search

facebookarchive / php-graph-sdk

The Facebook SDK for PHP provides a native interface to the Graph API and Facebook Login. https://developers.facebook.com/docs/php
Other
3.17k stars 1.96k forks source link

Cross-site request forgery validation failed. Required param "state" missing from persistent data #1123

Open corvus87 opened 5 years ago

corvus87 commented 5 years ago

When trying to execute - $helper->getAccessToken() - gives an error - 'Cross-site request forgery validation failed. Required param "state" missing from persistent data'

Used symfony 3.3 and facebook/graph-sdk 5.4

All domains added 'FBRLH_state' exists Session started

// Create url

$facebookCallbackUrl = 'https://' . $base . '/' . $_locale . '/fb-callback';
$loginfb = $this->get('app.lmfacebook')->getSigninURL($this->getParameter('fbappid'), $this->getParameter('fbsecretkey'), $facebookCallbackUrl);
<?php

namespace AppBundle\Services\Ukraine;

use Facebook\Facebook;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;

class LMFacebook extends Controller
{
    public static function getSigninURL($fbId, $fbSecret, $callback)
    {
        $fb = new Facebook([
            'app_id' => $fbId,
            'app_secret' => $fbSecret,
            'default_graph_version' => 'v2.9',
            'persistent_data_handler' => 'session'
        ]);

        $permissions = ['email'];

        return $fb->getRedirectLoginHelper()->getLoginUrl($callback, $permissions);
    }
}
$facebookCallbackUrl = 'https://' . $base . '/' . $_locale . '/fb-callback';
$loginfb = $this->get('app.lmfacebook')->getSigninURL($this->getParameter('fbappid'), $this->getParameter('fbsecretkey'), $facebookCallbackUrl);
)

// Facebook callback

   /**
    * @Route("/{_locale}/fb-callback", name="fb-callback", defaults={"_locale": "ua"}, requirements={"_locale" : "ua|en|ru"})
    * @param Request $request
    * @param $_locale
    * @return mixed
    */
        public function fbCallbackAction(Request $request, $_locale)
        {
        $session = $request->getSession();
        $fb = new Facebook([
            'app_id' => ********,
            'app_secret' => *******,
            'default_graph_version' => 'v2.9',
            'persistent_data_handler' => 'session'
        ]);

        $helper = $fb->getRedirectLoginHelper();

        try {
            $accessToken = $helper->getAccessToken(); // Error
        } catch (\Exception $exception) {
            $this->logToFile('Facebook returned an error: ' . $exception->getMessage());
            exit;
        }
abhij89 commented 5 years ago

Please make sure the state param value in login link is refreshing each time you're re-attempting to login.

mcanepa commented 4 years ago

same problem here

@abhij89 state value is in fact changing each time

azarual commented 4 years ago

Hello there i have the same problem did anyone got a solution please

arturosinski commented 4 years ago

What Helps me, was add session_start(); at the begining of file. I have it in login.php but i dont have it in my callback.php file. When i add it, the problem was solved. I hope that can help YoU.

tiramdasg commented 4 years ago

still didn't work

GALUSARO91 commented 4 years ago

same problem here

@abhij89 state value is in fact changing each time

Interesting, 'cause I have the same trouble, but for me it only works once and then throws the error message, so I'll try and let you know the outcome.

humfer8 commented 3 years ago

hi, could anyone solve this problem? I do not know what to do

AmityTek commented 3 years ago

Got the same problem with laravel, very strange