oauth2_client icon indicating copy to clipboard operation
oauth2_client copied to clipboard

Published 20 hours ago verified publisher icon teranetsrl

No redirect URI in the params for Android Facebook login

Open igaponov opened this issue 2 years ago • 11 comments

Copied the example for Facebook

<activity android:name="com.linusu.flutter_web_auth.CallbackActivity" >
   <intent-filter android:label="flutter_web_auth">
       <action android:name="android.intent.action.VIEW" />
       <category android:name="android.intent.category.DEFAULT" />
       <category android:name="android.intent.category.BROWSABLE" />
       <data android:scheme="my.app.id" />
   </intent-filter>
</activity>

final client = FacebookOAuth2Client(
  redirectUri: 'my.app.id://oauth2redirect',
  customUriScheme: 'my.app.id',
);
final response = await client.getTokenWithAuthCodeFlow(
  clientId: dotenv.env['FACEBOOK_APP_ID']!,
  scopes: ['email'],
);

and got this error in the browser on fb page:

image

igaponov avatar Aug 05 '21 09:08 igaponov

Facing same issue. Have to use some workarounds (not best ones).

doctek235 avatar Aug 07 '21 10:08 doctek235

That's weird... @alensugimoto, can you share which workarounds you had to use?

okrad avatar Aug 08 '21 09:08 okrad

I haven't used the Facebook client yet. I only used Google and Dropbox for my app, and I don't see anything wrong with your code.

Maybe the problem has to do with the app's Valid OAuth Redirect URIs field.

alensugimoto avatar Aug 09 '21 19:08 alensugimoto

@alensugimoto Valid OAuth Redirect URIs field converts values to normal urls (my.app.id://oauth2redirect to https://my.app.id/oauth2redirect for example) and this doesn't help.

igaponov avatar Aug 09 '21 19:08 igaponov

I see. It seems custom URI schemes are not supported by Facebook. Sorry, I'm not sure how to work around this.

alensugimoto avatar Aug 09 '21 20:08 alensugimoto

Our workaround is to use "https://localhost:8080" as redirect-uri and "whitelisted" it in FB app settings. But it doesn't look like proper solution.

doctek235 avatar Aug 10 '21 09:08 doctek235

These worked for me:

  1. In facebook application web control panel add "android" into "login through facebook"
  2. Set appropriate application package in facebook application properties (it asked also about some hash, just used default debug storage and hash - same as provided with additional params -keystore ~/.android/debug.keystore -storepass android -keypass android).
  3. Use redirect URL fbconnect://cct.my_application_package (Don't forget to add that into appropriate intent filter of AndroidManifest.xml)
  4. Specify clientSecret in OAuth2Helper (client secret can be found in general facebook app properties)
  5. Use scopes ['openid', 'email']

mpashka avatar Aug 18 '21 19:08 mpashka

@mpashka's solution works for me. It seems to work even when skipping step 2. But leaving client secret at client side got me worry. Btw, fbconnect://cct. has to stay the same, the rest can be changed to any value.

And to save you sometime:

AndroidManifest.xml

<activity android:name="com.linusu.flutter_web_auth.CallbackActivity" >
    <intent-filter android:label="flutter_web_auth">
        <action android:name="android.intent.action.VIEW" />
        <category android:name="android.intent.category.DEFAULT" />
        <category android:name="android.intent.category.BROWSABLE" />
        <data android:scheme="vn.hayzo.player" />
    </intent-filter>
    <intent-filter android:label="flutter_web_auth">
        <action android:name="android.intent.action.VIEW" />
        <category android:name="android.intent.category.DEFAULT" />
        <category android:name="android.intent.category.BROWSABLE" />
        <data android:scheme="fbconnect" android:host="cct.my_application_package"/>
    </intent-filter>
</activity>

Flutter code:

FacebookOAuth2Client _facebookClient = FacebookOAuth2Client(
	customUriScheme: 'fbconnect',
	redirectUri: 'fbconnect://cct.my_application_package',
);

giaunguyen2176 avatar Sep 01 '21 12:09 giaunguyen2176

@giaunguyen2176 I confirm this solution works, even without client secret and hash.

igaponov avatar Nov 08 '21 19:11 igaponov

+1 on @mpashka solution, it's the only way how I could make it work. However, I don't understand why this works and documentation about this is really scarce. Using this feels super hacky

markusz avatar Jan 31 '22 18:01 markusz

Hi, I'm getting the same error. I noticed that is not possible to add a redirect URI with this format ${applicationId}://$path like my.test.app://oauth2redirect on the Facebook Valid OAuth Redirect URIs:

https://developers.facebook.com/docs/facebook-login/security/#surfacearea

Enforce HTTPS. This setting requires HTTPS for OAuth Redirects, and it requires and Facebook JavaScript SDK calls that return or require an access token are only from HTTPS pages. All new apps created as of March 2018 have this setting on by default, and you should plan to migrate any existing apps to use only HTTPS URLs by October 6, 2018. Most major cloud application hosts provide free and automatic configuration of TLS certificates for your applications. If you self-host your app or your hosting service doesn't offer HTTPS by default, you can obtain a free certificate for your domain(s) from Let's Encrypt.

So when I try to add the ${applicationId}://$path after I save it Facebook automatically changit to https://${applicationId}/$path

juanagu avatar Dec 30 '22 12:12 juanagu