facebook Access Token 400 bad request

facebook authentication facebook-oauth
D.J picture D.J · May 29, 2012 · Viewed 17.1k times · Source

I am using following code to retrieve facebook accessToken 

string url = "https://graph.facebook.com/oauth/access_token?" +
                         "client_id={0}" +
                         "&redirect_uri={1}" +
                         "&client_secret={2}" +
                         "&code={3}";
            url = string.Format(url, clientId, redirectUri.EncodeUrl(), clientSecret, code);
            //Create a webrequest to perform the request against the Uri
            WebRequest request = WebRequest.Create(url);
            try
            {
                //read out the response as a utf-8 encoding and parse out the access_token
                using (WebResponse response = request.GetResponse())
                {
                    using (Stream stream = response.GetResponseStream())
                    {
                        //string urlRedirects = response.ResponseUri.ToString();
                        Encoding encode = Encoding.GetEncoding("utf-8");
                        if (stream != null)
                        {
                            StreamReader streamReader = new StreamReader(stream, encode);
                            string accessToken = streamReader.ReadToEnd().Replace("access_token=", "");
                            streamReader.Close();
                            response.Close();
                            return accessToken;
                        }
                    }
                }
            }
            catch
            {
                return null;
            }

however I am constantly receiving this ambiguous error message 

{
"error": {
"message": "Error validating verification code.",
"type": "OAuthException",
"code": 100
}
}

I checked the code 100 "Invalid parameter" doesn't means much to me at all.

anyone have had similar problem?

Answer

maaz picture maaz · May 30, 2012

  1. Check you are adding correct code in the url For example

    http://www.xyz.com/?code=AQC399oXame3UKmoAMYnqkZOEXPDNa8ZUFEY9sc6I4YNQnNT-ZgHzpMNnQVZrCUBZVqJRIB1QrXC5xW58_8MNIgQol_PaQvYssUM8OiKjSY5aoqGLBMuCeeHsSqP_mRTd1xiK0iretZcXwMm_27lFYrWFw345Mxod_lfJuB8zI13E8wJUQiArXW_ZlGLNcyxh20#_=_

Code must be 

    code = AQC399oXame3UKmoAMYnqkZOEXPDNa8ZUFEY9sc6I4YNQnNT-ZgHzpMNnQVZrCUBZVqJRIB1QrXC5xW58_8MNIgQol_PaQvYssUM8OiKjSY5aoqGLBMuCeeHsSqP_mRTd1xiK0iretZcXwMm_27lFYrWFw345Mxod_lfJuB8zI13E8wJUQiArXW_ZlGLNcyxh20

code should not include following in the end

    #_=_

If above did not solve the problem


2. redirect_uri must end with /

redirect_uri=http://www.xyz.com/

The following gives some times above mentioned error

redirect_uri=http://www.xyz.com


3. A lso make sure App on Facebook and Website with Facebook Login are set with same addresss e.g http://www.xyz.com/

Related questions

Can access token be longer than 255 characters?

When allowing login by OAuth (such as OpenID, Facebook, Twitter, etc), we save the access token given by the Oath provider in mysql database for future authentication. In some tutorials, the column for saving access token is varchar(255) and some …

Read More
How do popular apps authenticate user requests from their mobile app to their server?

Say I have an Android application that connects to a .Net API for receiving/setting data. The confusion that I have is regarding how to sign-up/login the user first time and authenticate it every time they make a request …

Read More
Is Facebook an OpenID provider?

Is Facebook an OpenID provider? I know they are an OpenID supporter but do they allow people to authenticate with other sites via OpenID with their Facebook credentials?

Read More