yii2-authclient - Facebook authclient does not work with enablePrettyUrl = false

[amnah]

It gives this error:

Request failed with code: 400, message: {"error":{"message":"Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request","type":"OAuthException","code":100}}

Steps:

1. Install yii2-basic-app from scratch, adding yii2-authclient into composer.json
2. Set up component->authClientCollection with facebook credentials
3. Add AuthChoice widget to view
4. Add auth action to SiteController::actions()

(So 2-4 are the exact steps listed in https://github.com/yiisoft/yii2-authclient#quick-start)

If I add a .htaccess file, enable pretty url, and set showScriptName = false, then it works properly.

[klimov-paul]

It seems this problem is Facebook specific. Other OAuth2 clients, for examaple GoogleOAuth, work just fine without pretty URLs.

Although I admit this problem exists, I am unsure what is causing it or how it should be solved.

[klimov-paul]

I suppose the issue may be related to the fact without pretty URL Yii generates parameter

r=site/auth

Its value contains '/' symbol. Perhaps this is the reason Facebook denies it.

[klimov-paul]

Yes, that is it: slash in route parameter is not encoded - it is the source of the problem.

[realtebo]

I'm author of #5834. It was closed immediately, pointing me to this issue.

But... what's the solution to the problem?

[nsanden]

@realtebo it seems the solution to this ticket was to encode the / which seems to be exactly what you DON'T want. I think you were pointed here to show why Yii2 encodes the /

Do as cebe suggests here if you don't want the ugly encoded slash in the URL https://github.com/yiisoft/yii2/issues/5834#issuecomment-61280955

[realtebo]

So from now on, pretty url are mandatory...

[klimov-paul]

Pretty URL are not mandatory. As far as I undersatnd you are complaining on the slash encoding of the route var in 'get' parameter string. This encoding is dictated by RFC URL encoding standard. Try to run:

var_dump(urlencode('site/login'));

to see it in action.

[osCMattiFinn]

The problem with this is that Yii gives a 404 error on the following URL:

http://backend.aceepo.com/index.php?r=module%26set%3Dpayment%26module%3DAuthorizenet%26action%3Dedit

If I switch it to the following, it resolves just fine:

http://backend.aceepo.com/index.php?r=module&set=payment&module=Authorizenet&action=edit

Nobody else on the web encodes URLs...... it's ridiculous!

[omzy]

See https://github.com/yiisoft/yii2/issues/3656#issuecomment-341172034