["access_token"] == null)
{
Dictionary<string, string> args = GetOauthTokens(Request.Params["code"]);
HttpRuntime.Cache.Insert("access_token", args["access_token"], null, DateTime.Now.AddMinutes(Convert.ToDouble(args["expires"])), TimeSpan.Zero);
}
return HttpRuntime.Cache["access_token"].ToString();
}
private Dictionary<string, string> GetOauthTokens(string code)
{
Dictionary<string, string> tokens = new Dictionary<string, string>();
string clientId = "xxxxxxxxxxxxxxxxxx";
string redirectUrl = "http://localhost:51215/TestFBWebSite/FacebookRedirect.aspx";
string clientSecret = "xxxxxxxxxxxxxxxxxxxxxx";
string url = string.Format("https://graph.facebook.com/oauth/access_token? client_id={0}&redirect_uri={1}&client_secret={2}&code={3}",
clientId, redirectUrl, clientSecret, code);
HttpWebRequest request = WebRequest.Create(url) as HttpWebRequest;
using (HttpWebResponse response = request.GetResponse() as HttpWebResponse)
{
StreamReader reader = new StreamReader(response.GetResponseStream());
string retVal = reader.ReadToEnd();
foreach (string token in retVal.Split('&'))
{
tokens.Add(token.Substring(0, token.IndexOf("=")),
token.Substring(token.IndexOf("=") + 1, token.Length - token.IndexOf("=") - 1));
}
}
return tokens;
}
fbClient.Get(“me”) does work (without a preceding “/”), that’s what we are using and it works correctly.
I noticed this part – I had found that the integration does not work when using localhost (or 127.0.0.1), we resolved this by setting up a host record for “test.mydomain.com” to point to 127.0.0.1
We are encountering the #190 error as well very occasionally in our live environment. It is strange, as the location that is generating the error should only ever be triggered once Facebook has just authenticated the user, so the auth token should not have expired already!
We are coding to handle this error (ie. don’t authenticate the user onto our system), however so far the two possibilities that I can think of as causes of the problem are:
I think it’s probably option 1, however I’ve not found enough information to back it up yet