Acknowledging that the authenticated referral mechanism is currently not working with the mobile web settings for Facebook applications, I'm running into an issue with verifying an access token based on a returned code.
The URL I'm trying to fetch an access token for is: https://staging.fanhood.com/facebook/mobile/challenge?fh_gameChallengeID=2678&ref=web_canvas&refid=9&refsrc=http://apps.facebook.com/fanhood-dev/challenge&returned=true
This is the URL that the visitor is sent to after being pre-authenticated from this URL: http://apps.facebook.com/fanhood-dev/challenge?fh_gameChallengeID=2678. However, unlike regular authenticated referrals, there is no additional data passed into the URL so that the application can shortcut the oauth redirect loop.
At this point, I'm redirecting the visitor to the mobile OAuth dialog to authenticate them: http://m.facebook.com/dialog/oauth?client_id=250258605018414&redirect_uri=https%3A%2F%2Fstaging.fanhood.com%2Ffacebook%2Fmobile%2Fchallenge%3Ffh_gameChallengeID%3D2678%26ref%3Dweb_canvas%26refid%3D9%26refsrc%3Dhttp%3A%2F%2Fapps.facebook.com%2Ffanhood-dev%2Fchallenge%26returned%3Dtrue&scope=email%2Cfriends_about_me%2Cfriends_education_history%2Cfriends_hometown%2Cfriends_interests%2Cfriends_likes%2Cfriends_location%2Coffline_access%2Cpublish_actions%2Cpublish_stream%2Cuser_activities%2Cuser_birthday%2Cuser_education_history%2Cuser_hometown%2Cuser_games_activity%2Cuser_interests%2Cuser_likes%2Cuser_location&response_type=code&display=touch
When the user is redirected back, I do receive a code to exchange:
Code: AQBCH25OC57BiMBgj3rCKGhkFi0ypp0R8e2yKGwFfhml9x1B47-w2Baex8oZ3BKgb2NhziRnSIuJ1MV9hErKBUhu0YqxaonwFF_7mcqozwpy3Ch08rkNh-YEIa6HV_LHxl6pymfkAbQEMgSA6F4BdtINsCQ7QlLpcRwrZWkzxZVyJbJDnqOesB3zFLr5ohpgtpQ
However, none of my requests to exchange this code are working currently. I'm trying different variations of the redirect_uri format, none of which are working:
Original URL as redirect_uri:
I have a mechanism in place to strip out specific query parameters, re-order them alphabetically, and re-assemble so that redirect_uris are consistent across requests. In this case, the redirect_uri matches exactly to what was passed to the dialog URL: https://staging.fanhood.com/facebook/mobile/challenge?fh_gameChallengeID=2678&ref=web_canvas&refid=9&refsrc=http://apps.facebook.com/fanhood-dev/challenge&returned=true == https://staging.fanhood.com/facebook/mobile/challenge?fh_gameChallengeID=2678&ref=web_canvas&refid=9&refsrc=http://apps.facebook.com/fanhood-dev/challenge&returned=true
Blank redirect_uri attempt for authenticated referrals:
redirect_uri structured as our mobile canvas URL:
redirect_uri structured as our canvas URL:
Does anyone know which redirect_uri format Facebook uses for mobile OAuth requests? And if query parameters are supported? This same URL works for our regular canvas application, just not our mobile version.
