Facebook OAuth2 - "Sorry, something went wrong" - crash

Our web app allows users to log in via Facebook. Technically, we are using Facebook OAuth2. We have implemented this login process two years ago. It worked fine until 13th November 2015 but since that day it does not. When our server sends the request
https://graph.facebook.com/oauth/access_token
with appropriate parameters (client_id, redirect_uri, client_secret, code), the response from Facebook has HTTP status 400. The response body is a HTML page saying "Sorry, something went wrong".
On 13th November, there was some problem on Facebook probably.
I have found the following message:
http://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-down-site-breaks-for-many-people-though-not-for-everyone-a6732906.html
However, our server still gets this error response after a week. We have an instance of the system deployed in the production environment and one more instance in the test environment (with different Facebook account, i.e. with different client_id and client_secret). Currently, Facebook login works fine in the test environment. I am not sure if it worked on 13th November.
Do you have any experience with recovery from such problem? Why does Facebook login work in test environment and does not work in the production environment in the same app? Why did the production instance break on a particular day and is still broken a week later?
Thanks for any help.

I had the same issue. I believe that the issue stems from passing in invalid scope in your authentication requests. Try removing the scopes in your authentication request to see if that works.

One more corner case I found in 2022:
In the App Dashboard, if you choose Facebook login for Business, same error happens. It will go away as soon as you select Facebook Login one.

Finally, the issue was resolved by restarting the servlet container (Tomcat 7). However, I have no idea why.

All of this is using exclusively the login button. Not the API serverside and not FB.login(). It would work for me sometimes and sometimes not and I couldn't figure out why. I would open a new window and it may work, or may not - but it seemed like once broken it was broken.
There appears to be an issue when using the Chrome 'Device simulator'.
Looking at the SDK Javascript (that's to say the SDK that the Facebook Login button uses) it checks to see if the device is a 'touch' device and if so it will use the m.facebook.com domain when requesting the oauth token.
This domain fails m.facebook.com:
However if the mobile device mode isn't activated when the page loads then it uses www.facebook.com and succeeds:
So for me the current workaround is:
Assuming you are developing with the console active.
When you need to reload your page press Ctrl + Shift + M to deactivate the mobile device mode.
Refresh the page
Once the button has initialized press Ctrl + Shift + M to reactivate it again.
If you see m.facebook.com then you didn't do it fast enough, or maybe you're using something like Angular with hot reload and you need to manually refresh.

Related

Authentication returns 400 and "something went wrong" but works in incognito mode

I've been developing authentication flow on php lib: googleapis/google-api-php-client v2.9.1. Everything was working fine, but after some time while trying to authenticate the google started displaying "Something went wrong" message with 500 in console and after pressing next button "The server cannot process the request because it is malformed. It should not be retried. That’s all we know." with 400 code. But everything works fine if I use incognito mode.
The similar issue is described here and it only occurs on chrome and when user is logged in into several google accounts, works fine if you delete accounts.google.com domain cookies or use Incognito mode.
Is there a way to solve it ?
So to answer my own question the solution was quite simple - after you apply for verification and Google verifies your app this issue disappears without any additional efforts.
I assume that main issue is that if you have multiple google accounts connected to your chrome and you add only some of them to an app as a tester or etc. Google can't handle not connected accounts for security measures and returns an error. Of course the error itself could be handled little bit better.
I hope this answer saves some time for everyone else who is struggling with this issue.

Instagram API Register New Client Not Showing Captcha

So I'm trying to register a new client on the instagram API. I have a business account and have done the proper steps prior to this. Everytime I fill out the "Register New Client ID" form and submit it, I get an error "The captcha solution was not correct. Please try again." But no there is no captcha for me to fill out!! Looking at the console errors it says the CSP page setting's are blocking this source https://www.google.com/recaptcha/api.js. I'm gonna take a wild guess and say that has the captcha I need that's not appearing..lol.
Anyway, I've disabled all my content blocking settings and JS is enabled on firefox (oh I'm using firefox developer edition btw) and no change. I've also tried this in chrome and safari, no change. I don't have this issue with other sites that use captchas.
Anyone have any idea what's going on?
'preciate it!
Had the same issue here on Google Chrome. Used IE11 (version 11.345.17134.0 to be exact), and captcha displayed instantly. I've successfully registered a new client
I suggest to wait until Instagram team realizes to upgrade their whatever scripts & parameters.
I found myself in the same scenario:
I'm logged on Instagram
I land to instagram.com/developer/clients/register/ over Google Chrome 70.0.3538.102 (no extensions)
No captcha. And I get the following from the console:
ps: I tried figuring out how to submit this specific report, but after several searches I find myself loosing too much time... to make them aware.

Facebook Login takes me to Help Page

I have had the facebook connect set up for over a few months and have done a lot of testing on it and everything seems to be working correctly. Suddenly when I try to login using the php facebook sdk I get redirected to the following page https://www.facebook.com/help/258359927634494
It seems to let me login on occasion, but it usually redirects to this page. I assume my app was reported however we only have a few test users at this time as we are in beta and I stopped my app from asking for repeatedly for post permissions a while back as soon as I was aware it was doing that. What can I do to clear up the report?
This message appears when an app loads the login dialog many times in a short duration. Make sure you are only loading the dialog once per user. Until this redirect behavior is tweaked to be me more lenient, try waiting ~30 seconds between tests.

iOS App and persistent login (Apparently an phone-specific AND app-specific issue)

I'm having a really strange problem. I've written an iOS/Rails app in which users have accounts, and need to log in to perform all kinds of actions within the app.
When the app launches, the app detects whether the user's username and password have been stored. If not, it prompts for login credentials. Anyway, logging in seems to be working perfectly, and the server sends back the appropriate response.
However, when I try to do anything else in the app that requires being logged in, I get an error from the server saying I don't have the login credentials. I didn't think I had to do anything special with the cookies (i.e. I thought they were stored automatically), but maybe I'm wrong?
If some code samples would help, let me know what snippets you'd like to see and I'll post them, but I feel like this is more of a conceptual misunderstanding on my part than anything else.
Any help is much appreciated!
EDIT: I tested the app on my friend's phone, and it works fine. It's only my phone which is having trouble with the app. I looked for any settings involving cookies, but because all the apps are sandboxed, changing settings with cookies in Safari, for example, won't help. I'm pulling my hair out with this issue. I've restarted my phone, deleted and reinstalled the app, and tried changing some of the code, without any success. The Facebook app works as expected, so I assume cookies are being stored in Facebook's sandbox. Only my app seems to be having this problem, but it was working yesterday. Any suggestions?
After you login you need to store the cookie which is returned. It will then be sent with every request afterwards.
Take alook at theses q's:
Objective-C Asynchronous Web Request with Cookies
Managing HTTP Cookies on iPhone
iPhone NSData/NSUrl with cookie

Facebook Login Button Behaving Strangely

I am developing an application which on login page also supports facebook login with
<fb:login-button>.
I have set up two Apps on facebook:
one for localhost (Web site url http://localhost/, no App Domain)
one for testing server (Web site url http://dev.domain.com/, no App
Domain)
When I am developing on my own computer click on login button operates as expected and I am logged into my application.
When I put my application to the server (change appid and secret to use 2nd App) and click login button the facebook login dialog opens and when I enter email and password it closes but my applciation does not log me in.
Whats more if I check on server I see that process which is handling this web request is constantly increasing memory size (3MB per second) and its taking 50% or more CPU time. If this process is not stopped soon the server becomes unresponsive becouse memory used by it is maximum possible and CPU time is 100%.
This happens as soon as facebook login dialog closes.
In my application I am using library facebook C# SDK from codeplex.
If anyone has any information on what I might be doing wrong O would greatly appreciate the answer.
Found the problem...it was not about facebook but .Net Framework. It appears that some versions of framework support parameter passing from dynamic objects and others don't.
So when i changed code from
dynamic fbuser = GetUserData();
DoSomethingWithID(fbuser.id);
to
dynamic fbuser = GetUserData();
object fbid = fbuser.id;
DoSomethingWithID(fbid);
it started to work...dont really understand why sometimes even on the server it would work (after remote debugging it always worked until dll's were replaced but ...dont really care :) )
Thanks for all replies.
Sounds like an infinite redirect loop.
Check to see what your browser is doing using Firefox's Firebug or a built-in developer tool for Chrome, IE or Safari. I think there might be a setting wrong in your app settings, and by looking at the traffic it might help lead us to the culprit.