Specify multiple redirect URIs for facebook OAuth2

P

2

9

My web application is deployed to a production site, but I also need to perform local development. Besides, I have a couple of test servers where I perform different testing activities. I would like to specify all these URIs for Facebook OAuth2. With Google OAuth2 there is no problem: I can specify as many redirect URIs as I need.

Is this possible with Facebook? How? I am using the "Website with Facebook Login" option to integrate with Facebook.

Currently I am getting:

{
    error: {
        message: "Invalid redirect_uri: Given URL is not allowed by the Application configuration.",
        type: "OAuthException",
        code: 191
    }
}

Phial answered 7/5, 2013 at 8:57 Comment(0)

H

1

You will have to instead create different application for different Use Cases as per your requirement. This is one strange limitation that you will have to deal with.

Although unrelated but Heroku's (which is partner Cloud service provider) Getting Started Guide for Facebook suggests the same work through for working locally with the application along with development.

Hunkers answered 7/5, 2013 at 10:50 Comment(1)

this answer is probably outdated, the answer from @ben about "Valid OAuth redirect URIs" works (see the 1st comment in that answer for more detailed instructions). – Tabor 4/9, 2014 at 20:47

V

28

I'm not sure when they added this, but I just discovered a "Valid OAuth redirect URIs" field in the "Advanced" settings of my Facebook app. I just put http://localhost in there and it appears to allow redirect to any URI on my localhost. No more duplicate apps!

Vacua answered 15/9, 2013 at 1:55 Comment(3)

More info at : developers.facebook.com/docs/facebook-login/security - contains: "Specify a whitelist of OAuth redirect URLs if possible. Specify an exhaustive set of app URLs that are the only valid redirect URLs for your app for returning access tokens and codes from the OAuth flow. This setting is in the Settings > Advanced > Security section. If you leave this setting empty, any URL in the app’s domains may receive OAuth access tokens – this leaves the app vulnerable to access token theft if the app domain has any open redirects or XSS vulnerabilities." – Farming 16/4, 2014 at 7:21

I can confirm that this works for me too. You can now use the same facebook app for live and localhost URLs by using this new setting. – Coahuila 23/5, 2014 at 23:45

I was looking out for a way so that I can disable the "Valid OAuth redirect URIs" feature so that facebook allows me to use any domain names when using facebook app to integrate the facebook login feature. – Kinfolk 14/9, 2015 at 8:46

H

1

You will have to instead create different application for different Use Cases as per your requirement. This is one strange limitation that you will have to deal with.

Although unrelated but Heroku's (which is partner Cloud service provider) Getting Started Guide for Facebook suggests the same work through for working locally with the application along with development.

Hunkers answered 7/5, 2013 at 10:50 Comment(1)

this answer is probably outdated, the answer from @ben about "Valid OAuth redirect URIs" works (see the 1st comment in that answer for more detailed instructions). – Tabor 4/9, 2014 at 20:47

Recommended topics

Hot tags