Home/ Questions/Q 7827887
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T10:04:48+00:00

I have a Facebook application where I authorize the user using the PHP SDK.

  • 0

I have a Facebook application where I authorize the user using the PHP SDK. It works most of the time, but sometime it doesn’t and I don’t understand why.

I’m using the code below. First I check if I have a user and if I have a valid token (by requesting “/me”). If so, I exit and show the application. If not, I generate a link with getLoginUrl() and I display that.

When it doesn’t work, the script keeps showing this link. There’s no error message, no information why it’s not working.

I tried printing the $_GET variable and I see that Facebook is appending two query parameters to my URL: “state” and “code”. Does anybody know what they are?

Also any idea why the script below is not working? Is there something I could check to make sure it always works?

$fb_ = new Facebook(array(
    'appId'  => 'appid',
    'secret' => 'secret',
)); 

$userId = $fb_->getUser();
$errorMessage = null;

if ($userId) {
    try {
        $user_ = $fb_->api('/me');
        if (isset($user_['error_code'])) {
            $errorMessage = isset($user_['error_msg']) ? self::$user_['error_msg'] : 'An unknown error occurred';
            $errorMessage .= ' (' . $user_['error_code'] . ')';
            $user_ = null;
        }
    } catch (FacebookApiException $e) {
        $errorMessage = $e->getMessage();
        $user_ = null;
    }
}

if ($user_) return;

$loginUrl = $fb_->getLoginUrl(array(
    'scope' => 'publish_stream,publish_actions'
));

echo '<!doctype html>';
echo '<html xmlns:fb="http://www.facebook.com/2008/fbml">';
echo '<head>';
echo '<title>' . t('Login to Facebook application') . '</title>';
echo '</head>';
echo '<body>';
if ($errorMessage) echo t('Error: %1', $errorMessage) . '<br/>';
echo t('Please login with Facebook first: %1', '<a href="' . $loginUrl . '">' . t('Login with Facebook') . '</a>');
echo '</body>';
echo '</html>';
die();

Edit:

As requested, here is the oauth request:

Request URL:https://www.facebook.com/dialog/oauth?client_id=142896759165492&redirect_uri=http%3A%2F%2Fmxcclient.emarkethink.net%2Flogin&state=ebe253fa859a96e76332935901c32c&scope=publish_stream%2Cpublish_actions
Request Method:GET
Status Code:302 Found

And the response I get from Facebook:

Cache-Control:private, no-cache, no-store, must-revalidate
Content-Length:0
Content-Type:text/html; charset=utf-8
Date:Tue, 17 Apr 2012 07:47:38 GMT
Expires:Sat, 01 Jan 2000 00:00:00 GMT
Location:http://mxcclient.emarkethink.net/login?state=ebe2785a859a96e76332935901c32c&code=AQAN-0ZXg_apegtybid642HOXbU2n5MNl8fYWcPGXiCoFyG7ogJpr53aKBaQKNKz-2wTtPQLpbJd8jAA1fkyw4Kw40Ssylc0b3kFrhnexGJgID8JX-pJEQvKC6wLYL93lQzrA6qFRnS2R6pd0dq-xGLy3YQ-6INC0vQyN_Qhi00M3oAo95b2IeBg4_11E#_=_
P3P:CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma:no-cache
Set-Cookie:locale=en_US; expires=Tue, 24-Apr-2012 07:47:38 GMT; path=/; domain=.facebook.com
X-Cnection:close
X-Content-Type-Options:nosniff
X-FB-Debug:Wnqw6loUBt4vRR21t7Btve/FPWWrfeoXDxhgiHA=
X-XSS-Protection:0
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Ok finally found out what the issue was:

    • It didn’t work on Internet Explorer because the application runs in an iframe and no P3 policy was set.

    • It didn’t work on Google Chrome because third-party cookies were blocked (an application running in an iframe is considered “third-party”).

    So in both those cases the login was successful but the authorization token could not be saved, which means the following requests failed.

    • 0