I'm trying to make a Facebook page tab where people can vote for their favorite video or music track from a bunch of embedded files. I need to get a unique ID from each user to make sure that they can only vote once. The signed_request only contains the user's id if they have authorized my app.
I have tried to have users authorize my app using the FB.login() javascript api, but I get the error:
An error occurred with Remix // Rework Vote. Please try later
API Error Code: 191
API Error Description: The specified URL is not owned by the application
Error Message: Invalid redirect_uri: Given URL is not permitted by the application configuration.
As far as I know, I have not set any redirect URL. Do I need to set this somewhere, or is this the not right approach to get a user to authenticate my page tab?
You must specify both "Site URL" (or "Mobile Web URL") and "App Domain" to use OAuth flow...
See where to fill the details on https://developers.facebook.com/docs/authentication/#redirect-uris
So I managed to get this to work by ticking "App on Facebook" in the app settings, and setting the Canvas URL and Secure Canvas URLs to be the same as the Page Tab URL equivalents.
This worked even though this isn't a full app, it's only a page tab, and it won't function as an app unless it's in a container page.
I'm guessing this is a bug in Facebook - the UI implies that you can have a page tab only app. The documentation doesn't say you can't, and I can't think of a good technical reason for it not to condsider a page tab URL as a valid URL.
Thanks to #julio-santos for pointing me at Facebook - Error Message: redirect_uri is not owned by the application, which seems to be the same problem in a slightly different context.
Related
First, I'd like to mention that problems like this had been discussed before in the topics like:
How to authenticate user with just a Google account on Actions on Google?
But I could not find any information at all related to ways of linking Google Assistant app with my own web server.
Problem:
GET https://oauth-redirect.googleusercontent.com/r/my-google-assistant-app#access_token=ACCESS_TOKEN&token_type=bearer&state=STATE always returns "Account field to link" error
A Way to Reproduce:
I created a new project in Actions on Google Console
I built an application using Dialogflow
I created a Heroku Web Server as my webhook (ex: webhook.herokuapp.com)
So everything worked just fine. I've successfully connected my Google Assistant app with my webhook.
But then I decided to send requests to my another one Heroku Web Server (ex: webserver.herokuapp.com) which needs a user to be logged in. So I decided to implement account linking of my Google Assistant app with webserver.herokuapp.com
I implemented Google-OAuth2 authorization at webserver.herokuapp.com. Also I want to mention that I used Client ID and Client Secret of my Google Assistant App
So, Google Authorization worked perfectly at my webserver.herokuapp.com
Then I enabled account linking settings for my Google Assistant app with Implicit Flow
So, that's it!
Epilogue
I open Google Assistant, tell it "Talk to my test app", then it greets me and offers me to link accounts. I say "yes".
Then I see how Google Assistant requests my login URL at webserver.herokuapp.com. Then I enter my Google email and password. As a result I logged in at my webserver! Then my webserver makes a redirection to:
https://oauth-redirect.googleusercontent.com/r/my-google-assistant-app#access_token=ACCESS_TOKEN&token_type=bearer&state=STATE
And I get the error I've described at the top of my post.
Any help would be appreciated
UPDATE with parameter information
These are my constants:
Google Assistant Project_ID = nodejs-sdk-local-test
Google Assistant Client_ID = 1067979601708-ldr3ga115es3fdo823slfnj46gjoes66.apps.googleusercontent.com
state = manually_set_state_value
The flow is I open my Google Assistant and say "Ok Google, talk to my test app", it answers my request and then I say something like "do some action which need authorization". Google Assistant app offers me to link an account and I say "Yes".
This is where Google Assistant app makes a call to my https://webserver.herokuapp.com/google-oauth2 endpoint. A purpose of this endpoint is to redirect me to the Google Login Page.
Now I'm being redirected to the Google Login Page (everything seems to be correct. client_id and state parameters are similar to the constants). This is the example of an URL where I am being redirected to: https://accounts.google.com/o/oauth2/auth?client_id=1067979601708-ldr3ga115es3fdo823slfnj46gjoes66.apps.googleusercontent.com&redirect_uri=http://webserver.herokuapp.com/complete/google-oauth2/&state=manually_set_state_value&response_type=code&scope=openid+email+profile
At the Google Login Page I enter my credentials and then I'm being redirected to the redirect_uri=http://webserver.herokuapp.com/complete/google-oauth2 endpoint. A purpose of this endpoint is to register or login me at webserver.herokuapp.com and then redirect me to another Google URL. An example of the Google URL: https://oauth-redirect.googleusercontent.com/r/nodejs-sdk-local-test#access_token=<token_omitted>&token_type=bearer&state=manually_set_state_value
So it seems that everything is correct. I logged in to my webserver.herokuapp.com, got an access token. Also project_id and state parameter in the last Google URL are similar to constants. Anyway, this Google URL returns me an error "Accounts failed to link"!
The most common cause of this is that you're not passing back the same value for state that was sent to you when Google redirected to your site. Make sure this is the same value and, for your security, make sure you validate the other parameters that are sent to you as well.
When the user is redirected to https://webserver.herokuapp.com/google-oauth2, there should be some parameters sent as part of the query. Those parameters include a state parameter. It should look something like this:
https://myservice.example.com/auth?client_id=GOOGLE_CLIENT_ID&redirect_uri=REDIRECT_URI&state=STATE_STRING&response_type=token
Note that while the client_id and redirect_uri are values that you should expect and test for, the state value is not one that you would have set. Google generates a different one every time. This is the state that you should be using later when you redirect to
https://oauth-redirect.googleusercontent.com/r/nodejs-sdk-local-test#access_token=<token_omitted>&token_type=bearer&state=STATE_STRING
I am working on a new app and am installing it manually by typing the URL into my web browser. This is properly bringing me to my Shopify store and is displaying the permissions screen as desired; however, when I click the 'Install app' button, I receive a page that says there is an Untrusted Connection. The URL in the browser reads:
https://.myshopify.com.myshopify.com/admin/oauth/authorize?client_id=&scope=read_customers,write_orders&redirect_uri=;
Note that the myshopify.com portion of the URL is repeated twice and the user is not sent to the redirect URI I specified.
What could be going wrong here? How can I fix this issue? Shopify doesn't really offer much in the form of support. Any help would be appreciated.
I figured this out. Shopify's documentation on Oauth is incorrect. Here is the documentation page: https://docs.shopify.com/api/authentication/oauth#asking-for-permission
Shopify says to use the following code when requesting that a user grant permissions to your app:
https://{shop}.myshopify.com/admin/oauth/authorize?client_id={api_key}&scope={scopes}&redirect_uri={redirect_uri}
The 'shop' variable is sent to the app from Shopify via a query string. The 'shop' variable includes the '.myshopify.com' portion of the URL. As such, that portion needs to be removed. The new line is:
https://{shop}/admin/oauth/authorize?client_id={api_key}&scope={scopes}&redirect_uri={redirect_uri}
The native iOS app is listed on Facebook App Center. But there is issue with "Send to Mobile" action, it fails with error:
API Error Code: 191
API Error Description: The specified URL is not owned by the application
Error Message: redirect_uri is not allowed by the application for OAuth.
Because the app is configured as a native iOS app, there is no any domains and redirect URI entered.
P.S. I know there is plenty of questions about API Error Code 191. But at the moment none of them was helpful, thus, I believe my question isn't a duplicate.
There seem to be a lot of different reasons for this error, but I had the same issue where clicking on the "Send to Mobile" resulted in error 191. In my case I was able to fix it by adding FB page URLs to the "Valid OAuth redirect URIs:" field in Advanced Settings.
I added the URL for the app in the App Center, as well as my main FB page - careful to use the correct URL scheme (https):
https://www.facebook.com/MyFBPage
https://www.facebook.com/appcenter/myfbapp
Hope that helps.
I built a website with Ruby on Rails and want to use the facebook login. Using the Ominauth-Facebook gem, I am enable to log in on my computer. But when several friends tested it, they all got the error in Chrome(similar to Safari saying “Refused to display document because display forbidden by X-Frame-Options"):
It's odd because it works well in all browsers in each device of mine(desktop, iphone and laptop). On my rails config, I already set
config.action_dispatch.default_headers[:'X-Frame-Options'] = "ALLOW-FROM https://www.facebook.com"
Anything I probably missed?Thanks!
Update: the errors won't show up again if my friend somehow signed in successfully once. Even when he logout from FB and sign in on my sites. I think that's why it works all good for me
This happens because Facebook doesn't want to users enter their authentication data in iframe on another site. It's done for security purposes. To avoid this you can try add to your link:
:target => "_top"
I got this error on the facebook canvas, In order to stop this occuring i had to remove all of the loginurl parameters, im using the php sdk.
$loginUrl = $facebook->getLoginUrl();
When i try to add scope, redirect_uri it fails with the error seen in the question. I checked everything matches up on the scope to the app settings and still no joy, cannot apply any parameters. However, without the parameters my app is able to authenticate.
As you can see, some Facebook games have custom page for "Didn't allow" user action. It shows when applicataion try to install and user click "Didn't allow"
f.e. - Cityville by Zynga - http://gyazo.com/6e398bfa6b803a23cfc36a32a6956e48.
How can I make the same page for my app?
If the user did not "allow" your application, he/she will be redirected (via HTTP 302) to the URL specified in the redirect_uri parameter that you specified in the authentication parameters with the following data :
http://YOUR_URL?error_reason=user_denied&
error=access_denied&error_description=The+user+denied+your+request.
All you have to do is handle this data and display the message that you want to the user.
This information (and a whole lot more) can be found in the facebook authentication documentation