Facebook OAuth: custom callback_uri parameters
I'd like to have a dynamic redirect URL for my Facebook OAuth2 integration. For example, if my redirect URL is this in my Facebook app:
http://www.mysite.com/oauth_callback?foo=bar
I'd like the redirect URL for a specific request be something like this, so that on the server, I have some context about how to process the auth code:
http://www.mysite.com/oauth_callback?foo=bar&user=6234
My redirect gets invoked after the authorization dialog is submitted, and I get back an auth code, but when I try to get my access token, I'm getting an OAuthException error back from Facebook. My request looks like this (line breaks added for clarity):
https://graph.facebook.com/oauth/access_token ?client_id=MY_CLIENT_ID &redirect_uri=http%3A%2F%2Fwww.mysite.com%2Foauth_callback%3Ffoo%3Dbar%26user%3D6234 &client_secret=MY_SECRET &code=RECEIVED_CODE
All of my parameters are URL-encoded, and the code looks valid, so my only guess is that the problem parameter is my redirect_uri. I've tried setting redirect_uri
to all of the following, to no avail:
- The actual URL of the request to my site
- The URL of the request to my site, minus the
code
parameter - The URL specified in my Facebook application's configuration
Are custom redirect URI parameters supported? If so, am I specifying them correctly? If not, will I be forced to set a cookie, or is there some better pattern for supplying context to my web site?
Solution 1:
I figured out the answer; rather than adding additional parameters to the redirect URL, you can add a state
parameter to the request to https://www.facebook.com/dialog/oauth
:
https://www.facebook.com/dialog/oauth ?client_id=MY_CLIENT_ID &scope=MY_SCOPE &redirect_uri=http%3A%2F%2Fwww.mysite.com%2Foauth_callback%3Ffoo%3Dbar &state=6234
That state parameter is then passed to the callback URL.
Solution 2:
If, for any reason, you can't use the option that Jacob suggested as it's my case, you can urlencode your redirect_uri
parameter before passing it and it will work, even with a complete querystring like foo=bar&morefoo=morebar
in it.
Solution 3:
I was trying to implement a Facebook login workflow against API v2.9 following this tutorial. I tried the solutions described above. Manuel's answer is sort of correct, but what I observed is url encoding is not needed. Plus, you can only pass one parameter. Only the first query parameter will be considered, the rest will be ignored. Here is an example,
Request a code via
https://www.facebook.com/v2.9/dialog/oauth?client_id={app-id}&redirect_uri=http://{url}/login-redirect?myExtraParameter={some-value}
You'd get a callback for your url. It will look like
http://{url}/login-redirect?code={code-from-facebook}&myExtraParameter={value-passed-in-step-1}
. Note that facebook would make a callback withmyExtraParameter
. You can extract the value formyExtraParameter
from callback url.Then you can request access token with
https://graph.facebook.com/v2.9/oauth/access_token?client_id={app-id}&client_secret={app-secret}&code={code-from-facebook}&redirect_uri=http://{url}/login-redirect?myExtraParameter={value-extracted-in-step-2}
Additional parameter passed in step 1 after the first query parameter will be ignored. Also make sure to not include any invalid characters in your query parameter (see this for more information).