Android AccountKit.getCurrentAccount returns "API calls from the server require an appsecret_proof argument"

Question

I am trying the Facebook AccountKit as shown here: https://developers.facebook.com/docs/accountkit/android/integrating

I started the AccountKitAcitivity with:

AccountKitConfiguration.AccountKitConfigurationBuilder configurationBuilder =
                new AccountKitConfiguration.AccountKitConfigurationBuilder(
                        LoginType.PHONE,
                        AccountKitActivity.ResponseType.TOKEN);
intent.putExtra(
AccountKitActivity.ACCOUNT_KIT_ACTIVITY_CONFIGURATION,
configurationBuilder.build());
startActivityForResult(intent, APP_REQUEST_CODE);

After I finish the SMS login flow with "verified" at the end, when I call AccountKit.getCurrentAccount(...) in my activity, I am getting "API calls from the server require an appsecret_proof argument" error.

This can only be "solved" by turning ""App Secret Proof for Server API calls" to off. It makes my app less secure...any suggestion?

Let me know if you found a solution to this, running into the same issue right now. — JMRboosties, May 12 '16 at 21:29

score 0 · Answer 1 · answered Jun 10 '16 at 21:40

If you set "Enable client access token flow" to true, then you will only be returned a code at the end of the login flow. You'll also need to set the ResponseType.CODE. You can then exchange it for a token on your server.

If you have "Require app secret" set to true then the /me (as well as some others) can only be called from the server. getCurrentAccount essentially wraps the /me endpoint and cannot be called then.

Android AccountKit.getCurrentAccount returns "API calls from the server require an appsecret_proof argument"

1 Answers1