facebookfacebook-graph-apimeteoroauth

Facebook login message: "URL Blocked: This redirect failed because the redirect URI is not whitelisted in the app’s Client OAuth Settings."


Important notice:

If you register for testing, go to your profile settings and to your interests add delete profile.

Trying to login with Facebook to my website:

I get the following error:

URL Blocked: This redirect failed because the redirect URI is not whitelisted in the app’s Client OAuth Settings. Make sure Client and Web OAuth Login are on and add all your app domains as Valid OAuth Redirect URIs.

My settings (Basics) in Facebook are:

In the advanced tab, Valid OAuth redirect URIs is set to:

http://openstrategynetwork.com/_oauth/facebook?close

App is public.

More settings (Advanced) here: enter image description here

App key and secret are correct. I'm using Meteor and its accounts packages.


Solution

  • The login with Facebook button on your site is linking to:

    https://www.facebook.com/v2.2/dialog/oauth?client_id=1500708243571026&redirect_uri=http://openstrategynetwork.com/_oauth/facebook&display=popup&scope=email&state=eyJsb2dpblN0eWxlIjoicG9wdXAiLCJjcmVkZW50aWFsVG9rZW4iOiIwSXhEU05XamJjU0VaQWdqcmF6SXdOUWRuRFozXzc0X19lbVhGWUJTZGNYIiwiaXNDb3Jkb3ZhIjpmYWxzZX0=

    Notice: redirect_uri=http://openstrategynetwork.com/_oauth/facebook

    If you instead change the link to:

    redirect_uri=http://openstrategynetwork.com/_oauth/facebook?close

    It should work. Or, you can change the Facebook link to http://openstrategynetwork.com/_oauth/facebook

    You can also add http://localhost/_oauth/facebook to the valid redirect URIs.

    Facebook requires that you whitelist redirect URIs, since otherwise people could login with Facebook for your service, and then send their access token to an attacker's server! And you don't want that to happen ;]