20

My app was working well for long time, but now I am getting the error from Facebook saying:

Content: {"error":{"message":"Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request","type":"OAuthException","code":100}}

https://www.facebook.com/dialog/oauth/?client_id=163840537126360&redirect_uri=http://mycloud.niranjan.com/facebook/callback//empty/?vTitle=Facebook&scope=email,sms,user_about_me,friends_about_me,user_activities,friends_activities,user_birthday,friends_birthday,user_education_history,friends_education_history,user_events,friends_events,user_likes,friends_likes,user_location,friends_location,user_photos,friends_photos,user_videos,friends_videos,user_relationships,friends_relationships,user_status,friends_status,user_checkins,friends_checkins,read_stream,publish_stream

Can anyone suggest a solution for this one?

Jonathan Hall
  • 75,165
  • 16
  • 143
  • 189
Niranjan Sagar
  • 819
  • 1
  • 15
  • 17
  • can you provide here your currently using `redirect_uri`? – Lian May 15 '13 at 10:30
  • https://www.facebook.com/dialog/oauth/?client_id=163840537126360&redirect_uri=http://mycloud.niranjan.com/facebook/callback//empty/?vTitle=Facebook&scope=email,sms,user_about_me,friends_about_me,user_activities,friends_activities,user_birthday,friends_birthday,user_education_history,friends_education_history,user_events,friends_events,user_likes,friends_likes,user_location,friends_location,user_photos,friends_photos,user_videos,friends_videos,user_relationships,friends_relationships,user_status,friends_status,user_checkins,friends_checkins,read_stream,publish_stream – Niranjan Sagar May 15 '13 at 11:04
  • 2
    plz make sure that what redirect_url you have set at Facebook app should be same what you sending as `redirect_uri` – Umesh Awasthi May 15 '13 at 12:06
  • I had met the same issue several times, without changing any code, and I fixed it by changing another different redirect_uri, maybe it's because Facebook's server changed some methods. – Samuel Jul 11 '13 at 09:30
  • I am facing the same issue. My app is unable to generate access token after authorization and ends up with this message "Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request" I was using urllib.urlencode(args) to build up request URL's – avimehenwal Sep 22 '13 at 20:51

8 Answers8

16

I realize this is 6 weeks late, but I figured I'll post this here since I found a fix that worked for us. Had the same issue and after trying to encode the return url (which did not work), I realized that we were building our URL like:

$url = "http://example.com/";
$redirect_script = "/cgi-bin/redirect.cgi";

$redirect_url = $url . $redirect_script;

However this resulted in a return URL that looked like http://example.com//cgi-bin/redirect.cgi -- note the "//" after example.com. When I removed the double-slashes from this URL, it worked again. OP, I see that your redirect URL has the same thing in /facebook/callback//empty?etc which I believe is what's messing it up.

mkania
  • 161
  • 2
  • 2
    My problem turned out to be "too few `/`". `redirect_uri:"http://localhost:3001"` did not work. I had to add `/` after the url. `redirect_uri:"http://localhost:3001/"` worked. I thought it wouldn't matter because google accepted the former whereas facebook did not. Well, it mattered and now its working. Thank you all. – Aakash Sep 08 '15 at 09:09
  • 1
    @Akash I confirm! I had the same problem with http://localhost and appending a / fixed my problem (http://localhost/) – Lothre1 Jun 24 '16 at 16:20
16

In my case I was using http://127.0.0.1:8000 - However FB changes that automatically to http://127.0.0.1:8000/ in the OAuth redirect to deal wihh passing query params. Changing my URL in my code to have an end slash solved the issue for me. I suspect they are storing the final useable version and comparing that to the 2nd request.

cyberwombat
  • 38,105
  • 35
  • 175
  • 251
11

Niranjan, we saw the same error message, precisely. Like you, it started happening this month, without any changes to our code.

We verified carefully that the redirect_uri was indeed exactly the same in both calls - first the authorize call, and second the access_token call.

We filed with Facebook, but they triaged it as "Low": https://developers.facebook.com/bugs/307245456075215?browse=search_51964e3320a5b5556208759

In our case, we were doing something unusual (so this might not be relevant to your case). Our redirect_uri was a URL with another URL embedded as an encoded path element. The URL-within-a-URL, doubly-encoded when passed to FB, had started causing problems with the Facebook API servers.

We resolved this by changing the encoding of the nested URL to a long hex number rather than % encoding, so all Facebook servers see is a simple redirect_uri containing some hex within the path, unaffected by normal URL encoding/decoding.

My suspicion is that Facebook changed the way they encoded/decoded their URL parameters, perhaps decoding twice.

If you're doing something like us, try this approach. If not, try an altogether different and simpler redirect_uri, to see if you can get something to work. And make sure you're correctly encoding/decoding all URL query parameters.

Steve S
  • 196
  • 1
  • 5
  • 1
    Thank you! It's exactly what happened to me. I sent redirect url with other url in parameter. Possible workaround - encode inner url as base64, it works well. – Oleh Nechytailo Jan 07 '14 at 16:47
  • 1
    I have the same situation. could you please write an example - how did you encode url in parameter. uri for login i send from js, but uri for getting access_token from code i send from server side (c#). Should i encode in bith places? – Tatyana Nov 25 '16 at 08:43
3

Had the same problem today, the problem turned out to be that the redirect_uri used a http:// URL Schema, and Facebook only accepts https://

Michael Borgwardt
  • 342,105
  • 78
  • 482
  • 720
1

It's important to note that if you use https:// however in your login URL you are using http://, then it will throw a OAuthException about a url issue.

So you must use https:// in your login URL if you are using it.

This solved my problem.

Jack Trowbridge
  • 3,175
  • 9
  • 32
  • 56
1

I've faced some strange Facebook behavior.

My site runs https and I've always got an error "Error validating verification code. Please make sure your redirect_uri is identical".

But then I've change https to http in redirect_uri and in developer panel (OAuth urls) then error disappear and authentification start to work correctly. But site still runs https...

Hope this helps someone.

Gregory Rusakov
  • 33
  • 1
  • 5
1

in my case it caused by special characters in my query string, i had base64 code that contain / and =, i tried some characters like ! @ = / ; all throw same error

only two character that look like is valid is - _ # $

P.S / at the end of the query didn't help. also it was forbidden in the middle of the query string

Mohammad Hossein Amri
  • 1,842
  • 2
  • 23
  • 43
0

Mo Hrad A is right, I didn't even manage to use $ character.

I wrote 2 simple functions that allows me to use complex return urls with parameters:

public static string EncodeFacebookReturnUrl(string url)
{
    return Regex.Replace(HttpUtility.UrlEncode(url), "%", "_-_");
}

public static string DecodeFacebookReturnUrl(string url)
{
    return HttpUtility.UrlDecode(Regex.Replace(url, "_-_", "%"));
}

Translating with UrlEncode results in only 1 "illegal" character (%), which I'm replacing with the legal string _-_. Makes it simple to decode too.

RoyBS
  • 1,241
  • 16
  • 16