[SOLVED] Incorrect URL without an access token for facebook login using rauth

Incorrect URL without an access token for facebook login using rauth

I have the code from rauth site:

https://github.com/litl/rauth/blob/master/examples/facebook-cli.py

(The code can be found at the end of this post for reference)

running the program in the command line will open a firefox window and the following message is shown from facebook site:

Success
SECURITY WARNING: Please treat the URL above as you would your password and do not     share it with anyone.

when the facebook is logged in beforehand. Even if not logged in, the facebook login window opens up and after logging in using username/password the above message is shown in firefox window.

Now the URL generated in the address bar:

https://www.facebook.com/connect/blank.html#_=_

Which is obviously an incorrect one and it gives exception from the subsequent python code.

Now how can I debug what the problem is?

Thanks

PS:

from rauth.service import OAuth2Service

import re
import webbrowser

# Get a real consumer key & secret from:
# https://developers.facebook.com/apps

facebook = OAuth2Service(
    client_id='xxxxxxx',
    client_secret='yyyyyyy',
    name='facebook',
    authorize_url='https://graph.facebook.com/oauth/authorize',
    access_token_url='https://graph.facebook.com/oauth/access_token',
    base_url='https://graph.facebook.com/')

redirect_uri = 'https://www.facebook.com/connect/login_success.html'

params = {'scope': 'read_stream',
      'response_type': 'token',
      'redirect_uri': redirect_uri}

authorize_url = facebook.get_authorize_url(**params)

print 'Visit this URL in your browser: ' + authorize_url
webbrowser.open(authorize_url);

url_with_code = raw_input('Copy URL from your browser\'s address bar: ')
access_token = re.search('\#access_token=([^&]*)', url_with_code).group(1)
session = facebook.get_session(access_token)

user = session.get('me').json()

print 'currently logged in as: ' + user['link']

Solution

This is happening due to a change on Facebook's end that strips the URL of the access_token programmatically. It happens on a timer, before a human could conceivably copy it out of the URL bar. The example is broken but I don't have an immediate fix for you so I might suggest you take a look at the Flask application instead, which is a more practical demonstration of rauth anyway.

The relevant bit of JS you're fighting:

setTimeout(function() {window.history.replaceState && window.history.replaceState({}, "", "blank.html#_=_");},500);