I am getting the following error:
(OAuthException) client_secret should not be passed to /oauth/access_token/
While I am calling the Facebook API to get me a "User Access Token" for further inquiries. My code is very simple:
string appId = "99999999"; // Long number - Given by FB in my application page
string appSecret = "98907kjlhkh908098"; // // Long string- Given by FB in my application page
string code = "089789uokjj"; // Access Code in response to my first FB call - It is in query string of response
var fb = new FacebookClient ( appId , appSecret );
var parameters = new Dictionary<string , object>
{
{ "client_id", appId },
{"redirect_uri" , "http://localhost:49773/Sample/Default.aspx"},
{ "client_secret", appSecret },
{ "code", code }
};
fb.Post( "https://graph.facebook.com/oauth/access_token/" , parameters );
How do I pass Client_Secret
? Without that I cannot proceed and with that again I am getting exception!
Little tutorial for ASP.NET for server-side flow (I am using ver. 6 of FB C# SDK):
1) create login button and bind onclick event on login page:
var loginWindowPopup = null;
var loginWindowTimer = null;
$(function ()
{
$('#login_with_facebook').click(function ()
{
var popupWidth = 640;
var popupHeight = 337;
var xPosition = ($(window).width() - popupWidth) / 2;
var yPosition = ($(window).height() - popupHeight) / 2;
loginWindowPopup = window.open('/AuthSocialUser.aspx?facebookAuth=true',
'FacebookLoginWindow',
'location=1,scrollbars=1,menubar=0,status=0,toolbar=0' +
',width=' + popupWidth +
',height=' + popupHeight +
',left=' + xPosition +
',top=' + yPosition);
if (loginWindowTimer == null)
{
loginWindowTimer = setInterval(CheckLogonWindowClose, 1000);
}
}
);
function CheckLogonWindowClose()
{
if (loginWindowPopup.closed)
{
clearInterval(loginWindowTimer);
location.reload();
}
};
2) in AuthSocialUser.aspx popup window:
if (this.Request.QueryString["facebookAuth"] == "true")
{
var parameters = new Dictionary<string,object>();
parameters["client_id"] = "...";
// parameters["scope"] = "email";
string state = Guid.NewGuid().ToString();
parameters["state"] = state;
this.Session.Add("state", state); //CSRF protection
parameters["redirect_uri"] =
this.Request.Url.AbsoluteUri.Replace("facebookAuth=true", "facebookAuth=false");
parameters["response_type"] = "code"; // code can be exchanged for an access token
parameters["display"] = "popup";
this.Response.Redirect(new FacebookClient().GetLoginUrl(parameters).AbsoluteUri);
}
else
{
string code = this.Request.QueryString["code"];
string state = this.Request.QueryString["state"];
string currentState = (this.Session["state"] != null ?
this.Session["state"].ToString() : null);
if (string.IsNullOrWhiteSpace(code) == true)
{
// set info in session: app not authorized & inject close window JS script
return;
}
if (string.IsNullOrWhiteSpace(state) == true ||
string.IsNullOrWhiteSpace(currentState) == true)
{
// session state expired & inject close window JS script
return;
}
if (state != currentState)
{
throw new ArgumentException("State does not match (CSRF?)");
}
//// get access token
var fb = new FacebookClient();
Dictionary<string, object> parameters = new Dictionary<string, object>();
parameters.Add("client_id", "...");
parameters.Add("redirect_uri", "https://127.0.0.1
/AuthSocialUser.aspx?facebookAuth=false");
parameters.Add("client_secret", "...");
parameters.Add("code", code);
result = fb.Get("/oauth/access_token", parameters);
string accessToken = result["access_token"];
// use token in next requests, insert status to session state
// & inject close window JS script - simple: window.close();
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.