All geek questions in one place

Error with authentication code using coldfusion

I have a facebook application that used CFC that I found on RIAForge to authenticate the user / application and allow permissions ( this one ) but it no longer works. So I started writing a version of the PHP PHP example as CFML. But when I get to the token access point, I get the following error from facebook:

OAuth "Facebook Platform" "invalid_code" "Verification code verification failed."

There is no problem setting up the application on facebook, since I tested the PHP code provided by them with my details and it works great. The following is an example of PHP, and also where I need to use CF.

PHP:

$app_id = "YOUR_APP_ID"; $app_secret = "YOUR_APP_SECRET"; $my_url = "YOUR_URL"; session_start(); $code = $_REQUEST["code"]; if(empty($code)) { $_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection $dialog_url = "http://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url) . "&state=" . $_SESSION['state']; echo("<script> top.location.href='" . $dialog_url . "'</script>"); } if($_REQUEST['state'] == $_SESSION['state']) { $token_url = "https://graph.facebook.com/oauth/access_token?" . "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url) . "&client_secret=" . $app_secret . "&code=" . $code; $response = @file_get_contents($token_url); $params = null; parse_str($response, $params); $graph_url = "https://graph.facebook.com/me?access_token=" . $params['access_token']; $user = json_decode(file_get_contents($graph_url)); echo("Hello " . $user->name); } else { echo("The state does not match. You may be a victim of CSRF."); } ?>

CFML:

 <cfset appID = "app_id"/> <cfset secret_key = "secret_key"/> <cfset app_url = "app_url"/> <cfparam name="URL.Code" default="0"> <cfparam name="URL.State" default="0"> <cfset code_ = URL.Code> <cfif code_ EQ "" OR code_ EQ 0> <cfset SESSION.State = Hash(CreateUUID(),"MD5")> <cfset dialog_url = "http://www.facebook.com/dialog/oauth?client_id=" & appID & "&redirect_uri=" & app_url & "?State=" & SESSION.State> <cf_Javascript type="script" script="top.location.href='#dialog_url#'"> </cfif> <cfif SESSION.State EQ URL.State> <cfset token_url = "https://graph.facebook.com/oauth/access_token?client_id=" & appID & "&redirect_uri=" & app_url & "&client_secret=" & secret_key & "&code=" & code_> <cfhttp url="#token_url#" result="AccessToken" method="GET"> <cfdump var="#AccessToken#"> </cfif>
+6
source share
2 answers

I feel very stupid, I used a question mark rather than an ampersand in front of the status URL parameter when setting the dialog URL.

+5
source

You are not showing values ​​for this variable, so we don’t know if you enter url-encoded or not:

 <cfset app_url = "app_url"/>

I think probably not. So, for starters, you either want to do:

 <cfset app_url = urlEncodedFormat("app_url") />

or

 <cfset dialog_url = "http://www.facebook.com/dialog/oauth?client_id=" & appID & "&redirect_uri=" & urlEncodedFormat(app_url) & "?State=" & SESSION.State />

Otherwise, it looks like you are on the right track.

0
source

Source: https://habr.com/ru/post/905904/

More articles:


All Articles