facebook graph api not work from 2.2 to 2.3

Solution 1:

I have found the problem myself. It's because the SDK 3.2.2. For facebook update (from the Changelog for API version 2.3):

[Oauth Access Token] Format - The response format of https://www.facebook.com/v2.3/oauth/access_token returned when you exchange a code for an access_token now return valid JSON instead of being URL encoded. The new format of this response is {"access_token": {TOKEN}, "token_type":{TYPE}, "expires_in":{TIME}}. We made this update to be compliant with section 5.1 of RFC 6749.

But SDK is recognize the response as an array(in the getAccessTokenFromCode function):

$response_params = array();
parse_str($access_token_response, $response_params);
if (!isset($response_params['access_token'])) {
  return false;
}
return $response_params['access_token'];

This will not get user access token correctly, and you can't get user's data. So you should update this function to parse data as json:

$response = json_decode($access_token_response);
if (!isset($response->access_token)) {
  return false;
}
return $response->access_token;

Then all of the function will work as usual.


Additionally, you must make similar changes to setExtendedAccessToken(). Otherwise, your app won't be able to extend access tokens. The code below demonstrates how to upgrade the function.

  /**
   * Extend an access token, while removing the short-lived token that might
   * have been generated via client-side flow. Thanks to http://bit.ly/ b0Pt0H
   * for the workaround.
   */
  public function setExtendedAccessToken() {
    try {
      // need to circumvent json_decode by calling _oauthRequest
      // directly, since response isn't JSON format.
      $access_token_response = $this->_oauthRequest(
        $this->getUrl('graph', '/oauth/access_token'),
        $params = array(
          'client_id' => $this->getAppId(),
          'client_secret' => $this->getAppSecret(),
          'grant_type' => 'fb_exchange_token',
          'fb_exchange_token' => $this->getAccessToken(),
        )
      );
    }
    catch (FacebookApiException $e) {
      // most likely that user very recently revoked authorization.
      // In any event, we don't have an access token, so say so.
      return false;
    }

    if (empty($access_token_response)) {
      return false;
    }

    //Version 2.2 and down (Deprecated).  For more info, see http://stackoverflow.com/a/43016312/114558
    // $response_params = array();
    // parse_str($access_token_response, $response_params);
    //
    // if (!isset($response_params['access_token'])) {
    //   return false;
    // }
    //
    // $this->destroySession();
    //
    // $this->setPersistentData(
    //   'access_token', $response_params['access_token']
    // );

    //Version 2.3 and up.
    $response = json_decode($access_token_response);
    if (!isset($response->access_token)) {
      return false;
    }

    $this->destroySession();

    $this->setPersistentData(
      'access_token', $response->access_token
    );
  }