Xamarin.Auth Facebook

Question

Ok so I am trying to use Xamarin.Auth to do a very basic authentication on Xamarin.iOS and am getting an error: "Given URL is not allowed by the Application configuration.: One or more of the given URLs is not allowed by the App's settings. It must match the Website URL or Canvas URL, or the domain must be a subdomain of one of the App's domains."

I've been Googling for a while and it seems that you may no longer be able to use Xam.Auth for Facebook -- that seems unlikely...

Here is my sample code (sans my FB App Id) -- You'll notice it is literally a copy of Xam's sample code:

using System;
using System.Collections.Generic;
using System.Json;
using System.Linq;
using System.Threading.Tasks;
using MonoTouch.Dialog;

#if __UNIFIED__
using Foundation;
using UIKit;
#else
using MonoTouch.Foundation;
using MonoTouch.UIKit;
#endif

namespace Xamarin.Auth.Sample.iOS
{
    [Register ("AppDelegate")]
    public partial class AppDelegate : UIApplicationDelegate
    {
        void LoginToFacebook (bool allowCancel)
        {
            var auth = new OAuth2Authenticator (
                clientId: "SOME_ID",
                scope: "",
                authorizeUrl: new Uri ("https://m.facebook.com/dialog/oauth/"),
                redirectUrl: new Uri ("http://www.facebook.com/connect/login_success.html"));

            auth.AllowCancel = allowCancel;

            // If authorization succeeds or is canceled, .Completed will be fired.
            auth.Completed += (s, e) =>
            {
                // We presented the UI, so it's up to us to dismiss it.
                dialog.DismissViewController (true, null);

                if (!e.IsAuthenticated) {
                    facebookStatus.Caption = "Not authorized";
                    dialog.ReloadData();
                    return;
                }

                // Now that we're logged in, make a OAuth2 request to get the user's info.
                var request = new OAuth2Request("GET", new Uri ("https://graph.facebook.com/me"), null, e.Account);
                request.GetResponseAsync().ContinueWith (t => {
                    if (t.IsFaulted)
                        facebookStatus.Caption = "Error: " + t.Exception.InnerException.Message;
                    else if (t.IsCanceled)
                        facebookStatus.Caption = "Canceled";
                    else
                    {
                        var obj = JsonValue.Parse(t.Result.GetResponseText());
                        facebookStatus.Caption = "Logged in as " + obj["name"];
                    }

                    dialog.ReloadData();
                }, uiScheduler);
            };

            UIViewController vc = auth.GetUI ();
            dialog.PresentViewController (vc, true, null);
        }

        public override bool FinishedLaunching (UIApplication app, NSDictionary options)
        {
            facebook = new Section ("Facebook");
            facebook.Add (new StyledStringElement("Log in", () => LoginToFacebook (true)));         
            facebook.Add (new StyledStringElement("Log in (no cancel)", () => LoginToFacebook (false)));
            facebook.Add (facebookStatus = new StringElement (String.Empty));

            dialog = new DialogViewController (new RootElement ("Xamarin.Auth Sample") {
                facebook,
            });

            window = new UIWindow (UIScreen.MainScreen.Bounds);
            window.RootViewController = new UINavigationController (dialog);
            window.MakeKeyAndVisible ();

            return true;
        }

        private readonly TaskScheduler uiScheduler = 
            TaskScheduler.FromCurrentSynchronizationContext();

        UIWindow window;
        DialogViewController dialog;

        Section facebook;
        StringElement facebookStatus;

        // This is the main entry point of the application.
        static void Main (string[] args)
        {
            UIApplication.Main (args, null, "AppDelegate");
        }
    }
}

Answer 1

Have you added the URL "http://www.facebook.com/connect/login_success.html" as a valid redirect URL to your app's configuration on Facebook?

I would expect a URL in a domain you own, this looks like something you copied from a sample

Answer 2

redirect_url depends on service provider and app type defined on server side (google calls it console). Basically there are 2 types of apps: Server-AKA-Web and Mobile-AKA-Installed. Server-AKA-Web uses almost always authorization code grant while Mobile-AKA-Installed can use implicit grant flow or modifies authorization code grant flow where client_secret is not sent (and not present on the device), because it is considered to be insecure. Server-AKA-Web is used on servers (web apps) where it is a lot more complicated for malicious user to get the client_secret. Server can open any web page (http[s] scheme) - usually some page/route/path on the same host, but it could be something else.

Xamarin.Auth used this approach of opening some page in browser and analysing the url to grab OAuth data returned. It could not parse http[s]://localhost what is valid redirect_url, but mobile apps have no web server to have localhost loadable page. Moreover Xamarin.Auth could never work with custom schemes like fb22145312 for facebook.

This changed with version v.1.4 which added support for custom schemes required now with google OAuth authentication for Mobile-AKA-Installed apps where embedded WebViews are forbidden and mobile app must use so called Native UI - on Android [Chrome] CustomTabs and on iOS SFSafariViewController. They need custom schemes for deep-AKA-app linking, so redirect_url can be intercepted by mobile app that registered for that scheme.

So if your app is web app then you can use http[s] scheme for redirect_url, but if you have chosen Android or iOS app then provider (Facebook in this case) will generate scheme for the app which must be used.

Providers have different ways of checking validity of the requests and seems that other data for your app on server side (Website, valid Urls are different from your redirect_url). This explains last part of the error message you are getting.