Tried using Facebook SDK v5.0 but error appears

Question

Now I'm Using Facebook SDK v5.0 after pressing "login With Facebook" its automatically redirect to "callback.php" and long lived access token should be issued. but

This error appears every time.

Facebook SDK returned an error: Cross-site request forgery validation failed. Required param "state" missing.

if you have any solutions to solve this error please tell me.

here is my code:callback.php

<html>
<meta charset="UTF-8" content="text/html">
<?php

session_start();
require_once __DIR__ . '/facebook-php-sdk-v4-5.0-dev/src/Facebook/autoload.php';

$fb = new Facebook\Facebook([
  'app_id' => '3xxxxxxxxxxxxxxxxxx7',
  'app_secret' => '0xxxxxxxxxxxxxxxxxxxx7',
  'default_graph_version' => 'v2.4',
  ]);

$helper = $fb->getRedirectLoginHelper();

try {
  $accessToken = $helper->getAccessToken();
} catch(Facebook\Exceptions\FacebookResponseException $e) {
  // When Graph returns an error
  echo 'Graph returned an error: ' . $e->getMessage();
  exit;

} catch(Facebook\Exceptions\FacebookSDKException $e) {
  // When validation fails or other local issues
  echo 'Facebook SDK returned an error: ' . $e->getMessage();
  exit;
}

if (! isset($accessToken)) {
  if ($helper->getError()) {
    header('HTTP/1.0 401 Unauthorized');
    echo "Error: " . $helper->getError() . "\n";
    echo "Error Code: " . $helper->getErrorCode() . "\n";
    echo "Error Reason: " . $helper->getErrorReason() . "\n";
    echo "Error Description: " . $helper->getErrorDescription() . "\n";
  } else {
    header('HTTP/1.0 400 Bad Request');
    echo 'Bad request';
  }
  exit;
}

// Logged in
echo '<h3>Access Token</h3>';
var_dump($accessToken->getValue());

// The OAuth 2.0 client handler helps us manage access tokens
$oAuth2Client = $fb->getOAuth2Client();

// Get the access token metadata from /debug_token
$tokenMetadata = $oAuth2Client->debugToken($accessToken);
echo '<h3>Metadata</h3>';
var_dump($tokenMetadata);

// Validation (these will throw FacebookSDKException's when they fail)
$tokenMetadata->validateAppId($config['app_id']);
// If you know the user ID this access token belongs to, you can validate it here
//$tokenMetadata->validateUserId('123');
$tokenMetadata->validateExpiration();

if (! $accessToken->isLongLived()) {
  // Exchanges a short-lived access token for a long-lived one
  try {
    $accessToken = $oAuth2Client->getLongLivedAccessToken($accessToken);
  } catch (Facebook\Exceptions\FacebookSDKException $e) {
    echo "<p>Error getting long-lived access token: " . $helper->getMessage() . "</p>\n\n";
    exit;
  }

  echo '<h3>Long-lived</h3>';
  var_dump($accessToken->getValue());
}

$_SESSION['fb_access_token'] = (string) $accessToken;

// User is logged in with a long-lived access token.
// You can redirect them to a members-only page.
//header('Location: https://example.com/members.php');
?>
</html>

just in case, I'm posting this too. :login.php

<html>
<meta charset="UTF-8" content="text/html">
<?php

session_start();
require_once __DIR__ . '/facebook-php-sdk-v4-5.0-dev/src/Facebook/autoload.php';


$fb = new Facebook\Facebook([
  'app_id' => '3xxxxxxxxxxxxxxxxx7',
  'app_secret' => '0xxxxxxxxxxxxxxxxxxx7',
  'default_graph_version' => 'v2.4',
  ]);
$helper = $fb->getRedirectLoginHelper();

$permissions = ['email']; // Optional permissions
$loginUrl = $helper->getLoginUrl('http://127.0.0.1:8887/fb/fb-callback.php', $permissions);

echo '<a href="' . $loginUrl . '">Log in with Facebook!</a>';

?>

</html>

Enable proper PHP error reporting! Calling `session_start` after output has already been made should result in an error (unless output buffering is active.) — CBroe, Jul 22 '15 at 15:18
session_start(); require_once __DIR__ . '/facebook-php-sdk-v4-5.0-dev/src/Facebook/autoload.php'; you mean this code right?? what should rewrite to? — Ryohsuke Chino, Jul 23 '15 at 05:47

Brian · Answer 1 · 2015-07-22T09:28:27.643

0

I didnt get `Cross Site request forgery...' error with this code, just got another basic errors which did not stop script running.

Here is the few changes I've made to fix basic errors:

1. Instead of "http://127.0.0.1:8887..." I have used "http://localhost...".   (I'm running XAMPP server this might caused error on this one.)

2. Instead of $config['app_id'] I have used my app id value directly. Like this:

 $app_id = '4xxxxxxxxxxx2';

 $tokenMetadata->validateAppId($app_id);

As i said those errors didnt stop script running, so you should check your facebook app panel settings and getting started section.

edited Jul 22 '15 at 09:28

answered Jul 22 '15 at 08:02

Brian

1
2

Thanks for answering. about "2" what do you mean app id value directly?　which are you pointing? – Ryohsuke Chino Jul 22 '15 at 08:29
The appid value you've got from facebook developer website. In your case, this one: '3xxxxxxxxxxxxxxxxxx7' – Brian Jul 22 '15 at 08:57
did you code it like this? $tokenMetadata->validateAppId($config['3xxxxxxxxxxxx7']); – Ryohsuke Chino Jul 22 '15 at 09:08
it doesnt seems to appear after AccessToken and Metadata...long lived not shown up – Ryohsuke Chino Jul 22 '15 at 09:20
Yeah long lived dont shown up on my pc either, forgot to check that one before, sorry. – Brian Jul 22 '15 at 09:32
I'm gonna post a solution here when i figure this error out. – Ryohsuke Chino Jul 22 '15 at 09:38
deleted "$config[ ]" so I code it like "validateAppId('app_id');" error is gone but still , AccessTokenMetadata.php's error is alive – Ryohsuke Chino Jul 22 '15 at 10:05

score 0 · Answer 2 · edited May 23 '17 at 11:44

0

Already asked here: Facebook SDK returned an error: Cross-site request forgery validation failed. The "state" param from the URL and session do not match, you need to make sure the native PHP session feature is properly set, you can check it by adding this code : die($_SESSION['FBRLH_' . 'state']);

edited May 23 '17 at 11:44

Community

1
1

answered Jan 22 '16 at 08:05

Chao Chen

51
1

Tried using Facebook SDK v5.0 but error appears

2 Answers2