oauth2_client
oauth2_client copied to clipboard
No redirect URI in the params for Android Facebook login
Copied the example for Facebook
<activity android:name="com.linusu.flutter_web_auth.CallbackActivity" >
<intent-filter android:label="flutter_web_auth">
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="my.app.id" />
</intent-filter>
</activity>
final client = FacebookOAuth2Client(
redirectUri: 'my.app.id://oauth2redirect',
customUriScheme: 'my.app.id',
);
final response = await client.getTokenWithAuthCodeFlow(
clientId: dotenv.env['FACEBOOK_APP_ID']!,
scopes: ['email'],
);
and got this error in the browser on fb page:
Facing same issue. Have to use some workarounds (not best ones).
That's weird... @alensugimoto, can you share which workarounds you had to use?
I haven't used the Facebook client yet. I only used Google and Dropbox for my app, and I don't see anything wrong with your code.
Maybe the problem has to do with the app's Valid OAuth Redirect URIs field.
@alensugimoto Valid OAuth Redirect URIs field converts values to normal urls (my.app.id://oauth2redirect
to https://my.app.id/oauth2redirect
for example) and this doesn't help.
I see. It seems custom URI schemes are not supported by Facebook. Sorry, I'm not sure how to work around this.
Our workaround is to use "https://localhost:8080" as redirect-uri and "whitelisted" it in FB app settings. But it doesn't look like proper solution.
These worked for me:
- In facebook application web control panel add "android" into "login through facebook"
- Set appropriate application package in facebook application properties (it asked also about some hash, just used default debug storage and hash - same as provided with additional params
-keystore ~/.android/debug.keystore -storepass android -keypass android
). - Use redirect URL fbconnect://cct.my_application_package (Don't forget to add that into appropriate intent filter of AndroidManifest.xml)
- Specify clientSecret in OAuth2Helper (client secret can be found in general facebook app properties)
- Use scopes ['openid', 'email']
@mpashka's solution works for me. It seems to work even when skipping step 2. But leaving client secret at client side got me worry. Btw, fbconnect://cct.
has to stay the same, the rest can be changed to any value.
And to save you sometime:
AndroidManifest.xml
<activity android:name="com.linusu.flutter_web_auth.CallbackActivity" >
<intent-filter android:label="flutter_web_auth">
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="vn.hayzo.player" />
</intent-filter>
<intent-filter android:label="flutter_web_auth">
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="fbconnect" android:host="cct.my_application_package"/>
</intent-filter>
</activity>
Flutter code:
FacebookOAuth2Client _facebookClient = FacebookOAuth2Client(
customUriScheme: 'fbconnect',
redirectUri: 'fbconnect://cct.my_application_package',
);
@giaunguyen2176 I confirm this solution works, even without client secret and hash.
+1 on @mpashka solution, it's the only way how I could make it work. However, I don't understand why this works and documentation about this is really scarce. Using this feels super hacky
Hi, I'm getting the same error. I noticed that is not possible to add a redirect URI with this format ${applicationId}://$path like my.test.app://oauth2redirect on the Facebook Valid OAuth Redirect URIs:
https://developers.facebook.com/docs/facebook-login/security/#surfacearea
Enforce HTTPS. This setting requires HTTPS for OAuth Redirects, and it requires and Facebook JavaScript SDK calls that return or require an access token are only from HTTPS pages. All new apps created as of March 2018 have this setting on by default, and you should plan to migrate any existing apps to use only HTTPS URLs by October 6, 2018. Most major cloud application hosts provide free and automatic configuration of TLS certificates for your applications. If you self-host your app or your hosting service doesn't offer HTTPS by default, you can obtain a free certificate for your domain(s) from Let's Encrypt.
So when I try to add the ${applicationId}://$path after I save it Facebook automatically changit to https://${applicationId}/$path