Comments (11)
According to the error message, the session expired over 3 hours before the request was made. Can you confirm that the user's access token has not expired in this case?
from facebook-sdk.
Yes I can. It's happened to me in fact. Interestingly it works after refreshing a couple of times.
Edit: in some cases it seems we have to restart the app for it work.
from facebook-sdk.
This is the JavaScript we're using which should be giving us our cookie I believe.
<script>
window.fbAsyncInit = function() {
FB.init({
appId: '{{ config.FACEBOOK_APP_ID }}',
status: true,
cookie: true,
xfbml: true,
});
$('#facebook-login').bind('click', function() {
FB.login(response);
});
};
(function() {
var e = document.createElement('script');
e.type = 'text/javascript';
e.src = document.location.protocol + '//connect.facebook.net/en_US/all.js';
e.async = true;
document.getElementById('fb-root').appendChild(e);
}());
</script>
from facebook-sdk.
Can you check the issued_at
parameter in the parsed signed request from the cookie data and see whether it is the same as the expiration date in the error message? Also, is there anything in your implementation that might be causing expired cookies to be used (e.g. your application storing cookie data, users staying on a page without refreshing and having their access_tokens expire)?
from facebook-sdk.
Can you check the issued_at parameter in the parsed signed request from the cookie data and see whether it is the same as the expiration date in the error message?
I'm not quite sure how to do that.
Also, is there anything in your implementation that might be causing expired cookies to be used (e.g. your application storing cookie data, users staying on a page without refreshing and having their access_tokens expire)?
As far as I can tell, no. The application doesn't store the cookie and a new cookie should be generated upon login (running the JS), right?
from facebook-sdk.
+1
from facebook-sdk.
I'm not quite sure how to do that.
I am not sure how reproducible this error is, so you might want to put the below code in the "except" part of a try..except block around the line where the error is occurring:
parsed_request = parse_signed_request(cookie, app_secret)
print parsed_request["issued_at"]
raise
from facebook-sdk.
Here's the end of the traceback, there's a problem using split on an immutable type it looks like:
File "/srv/http/blueprint/trekseat/frontend/views.py", line 914, in facebook_login
parsed_request = facebook.parse_signed_request(request.cookies, FACEBOOK_APP_SECRET)
File "/srv/http/blueprint/trekseat/src/facebook-sdk/facebook.py", line 380, in parse_signed_request
l = signed_request.split('.', 2)
AttributeError: 'ImmutableTypeConversionDict' object has no attribute 'split'
This happens when trying to pass the cookie back to the parse_signed_request method.
from facebook-sdk.
Okay another update, by getting the cookie manually, instead of use get_user_from cookie, I was able to parse it and get the UNIX time which is 1325618477
. This is what the debug code looks like:
#cookie = facebook.get_user_from_cookie(request.cookies,
# FACEBOOK_APP_ID,
# FACEBOOK_APP_SECRET)
cookie = request.cookies.get('fbsr_' + FACEBOOK_APP_ID, '')
parsed_request = facebook.parse_signed_request(cookie, FACEBOOK_APP_SECRET)
print parsed_request['issued_at']
Then without the debug code and using the bit that's commented out above, we get this error: GraphAPIError: Code was invalid or expired. Session has expired at unix time 1325624400. The current unix time is 1325871218.
from facebook-sdk.
Since this seems to be the result of the JavaScript SDK not updating its cookie (since issued_at
is well before the session expiration date or the current time in the GraphAPIError message), I would argue that this is not an error in our implementation. I am closing the issue, but you should definitely reopen it and berate me if you have found anything that suggests otherwise.
I looked on Facebook's bugtracker, but could not find a similar bug, so it would probably be worth filing one. If you do, please post the URL here.
In my experience, the JavaScript SDK works best when used in combination with Facebook Canvas applications, but external websites should use the server-side OAuth workflow (which looks harder but is more consistent). Feel free to ping me if you have questions about this.
from facebook-sdk.
One thing you might consider is issuing better exceptions. I can only catch exceptions by doing some nasty string matching based on the GraphAPI error message as it is currently. This at least means I can put the user through the proper flow again, but it's messy and prone to errors.
from facebook-sdk.
Related Issues (20)
- Release 4.0.0 to support after deprecation on 7/26/2020 HOT 5
- the package version is too old HOT 1
- How to get photo and message of a specific post via URL HOT 1
- get all connections support time-based pagination HOT 1
- Release support for Graph API version 8.0 HOT 2
- Why it's no v.8, but still 3.1.0 that is deprecated? HOT 3
- login-facebook HOT 1
- Replace the image of a facebook post
- Facebook graph
- [FEATURE REQUEST] Type hinting
- [Bug] Remove support for deprecated Graph API Version "3.1". HOT 3
- how we can post an image with caption to group or page i need help
- JSONDecodeError raised when trying to use put_object method HOT 1
- Update supported versions HOT 4
- H
- How can i put love react on post facebook API
- Hihu HOT 1
- Unable to fetch more than 25 comments
- Could I please receive all notifications and messages for this email
- Any New Release ?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from facebook-sdk.