Investigate first time login with facebook error

Question

Investigate first time login with facebook error

louischan-oursky opened this issue 4 years ago · 2 comments

sdk throws {"error": "invalid_grant", "error_description": "invalid authorization code"} when first time login with facebook. Any ideas?

Answer 1 · 2020-05-25T04:45:59.000Z

It throws {"error": "invalid_grant", "error_description": "invalid authorization code"} on the first time but success for the second time. Also, it is showing successfully connected when visit usr identity page.

Answer 2 · 2020-05-25T08:30:03.000Z

It is because facebook append fragment #_=_ to the callback url, during 302 redirect back to the client app, the fragment part is inherited and the redirect url becomes <redirect_url>/?code=<code>#_=_. The SDK parse the query part incorrectly and get the wrong code. We should fix the query parsing in the SDK.

The second time will be success, as the session cookies is set during the first login. And auth ui doesn't need to redirect to fb again.

Refs:

https://developers.facebook.com/blog/post/552/

This week, we started adding a fragment #= to the redirect_uri when this field is left blank. Please ensure that your app can handle this behavior.

https://tools.ietf.org/html/rfc7231#section-7.1.2

If the Location value provided in a 3xx (Redirection) response does
not have a fragment component, a user agent MUST process the
redirection as if the value inherits the fragment component of the
URI reference used to generate the request target (i.e., the
redirection inherits the original reference's fragment, if any).