Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
304 views
in Technique[技术] by (71.8m points)

php - facebook error 'Error validating verification code'

very strange error. i use gide http://developers.facebook.com/docs/authentication/. so i create request to fb and pass redirect_uri. i use test site on localhost. so if i pass

redirect_uri=http://localhost/test_blog/index.php

it works fine, but if i pass

redirect_uri=http://localhost/test_blog/index.php?r=site/oauth2

it don't want work. i try to use

redirect_uri= . urlencode('http://localhost/test_blog/index.php?r=site/oauth2)

but not work. i try to explaine. i success get code, but when i access https://graph.facebook.com/me?access_token i get error 'Error validating verification code'. i checked evering, error is in ?r=site/oauth2 but i need passing some params can somebody help me? i read post http://forum.developers.facebook.net/viewtopic.php?id=70855 but nothing work for me

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

There are presently (as of March 2011) undocumented requirements regarding what makes a valid redirect_uri.

First, both redirect_uri paramaters to authorize and access_token must match.

Apparently Facebook (or rather OAuth2) is using the redirect_uri as a internal key to encode the code returned for the access_token request. It's kinda clever since it verifies back to your site. It explains why the access_token request which wouldn't otherwise need a redirect_uri parameter requires one.

Second, you cannot use many special characters in the redirect_uri.

A lot of discussion rages whether parameters can be passed at all. They can, you're limited which characters are valid but no one has published a list that I know. Traditional methods like url/html encoding will fail because percent(%) is not valid. Slash (/) is not valid either so a nested redirection url will always fail. The ONLY way to overcome the special char limitation is to encode the value of the parameter to base64. If you're using ASP.NET, look up Convert.ToBase64.

Lastly, and this is more of a side-note. There are a lot of programmers passing along misinformation that a simple solution is to pass type=client_cred. This may limit your access to some of the permissions you requested in your authorization. It is inadvisable.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...