A Possible Quick Fix to the Inconsistent “Invalid OAuth 2.0 Access Token” errors (facebook bug 15933)
Friday, April 29th, 2011A few weeks ago, our recently converted FBML application to iFrame application (done last January), suddenly experienced endless redirection loops.
2 days into the problem and frantically searching for a possible solution, I found others experiencing the issue which is currently the most popular opened bug in facebook.
Since I’m using php for the sdk, I followed the advice in comment #119 by a certain Bret Stubbs, using the latest php sdk (although I use a particularly new sdk, a version before the latest) and changing this code:
// try loading session from signed_request in $_REQUEST
$signedRequest = $this->getSignedRequest();
if ($signedRequest) {
// sig is good, use the signedRequest
$session = $this->createSessionFromSignedRequest($signedRequest);
}
to this code here:
// try loading session from signed_request in $_REQUEST
$signedRequest = $this->getSignedRequest();
if ($signedRequest) {
if (!isset($signedRequest['user_id'])) {
return null;
}
// sig is good, use the signedRequest
$session = $this->createSessionFromSignedRequest($signedRequest);
}
And found out this didn’t work for me at first (looping redirects still occured). I found out that enabling the first option below fixed the looping problem:
This would fix most of the problems with the looping redirects that I encountered. There was other sections that still had the looping redirect problems and this was solved by removing all instances of the “session” parameter checks that facebook would add to the end of the url after authorization. What I’m finding odd though is that facebook even though I specifically enabled that deprecated option “Canvas Session Parameter”, facebook doesn’t already return this parameter (I would consider this already obsoleted).
Is this the end of the story for this bug? Not by a long shot. There are still errors when calling certain OLD REST APIs through the new SDK and calling the FQL API function (still not resolved yet). I have already migrated code to avoid these calls as much as possible(I use direct graph api calls in the new codebase as much as possible, and js SDK functions for certain functions that are in the new Graph API SDK but are inferior to the OLD REST APIs in customizability… and there are no more fql function calls in the codebase).
What do I think of all of these? Robert Turall, a UK based facebook developer sums it up nicely in his blog:
The problem with Facebook’s approach to their platform and to App developers is that we all have to work to a moving target, an inherently unstable platform. Such a platform is not really suitable for producing the kind of campaign-based Apps that I produce but Facebook market their platform as THE socially-aware marketing platform for campaign-based Apps.
It’s about time they started to run it like one – got some decent QA in place and thoroughly tested their releases before throwing bug-ridden code out into the World.
I agree with this completely. Facebook APIs have been moving in such a manner that it is difficult for a developer track all the changes by himself. Incomplete documentation especially with recommended new ways of doing facebook development, the defeaning silence of Facebook staff with regards to some bugs (for example I have been keeping track of a certain bug which is already almost a year open, which is important to an app which I’ve developed, until I’ve decided to do a workaround which results to a more clunky experience due to deadline constraints), all adds to tensions in the facebook developer community.
