0

I have an issue related to access_token which I've received from a React Native app. The React Native app uses the expo-facebook library and when the pop-up of authentication disappears the token is created and sent to the backend API. The token is created by logInWithReadPermissionsAsync method.

const { type, token, expirationDate, permissions, declinedPermissions, graphDomain } =
            await Facebook.logInWithReadPermissionsAsync({
              permissions: ["public_profile", "email"],
            });

I see that the server received this token on http://localhost:8000/api/rest-auth/facebook/ endpoint and sends it to the Facebook endpoint verify. The problem occurs on the response from Facebook. I expect that it should be valid by Facebook, but it seems that something went wrong.

HTTP 400 Bad Request
Allow: POST, OPTIONS
Content-Type: application/json
Vary: Accept

    {
        "non_field_errors": [
            "Incorrect value."
        ],
        "code": 400,
        "message": "Bad Request"
    }

An access token that I generate in Graph API Explorer is shorter (when I use it, it works in the backend app) than the token which is generated in the React Native expo app. Why are these two tokens different? And why doesn't it work as I am expecting?

Rafał
  • 685
  • 6
  • 13

1 Answers1

0

I discovered where the issue was. I knew that the issue is was in the token, a good direction was a response from Facebook.

{"error":{"message":"Invalid appsecret_proof provided in the API argument","type":"GraphMethodException","code":100}}.

After that, I realized that probably something is wrong with React Native Expo. Expo-facebook doesn't react when you even pass the app id, it used the wrong APP ID which was defined in the expo environment(APP_ID=1696089354000816). App-id was set in settings and also in the

await Facebook.initializeAsync({
      appId: '<APP_ID>',
    });".

So the main issue was that I relied on an access_token that didn't belong to my app.

Rafał
  • 685
  • 6
  • 13