Login/Register
Facebook deauthorize callback is not called [duplicate]
Asked Answered
androidfacebooklaravelhttpsfacebook-canvas
Q

1

20

I have develop an Facebook app (a game in "development mode") consumed by a web client (Facebook canvas) and a mobile client (Android app). I have also a REST API (developed with Laravel) which allow the exchanges between clients and the Facebook API. The API is reachable over the internet (not localhost).

My aim is to detect when users uninstall my Facebook app.

The Facebook documentation says that:

People are able to uninstall apps via Facebook.com without interacting with the app itself. To help apps detect when this has happened, we allow them to provide a de-authorize callback URL which will be pinged whenever this occurs.

You can enable a deauthorize callback via the App Dashboard. Just go to your app, then choose the Settings menu, and finally the Advanced tab. A text field is provided for the Deauthorize Callback URL.

Whenever a user of your app de-authorizes it, this URL will be sent an HTTP POST containing a signed request. Read our guide to parsing the signed request to see how to decode this to find out the user ID that triggered the callback.

The Laravel route for this URL accepts GET and POST requests. I know that the Facebook callback uses POST request, but accepting the GET method allows me to use the "Open Graph Object Debugger" tool to test if my URL is reachable by Facebook servers (and it is successful).

Currently I use a self-signed SSL certificate (AES 128). Apache is my web server (it redirects all HTTP requests to HTTPS).

I know how to decode the signed_request encoded POST parameter (the problem is not here).

Problem:

When I remove the app (with a Facebook test account) the callback URL is never called. The Apache logs (access/error) show absolutely nothing (while I can see previous access via the Open Graph Object Debugger).

I have tried to change the callback URL by another domain with a SSL certificate delivered by a known CA. Same result... this is very frustrating.

I don't understand why. I missed something?

  • It is an issue with my web server?
  • It is an issue with my SSL certificate?
  • It is an issue with my Facebook app configuration?
  • It is because my Facebook app is in development mode?
  • It is a Facebook bug?

enter image description here

Quadrillion answered 12/8, 2014 at 9:22 Comment(5)
I am in the same bucket. Apache log shows nothing. If I cpy the URL and throw it in a browser, it works. Have been scratching my head for days. So frustratingAb
Too old an issue to comment but if someone else is in same problem try to debug the app in local environment and see if facebook is actually hitting the URL or not, I'd use ngrok to set up a local app and debug HTTP requests, Here is a demonstration to use ngrok for HTTP callback debugging on local machine. @AbPresage
many have reported this. i think it's a bug on facebook's side ? I hope you are not calling this from local server :)Swain
It was not a local server. I think also that it's a bug from Facebook.Quadrillion
As of 2018, ngrok does not with Facebook. Attempts to contact your server will die with a kErrorAddressPrivate error. Use serveo.net instead.Consentient
T
0

From my personal experience facebook notifications are not reliable. I have developed a few apps that rely on real time updates from facebook and I have experienced following issues:

  1. Updates/callbacks getting lost
  2. Updates delivered days later
  3. When facebook updates graph api version some of the apps work that are still on old version and those that you migrate do not work.

Sometimes to fix it I would remove all subscriptions and re-add them again. After a while I got tired from this and now I do pull as well and real time updates also I have implemented logging and monitoring.

I hope this helps

Thalassa answered 16/11, 2015 at 22:53 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.