I'm trying to activate Login via Facebook on my website that is built using Yii2 framework, but the Login is always failing, although the facebook app is authorizing the facebook account used in the login.
The response is always this error:
Request failed with code: 400, message: Error validating client secret.
Im using yii2's authclient:
return [
'class' => 'yii\authclient\Collection',
'clients' => [
'facebook' => [
'class' => 'yii\authclient\clients\Facebook',
'authUrl' => 'facebook.com/dialog/oauth',
//Prod
'clientId' => 'appidhere',
'clientSecret' => 'appsecrethere',
'scope' => 'email, user_friends, public_profile',
.....
The app id and app secret are correct, and the fb app settings are correct as well.
Here's what the request looks like:
yii\httpclient\Request Object ( [_url:yii\httpclient\Request:private] => graph.facebook.com/oauth/access_token [_fullUrl:yii\httpclient\Request:private] => [_method:yii\httpclient\Request:private] => POST [_options:yii\httpclient\Request:private] => Array ( [userAgent] => My Application OAuth 2.0 Client [timeout] => 30 [sslVerifyPeer] => ) [isPrepared:yii\httpclient\Request:private] => [client] => yii\httpclient\Client Object ( [baseUrl] => graph.facebook.com [formatters] => Array ( ) [parsers] => Array ( ) [requestConfig] => Array ( ) [responseConfig] => Array ( ) [contentLoggingMaxSize] => 2000 [_transport:yii\httpclient\Client:private] => yii\httpclient\StreamTransport [_events:yii\base\Component:private] => Array ( ) [_behaviors:yii\base\Component:private] => ) [_headers:yii\httpclient\Message:private] => [_cookies:yii\httpclient\Message:private] => [_content:yii\httpclient\Message:private] => [_data:yii\httpclient\Message:private] => Array ( [client_id] => realappidhere [client_secret] => realappsecrethere [code] => AQAr0KRC0m4V4lqD8LVcQLNjn76xkZS4skQYAvWf6O_DDeEclaj1LMQm_HoyCoZZezqDn7p9YfJm3qENabU8MKvmH1ffNJotMzgLW2XTbSqQEXlkg_sx7V-ibXRFagpfXTIqCp9Kr54O88bNYGikoOr4TM1ogGjViwS-qKLbvpR_vWgE_FPy9ecpgy86QOITpGrlVJaPAun2bzGaFXmU70Z4Kw3kBWUBPseWc_7ILGymZP-CIbRIIm_YZ8p7t9Vo7jZmieMSd-CMYfG0sgJcBjOgQNvsa3xtHNhPVa5BJNNTy89zulSpTAf3XB6HB_8eql0 [grant_type] => authorization_code [redirect_uri] => example.com/site/auth?role=influencer&authclient=facebook ) [_format:yii\httpclient\Message:private] => [_events:yii\base\Component:private] => Array ( ) [_behaviors:yii\base\Component:private] => )
And the response is:
yii\httpclient\Response Object ( [client] => yii\httpclient\Client Object ( [baseUrl] => graph.facebook.com [formatters] => Array ( [urlencoded] => yii\httpclient\UrlEncodedFormatter Object ( [encodingType] => 1 [charset] => ) ) [parsers] => Array ( ) [requestConfig] => Array ( ) [responseConfig] => Array ( ) [contentLoggingMaxSize] => 2000 [_transport:yii\httpclient\Client:private] => yii\httpclient\StreamTransport Object ( [_events:yii\base\Component:private] => Array ( ) [_behaviors:yii\base\Component:private] => ) [_events:yii\base\Component:private] => Array ( ) [_behaviors:yii\base\Component:private] => Array ( ) ) [_headers:yii\httpclient\Message:private] => Array ( [0] => HTTP/1.1 400 Bad Request [1] => WWW-Authenticate: OAuth "Facebook Platform" "invalid_request" "Error validating client secret." [2] => Access-Control-Allow-Origin: * [3] => Pragma: no-cache [4] => Cache-Control: no-store [5] => facebook-api-version: v2.2 [6] => Expires: Sat, 01 Jan 2000 00:00:00 GMT [7] => Content-Type: text/javascript; charset=UTF-8 [8] => x-fb-trace-id: Ek0PFIJ3B3N [9] => x-fb-rev: 2718923 [10] => Vary: Accept-Encoding [11] => X-FB-Debug: yaiIHJkwC4T3UZKrzXOJGJ2DmCTaDr8nIRB3jQnNeEiknx0Ph7i2IR5XmAbxpjM7cBhSEy44AcrglCYEdZEmeg== [12] => Date: Sun, 04 Dec 2016 11:08:16 GMT [13] => Connection: close [14] => Content-Length: 115 ) [_cookies:yii\httpclient\Message:private] => [_content:yii\httpclient\Message:private] => > {"error":{"message":"Error validating client secret.","type":"OAuthException","code":1,"fbtrace_id":"Ek0PFIJ3B3N"}} [_data:yii\httpclient\Message:private] => [_format:yii\httpclient\Message:private] => [_events:yii\base\Component:private] => Array ( ) [_behaviors:yii\base\Component:private] => )
So any idea what's happening in there?
Note: I removed the http and https from the facebook links in the quotes because stackoverflow wouldn't let me post more than 2 links.