FacebookDesktop error code 2500 - An active access token must be used to query information about the current user.

[GoogleCodeExporter]

What steps will reproduce the problem?
1. When I initialize the application
         FacebookDesktop.init("XXXXXXX", callbackLogin);
         or execute the function FacebookDesktop.login(callbackLogin, permissions);
2. When the callback function is executed:
         callbackLogin(success:Object, fail:Object);

What is the expected output? What do you see instead?
I expected the result message (logged message), but intead receive a logged 
message, I received error code:
          2500 - An active access token must be used to query information about the current user.

What version of the product are you using? On what operating system?
GraphAPI_Desktop_1_8_1.swc
Adobe Flash Builder 4.7
Windows 7 64 bits

Please provide any additional information below.
...

Original issue reported on code.google.com by Celso.A...@gmail.com on 9 Apr 2013 at 2:27

[GoogleCodeExporter]

I think this is because Facebook just made some changes to their login process.

A few days ago, my air app was working with the FacebookDesktop. Today I opened 
the project, and noticed that the Facebook login screens are a little different 
than when I started building my app. After I type my userID and password in, I 
grant the app access to my public profile, friend list and photos. Then another 
screen comes up where I grant the app permission to post to my friends on my 
behalf.

Then the window closes, and I get OAuthException 2500 An active access token 
must be used to query information about the current user.

When I sign into Facebook through a browser, I see that my app shows up under 
"Your Apps" but I can't log in and do anything through my app. 

I'm using Adobe Flash with GraphAPI_Desktop_1_8_1.swc on OSX Lion. 

Here is my code:

public function MyApp(){
     FacebookDesktop.init(APP_ID, onInit);
}
protected function onInit(result:Object, fail:Object):void {
    if (result) {
        trace("onInit, Logged In\n");
    } else {
        trace("onInit, Not Logged In\n");
        var permissions:Array = ["publish_stream", "user_photos"];
        FacebookDesktop.login(onLogin, permissions);            
    }
}
protected function onLogin(result:Object, fail:Object):void {
    if (result) { 
        trace("Logged In as:");
        trace(FacebookDesktop.getSession().user.name);
    } else {        
        trace("Login Failed");  
        trace('code: '+fail.error.code); //code: 2500
        trace('message: '+fail.error.message); //message: An active access token must be used to query information about the current user.
        trace('type: '+fail.error.type); //type: OAuthException
    }
}

I get the same results when I use the FlashDesktopExample provided in the SDK 
(modified with my app ID of course).

Any help would be great! Thanks in advance!

Original comment by zaff...@gmail.com on 12 Apr 2013 at 4:03

[GoogleCodeExporter]

I have an app with exactly the same issue. I tried with Graph API Examples 
posted here and didn't work.

I tested them with different users and some of them could login without problem 
but most of them got the error. No clue what's going on.

Original comment by supergri...@gmail.com on 12 Apr 2013 at 5:15

[GoogleCodeExporter]

I have figured out the problem:
The LoginWindow class sets the token based on the uri. 

This worked fine until the LOGIN_SUCCESS_URL 
(http://www.facebook.com/connect/login_success.html) and the 
LOGIN_SUCCESS_SECUREURL (https://www.facebook.com/connect/login_success.html) 
pages stopped including the access token in the uri. 

Hence, the token is never set. Even though my app shows up under the 'Your 
Apps' section in Facebook after I login, my app still can't do anything without 
a token.

I have two solutions:

The easiest is to change the LOGIN_SUCCESS_URL and/or the 
LOGIN_SUCCESS_SECUREURL properties in 
com.facebook.graph.core.FacebookURLDefaults like the following.

beginning on line 82:
public static var LOGIN_SUCCESS_URL:String
      = 'http://www.facebook.com/connect/login_success.html';

    public static var LOGIN_SUCCESS_SECUREURL:String
      = 'https://www.facebook.com/connect/login_success.html';

Change to:
public static var LOGIN_SUCCESS_URL:String
      = 'http://www.yourwebsite.com/';

    public static var LOGIN_SUCCESS_SECUREURL:String
      = 'https://www.yoursecurewebsite.com/';

of course you would use your own website - not 'http://www.yourwebsite.com/'. I 
tried it using http://localhost/' and it worked great.

Another solution is:

Change com.facebook.graph.windows.LoginWindow with the following code. I have 
made some changes to my files, so please forgive me if the line numbers are 
different than what they are in a fresh copy of the SDK.

around line 143:
change:  vars.redirect_uri = FacebookURLDefaults.LOGIN_SUCCESS_URL;
to: vars.redirect_uri = 'http://localhost/';

In production code, you probably want to use your own website address instead 
of localhost, but I used localhost for testing purposes.

Then, in the handleLocationChange function (should be around line 168) add this 
to the else if statements:

}else if (html.location.indexOf ('http://localhost/') == 0) {               
                loginCallback(getURLVariables(), null);

                userClosedWindow = false;
                html.stage.nativeWindow.close();
                html.removeEventListener(Event.LOCATION_CHANGE, handleLocationChange);

            }

As I said before, change localhost to your website address.

I hope this helps!

Original comment by zaff...@gmail.com on 12 Apr 2013 at 6:39

[GoogleCodeExporter]

I have this same issue. The login/logout system was fully working 3 days ago 
and now is totally broken.

I have tried rewriting those two static vars (setting them to the same value of 
my "website with facebook login URL", which is http://localhost/) and it does 
not login. Doing so, the login window freezes for a while, then enables back 
the Login button and nothing happens. 

Could someone throw some light on this or help us to configure the Facebook app 
and AIR application to work just like it did some days ago?

Help will be much appreciated ;)

Original comment by Alberto....@gmail.com on 12 Apr 2013 at 7:39

[GoogleCodeExporter]

Now it's working just as usual! Somehow the tokens wasn't being populated or 
something like that, but your solution works great! Shall we expect some 
Facebook post about?

Original comment by supergri...@gmail.com on 12 Apr 2013 at 8:25

[GoogleCodeExporter]

Hi guys,

Should I set the "website with facebook login" property on my facebook app to 
"http://<something" and then  override thouse static vars to that 
"http://<something>" ? 

I've done that with no luck. Am I misunderstanding something?

Thanks in advance. 

Original comment by Alberto....@gmail.com on 13 Apr 2013 at 7:30

[GoogleCodeExporter]

Hi Alberto,
I'm sorry to hear you are having trouble. I may be wrong, but I don't think it 
has anything to do with the website associated with your Facebook app. 

I'm just curious, are you using GraphAPI_Desktop_1_8_1.swc, or are you 
integrating the source code into your project? I am using a combination of 
both. I put the FacebookDesktop.as, AbstractWindow.as, and LoginWindow.as files 
in my root directory. Then I had to change the import statements to reflect 
that. For example, in the FacebookDesktop.as file, I commented out import 
com.facebook.graph.windows.LoginWindow; on line 42. Now that the files are in 
the same directory, the import statement is no longer needed. 

Anyway, all that to say that maybe the changes you are making are not helping 
because your project is still importing the original classes from 
GraphAPI_Desktop_1_8_1.swc. 

Once you've checked that, if it's still not working, you could try observing 
the URL you get back to see if it contains a token. Here's how you can check 
that:

- In the LoginWindow.as file around line 169 you will see "override protected 
function handleLocationChange(event:Event):void {". 

paste "trace(html.location);" before the if statement.

In your output, the last URL you should see is something like:
//YourWebAddress/#access_token=SomeReallyLongStringOfNumbersAndLetters&expires_i
n=timeVar

If you get back https://www.facebook.com/connect/login_success.html as your 
last URL, that means you're still using the original classes from the SDK, and 
not your new modified versions. If you are getting back an access token in the 
URL, then let me know, and I'll see if there's something else going on with it.

Original comment by zaff...@gmail.com on 14 Apr 2013 at 8:46

[GoogleCodeExporter]

Thank for your help zaff, it Helps me a lot!
Now my application is working!

but there's another problem...When I logout the application and try to login 
again...
My app executes the login automaticaly, instead to show show the login window.
So, only one person can use the application hehe...!

Could you help us!?
I'll search for a solution too!
Thanks again!

Original comment by Celso.A...@gmail.com on 15 Apr 2013 at 3:35

[GoogleCodeExporter]

Hi Celso.A,
I was having that issue myself. Here's how to resolve it.

In FacebookDesktop.as around line 626, change

params.next = 
"http://static.ak.fbcdn.net/connect/xd_proxy.php#origin="+(appOrigin?appOrigin:"
");

to something like:

params.next = "http://localhost/";
- or -
params.next = "https://www.facebook.com";

Let me know if that works.

Original comment by zaff...@gmail.com on 15 Apr 2013 at 5:03

[GoogleCodeExporter]

Hi Zaff and thanks for your help.

I've set everything to "http://localhost/" (event the "website with facebook 
login" para at facebook apps) for testing purposes with no luck:

trace(html.location);
trace("LOGIN_SUCCESS_URL: " + FacebookURLDefaults.LOGIN_SUCCESS_URL);
trace("LOGIN_SUCCESS_SECUREURL: " + 
FacebookURLDefaults.LOGIN_SUCCESS_SECUREURL);

Here's the output at handle locationChange just after calling the login method:

https://graph.facebook.com/oauth/authorize?client%5Fid=509327825769802&display=p
opup&type=user%5Fagent&scope=publish%5Fstream%2Cemail&redirect%5Furi=http%3A%2F%
2Flocalhost%2F

LOGIN_SUCCESS_URL: http://localhost/
LOGIN_SUCCESS_SECUREURL: https://localhost/

https://www.facebook.com/login.php?api_key=509327825769802&skip_api_login=1&disp
lay=popup&cancel_url=http%3A%2F%2Flocalhost%2F%3Ferror_reason%3Duser_denied%26er
ror%3Daccess_denied%26error_description%3DThe%2Buser%2Bdenied%2Byour%2Brequest.&
fbconnect=1&next=https%3A%2F%2Fwww.facebook.com%2Fdialog%2Fpermissions.request%3
F_path%3Dpermissions.request%26app_id%3D509327825769802%26client_id%3D5093278257
69802%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%252F%26display%3Dpopup%26typ
e%3Duser_agent%26perms%3Dpublish_stream%252Cemail%26fbconnect%3D1%26from_login%3
D1&rcount=1

LOGIN_SUCCESS_URL: http://localhost/
LOGIN_SUCCESS_SECUREURL: https://localhost/

(Pressing the connect button just after entering my facebook user credentials)

https://www.facebook.com/login.php?login_attempt=1&next=https%3A%2F%2Fwww.facebo
ok.com%2Fdialog%2Fpermissions.request%3F_path%3Dpermissions.request%26app_id%3D5
09327825769802%26client_id%3D509327825769802%26redirect_uri%3Dhttp%253A%252F%252
Flocalhost%252F%26display%3Dpopup%26type%3Duser_agent%26perms%3Dpublish_stream%2
52Cemail%26fbconnect%3D1%26from_login%3D1&popup=1&fbconnect=1&add_to_profile=0&d
isplay=popup&enable_profile_selector=0&profile_selector_ids&legacy_return=1

LOGIN_SUCCESS_URL: http://localhost/
LOGIN_SUCCESS_SECUREURL: https://localhost/

Warning: HTTP send request error, 12029: /

As you can see, my LoginWindow is using the new URL properties.

If I set everything to "http://www.facebook.com/", just for testing, it does 
not pop that "send request error" but instead it's returning the same 2500 : An 
active access token must be used to query ...

Btw, Im using the SWC but custom FacebookDesktop.as and LoginWindow. Havent 
touched anything related to login_/logout.

What do you think?

Thanks in advance.

Alberto

Original comment by Alberto....@gmail.com on 15 Apr 2013 at 7:36

[GoogleCodeExporter]

Hi Zaff and thanks for your help.

I've set everything to "http://localhost/". When I say everything I mean: all 
static properties you mentioned on previous posts, the "website with facebook 
login" param at My app configuration, params.next, etc

I've set some traces at handleLocationChange:

trace(html.location);
trace("LOGIN_SUCCESS_URL: " + FacebookURLDefaults.LOGIN_SUCCESS_URL);
trace("LOGIN_SUCCESS_SECUREURL: " + 
FacebookURLDefaults.LOGIN_SUCCESS_SECUREURL);

Here's the output when I launch the login:

https://graph.facebook.com/oauth/authorize?client%5Fid=509327825769802&display=p
opup&type=user%5Fagent&scope=publish%5Fstream%2Cemail&redirect%5Furi=http%3A%2F%
2Flocalhost%2F

LOGIN_SUCCESS_URL: http://localhost/
LOGIN_SUCCESS_SECUREURL: https://localhost/

https://www.facebook.com/login.php?api_key=509327825769802&skip_api_login=1&disp
lay=popup&cancel_url=http%3A%2F%2Flocalhost%2F%3Ferror_reason%3Duser_denied%26er
ror%3Daccess_denied%26error_description%3DThe%2Buser%2Bdenied%2Byour%2Brequest.&
fbconnect=1&next=https%3A%2F%2Fwww.facebook.com%2Fdialog%2Fpermissions.request%3
F_path%3Dpermissions.request%26app_id%3D509327825769802%26client_id%3D5093278257
69802%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%252F%26display%3Dpopup%26typ
e%3Duser_agent%26perms%3Dpublish_stream%252Cemail%26fbconnect%3D1%26from_login%3
D1&rcount=1

LOGIN_SUCCESS_URL: http://localhost/
LOGIN_SUCCESS_SECUREURL: https://localhost/

And this is the output when I submit my credentials to facebook:

https://www.facebook.com/login.php?login_attempt=1&next=https%3A%2F%2Fwww.facebo
ok.com%2Fdialog%2Fpermissions.request%3F_path%3Dpermissions.request%26app_id%3D5
09327825769802%26client_id%3D509327825769802%26redirect_uri%3Dhttp%253A%252F%252
Flocalhost%252F%26display%3Dpopup%26type%3Duser_agent%26perms%3Dpublish_stream%2
52Cemail%26fbconnect%3D1%26from_login%3D1&popup=1&fbconnect=1&add_to_profile=0&d
isplay=popup&enable_profile_selector=0&profile_selector_ids&legacy_return=1

LOGIN_SUCCESS_URL: http://localhost/
LOGIN_SUCCESS_SECUREURL: https://localhost/

Warning: HTTP send request error, 12029: /

It cant connect to localhost or something. If I set everything to, let's say, 
"http://www.facebook.com/", I dont get that error but the original one: 2500: 
An active token must be used to ...

I'm really really lost and any help would be much appreciated.

Thanks.

Alberto

Original comment by Alberto....@gmail.com on 15 Apr 2013 at 8:06

[GoogleCodeExporter]

Hi Zaff and thanks for your help. 

I'm trying to post some output but the blog system is automatically deleting my 
posts. 

On this comment, I will not paste any long URL but instead I'm attaching a file 
so you can see what I'm doing.

Any help will be much appreciated.

Thanks.

Alberto

Original comment by Alberto....@gmail.com on 15 Apr 2013 at 8:12

Attachments:

• facebookApi.log

[GoogleCodeExporter]

Hi Zaff,
It's me again!
Dude, you're genius! Now it's working, and my application is ok!
Thanks a lot!

Alberto, do you have any server running on your pc? maybe it might be the 
problem. You need a server running on localhost!

Original comment by Celso.A...@gmail.com on 15 Apr 2013 at 11:26

[GoogleCodeExporter]

Hi Celso (and all),

I don't have any server running on my localhost, of course. Do I need a local 
server to log in Facebook? That would be very surprising ...

Anyway, if I set everything to "http://www.facebook.com/" and 
"https://www.facebook.com/" (and they do have a server running :) ) the error I 
get is the old "2500 : An active.." and we're back at the beginning.

Could some share/post a zipped AIR project ready-to-run? That would be a very 
helpful resource for me cause I get the feeling there's a just a small piece 
missing and the rest is ok.

Thank you.

Original comment by alberto....@codeoscopic.com on 16 Apr 2013 at 7:51

[GoogleCodeExporter]

Alberto, 
A local server is not necessary, but I believe you need any url to return. 
Maybe the facebook validates that url, so you need your own url.

Original comment by Celso.A...@gmail.com on 16 Apr 2013 at 10:32

[GoogleCodeExporter]

Hi Celso,

I've tried with my own URL and same result: 2500 error :(

If it doesnt take too much of your time, may I ask you to zip a running basic 
air project sample so I can detect what I'm doing wrong? Just throw a login 
button and not much more.

Thanks in advance.

Original comment by alberto....@codeoscopic.com on 16 Apr 2013 at 10:57

[GoogleCodeExporter]

Alberto,

I put comments in some files, I hope this help!

Original comment by Celso.A...@gmail.com on 20 Apr 2013 at 2:53

Attachments:

• FacebookDesktop.as
• File.mxml
• LoginWindow.as

[GoogleCodeExporter]

You'll need create another condition in handleLocationChange function, in 
LoginWindow.as:

"} else if (html.location.indexOf ('<put your url here!!>') == 0) {....}"

Original comment by Celso.A...@gmail.com on 20 Apr 2013 at 2:56

[GoogleCodeExporter]

Hi Celso,

I get a strange behaviour now. I havent managed to login but the scenario is a 
bit different: 

When I submit my facebook credentials on the login window, I get redirected (on 
that same popup window) to whatever URL I set at vars.redirect_uri

Before the "crash", if those credentials were accepted, I got my login window 
closed an then my loginCallback called with a FacebookSession. 

What can I do to git rid of that redirection and simply make the login process 
work as before?  (login window closes and loginCallback is called) ? 

As you can see, I can't login yet :(

Obs: If I manually close the popup, a user-cancelled login is passed.

Thanks!

Original comment by alberto....@codeoscopic.com on 22 Apr 2013 at 9:46

[GoogleCodeExporter]

Hi Celso
Thanks a lot, your code works.
Ray

Original comment by r.l.s...@gmail.com on 23 Apr 2013 at 1:48

[GoogleCodeExporter]

Solved!

I had a strange redirection to https on my URL that was bypassing the close() 
code and jumping to the redirect code. It should work just as Celso has pointed 
out.

Thanks.

Original comment by alberto....@codeoscopic.com on 23 Apr 2013 at 7:38

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

To really solve problem, do it:

if (html.location.indexOf('?#') != -1) {
    params = html.location.slice(html.location.indexOf('?#')+2);
    ...

see git diff...

src/com/facebook/graph/windows/AbstractWindow.as
...

@@ -280,8 +280,9 @@ package com.facebook.graph.windows {
      */
     protected function getURLVariables():URLVariables {
       var params:String;
-
-      if (html.location.indexOf('?') != -1) {
+      if (html.location.indexOf('?#') != -1) {
+          params = html.location.slice(html.location.indexOf('?#')+2);
+      } else if (html.location.indexOf('?') != -1) {
         params = html.location.slice(html.location.indexOf('?')+1);
       } else if (html.location.indexOf('#') != -1) {
         params = html.location.slice(html.location.indexOf('#')+1);

Original comment by lag...@gmail.com on 16 Oct 2013 at 11:34

[GoogleCodeExporter]

@lag Thanks! this works! 

Original comment by vcastelo...@gmail.com on 18 Oct 2013 at 9:46

[GoogleCodeExporter]

same problem here...

i tried all these hotfixes. nothing worked.

After sending username/password i get this error ....

code: 2500
message: An active access token must be used to query information about the 
current user.
type: OAuthException

Original comment by houseinv...@googlemail.com on 5 Feb 2015 at 4:25