I'm using API Facebook to login on my website but.. login from desktop browser works fine, login from mobile browser return an error.
The error message from mobile browser is:
Facebook SDK returned an error: Cross-site request forgery validation failed. Required param "state" missing from persistent data.
In login page I used this code to generate the link to facebook (I'm using the Facebook PHP SDK)
login
if(!session_id()) {
session_start();
}
$fb = new Facebook\Facebook([
'app_id' => APP_ID,
'app_secret' => APP_SECRET,
'default_graph_version' => 'v2.2'
]);
$helper = $fb->getRedirectLoginHelper();
$permissions = ['email']; // Optional permissions
$loginUrl = $helper->getLoginUrl(SERVER_CALLBACK, $permissions);
$facebook = htmlspecialchars($loginUrl);
This is the callback
callback
if(!session_id()) {
session_start();
}
$fb = new Facebook\Facebook([
'app_id' => APP_ID,
'app_secret' => APP_SECRET,
'default_graph_version' => 'v2.2',
'persistent_data_handler'=>'session'
]);
$helper = $fb->getRedirectLoginHelper();
try {
$accessToken = $helper->getAccessToken();
} catch(Facebook\Exceptions\FacebookResponseException $e) {
// When Graph returns an error
echo 'Graph returned an error: ' . $e->getMessage();
exit;
} catch(Facebook\Exceptions\FacebookSDKException $e) {
// When validation fails or other local issues
echo 'Facebook SDK returned an error: ' . $e->getMessage();
exit;
}
if (! isset($accessToken)) {
if ($helper->getError()) {
header('HTTP/1.0 401 Unauthorized');
echo "Error: " . $helper->getError() . "
";
echo "Error Code: " . $helper->getErrorCode() . "
";
echo "Error Reason: " . $helper->getErrorReason() . "
";
echo "Error Description: " . $helper->getErrorDescription() . "
";
} else {
header('HTTP/1.0 400 Bad Request');
echo 'Bad request';
}
exit;
}
// Logged in
// The OAuth 2.0 client handler helps us manage access tokens
$oAuth2Client = $fb->getOAuth2Client();
// Get the access token metadata from /debug_token
$tokenMetadata = $oAuth2Client->debugToken($accessToken);
// Validation (these will throw FacebookSDKException's when they fail)
$tokenMetadata->validateAppId(APP_ID);
// If you know the user ID this access token belongs to, you can validate it here
$tokenMetadata->validateExpiration();
if (! $accessToken->isLongLived()) {
// Exchanges a short-lived access token for a long-lived one
try {
$accessToken = $oAuth2Client->getLongLivedAccessToken($accessToken);
} catch (Facebook\Exceptions\FacebookSDKException $e) {
echo "<p>Error getting long-lived access token: " . $helper->getMessage() . "</p>
";
exit;
}
}
I'm wonder because everything is working in desktop navigation, but using a mobile browser something is going wrong.