Support » Plugin: Facebook Connect » [Plugin: Facebook Connect] Plugin does not work any more after OAuth 2.0 and HTTPS Migration

  • I was using Facebook connect plugin by Valentinas and everything went fine.
    http://wordpress.org/extend/plugins/wp-facebook-connect/

    As from yesterday, it stopped functioning. No action appears when clicked on fb login button. Just this javascript error appears:

    OAuth2 specification states that ‘perms’ should now be called ‘scope’. Please update.
    [Break On This Error] FB.provide(”,{getLoginStatus:function…signed_request,code’});return a;}}});

    After some googling I discovered that some changes are needed to support Oauth 2. It’s been mandatory since Oct 1st but the SDKs were only forced onto Oauth 2 yesterday.

    See this thread here:
    http://facebook.stackoverflow.com/questions/8505601/new-facebook-api-issue

    So does anybody faced the same problem and maybe know what cahnges could be made in order to make him work again?

    Thanks a lot.

Viewing 15 replies - 1 through 15 (of 25 total)
  • Lev

    (@levsorokagmailcom)

    I am having the same issue,

    Same error. I followed this article and tried fixing the issue by replacing the code with new variables. After I fixed the code in the functions.php inside plugin, the error went away however after login in nothing happened it seemed that it connected to facebook but nothing happened on wordpress (users do no get loged in to my site)

    http://blog.logiclabz.com/javascript/facebook-login-error-oauth2-specification-states-that-perms-should-now-be-called-scope.aspx

    I am clueless.

    Could you specify which code lines of plugin you modified? I also would like to test that but don’t find similar lines as in your link. Thanks.

    Lev

    (@levsorokagmailcom)

    I followed instructions form the blog and facebook http://blog.logiclabz.com/javascript/facebook-login-error-oauth2-specification-states-that-perms-should-now-be-called-scope.aspx

    The specific files where code is are

    -function.php
    -shortcode.php
    inside of the plugin folder.

    Lev

    (@levsorokagmailcom)

    I have spent couple of days looking into this problem. The only answer I come up with is the the encryption. Plugin uses facebook cookie to log user in. Since the migration to https these cookies are now encrypted. And the plugin is not design to decrypt the cookie so it doesn’t return anything for wordpress.

    If you take a look at this plugin it uses functions that decrypt facebook cookies.
    http://wordpress.org/extend/plugins/simple-facebook-connect/

    Anyone knows any workaround for this? I tried to use other plugin as a replacement, but it doesn’t work with existing users that was register with this plugin before.

    Lev

    (@levsorokagmailcom)

    hey, I was able to get mine to work.

    I have combined the code from simple facebook connect http://wordpress.org/extend/plugins/simple-facebook-connect/ with valentinas plugin to get the right info from the cookie

    some of the changes that I mind are

    function fb_footer(){
    ?>
    <script type="text/javascript">
    jQuery(document).ready(function(){
    	  FB.init({appId: '<?php echo FACEBOOK_APP_ID; ?>', status: true, cookie: true, xfbml: true, oauth: true });
    
    //I have taken out the facebook event listener that was here waiting for session change and instead i am just using code to reload the page on facebook login button onlogin reload the page
    
    	// Load the SDK Asynchronously
    	  (function(d){
    		 var js, id = 'facebook-jssdk'; if (d.getElementById(id)) {return;}
    		 js = d.createElement('script'); js.id = id; js.async = true;
    		 js.src = "//connect.facebook.net/en_US/all.js";
    		 d.getElementsByTagName('head')[0].appendChild(js);
    	   }(document));
    
    });
    </script>
    <div id="fb-root"></div>
    <?php
    }

    the new code to get the proper information from the cookie looks like this

    function get_facebook_cookie($app_id, $application_secret) {
    
    	$args = array();
    
    	if (!empty($_COOKIE['fbsr_'. $app_id])) {
    		if (list($encoded_sig, $payload) = explode('.', $_COOKIE['fbsr_'. $app_id], 2) ) {
    			$sig = base64_url_decode($encoded_sig);
    			if (hash_hmac('sha256', $payload, $application_secret, true) == $sig) {
    				$args = json_decode(base64_url_decode($payload), true);
    			}
    		}
    	}
    
    	return $args;
    }
    
    function base64_url_decode($input) {
        return base64_decode(strtr($input, '-_', '+/'));
    }
    
    //this function gets access token
    function get_atoken_remote($app_id, $application_secret, $code) {
    
    	//get access token from fb
    	$resp = wp_remote_get("https://graph.facebook.com/oauth/access_token?client_id={$app_id}&redirect_uri=&client_secret={$application_secret}&code={$code}");
    	if (!is_wp_error($resp) && 200 == wp_remote_retrieve_response_code( $resp )) {
    		$args = str_replace('access_token=','',$resp['body']);
    
    	} else {
    		return false;
    	}
    
    	return $args;
    }

    and inside of the main function i get the cookie, and access token from the cookie and with that access token the open graph info about the user

    function fb_login_user(){
    	global $wpdb;
    	//@todo: investigate: does this gets included doing regular request?
    	require_once( ABSPATH . 'wp-includes/registration.php' );
    	//mmmm, cookie
    	$cookie = get_facebook_cookie(FACEBOOK_APP_ID, FACEBOOK_SECRET);
    
    	//get atoken from cookie
    	$atoken = get_atoken_remote(FACEBOOK_APP_ID, FACEBOOK_SECRET, $cookie['code']);
    
    	if ($cookie && $atoken) {
    		//store user info into user array
    		$fbuser = json_decode(@file_get_contents('https://graph.facebook.com/me?access_token='. $atoken));
    	    //if user data is empty, then nothing will happen
    	    if( !empty($fbuser) ){
    	    	//this should never happen, since email address is required to register in FB
    	    	//I put it here just in case of API changes or some other disaster, like wrong API key or secret
    		    if( !isset($fbuser->email) || empty($fbuser->email) ){
    		    	do_action('fb_connect_get_email_error');
    		    }
    
    	    	//if user is logged in, then we just need to associate FB account with WordPress account
    	    	if( is_user_logged_in() ){
        			/*global $current_user;
    				get_currentuserinfo();
    				$fb_uid = get_user_meta($current_user->ID, 'fb_uid', true);
    
    				if($fb_uid == $fbuser->id)*/
    					return true;
    // here goes the rest of the functions file from valentinas

    also i have commented out everything that is happening when user is logged in this is for security reasons that everybody is talking about this pluggin. it associates wrong users together and mostly it associates admin with the fb user who is loggin in making them admin, but if you just exit out if user is logged in already with worpress you wont have problems.

    Lev

    (@levsorokagmailcom)

    please look at facebook developers documentation for decryptying and so on
    https://developers.facebook.com/docs/plugins/registration/

    also code for the login button

    <fb:login-button scope="email" size="<?php echo $size; ?>" onlogin="setTimeout(function() {jQuery('body').html('');
    	    window.location.href=window.location.href;}, 1000);"  >

    I have used timeout function because it takes a bit to get all the info from facebook

    Thank you so much Lev! Your tutorial seems to work!

    I haven’t registered here on the forums for years, thinking that I won’t even participate in any discussions. But you made me do it…just to thank you and let you have my gratitude! I have an important website in which I run together with Facebook Connect, and I’m glad that you make it easier for me to make it work again. Thank you so much!

    Here is the website I’m talking:

    Free Zynga Game Cards

    Here I am again, having troubles. I implemented the tutorial that Lev posted. Yes it worked, but all of the facebook accounts that are logged in, were all the same – which is the account of the administrator. do you have a fix for this? Thanks a lot

    Apparently i have the same issue. It log everyone else into the same account. In my case, wasn’t admin, but is just don’t log user in to their respective account.

    Any help here?

    Lev

    (@levsorokagmailcom)

    I am sorry guys I should have mentioned before but the rest of the functions.php file that i didnt not post should be edited accordingly.The problem might come from having the database associate with the right user-email if you dont pull the right useremail or if its blank, i think mysql just returns first email in database alphabeticlly sorted it could be admin if he is first in order or other user.

    here is the code for the function.

    Also in sql query there are backticks so where you see <code></code> should be a backtick

    function fb_login_user(){
    	global $wpdb;
    	//@todo: investigate: does this gets included doing regular request?
    	require_once( ABSPATH . 'wp-includes/registration.php' );
    	//mmmm, cookie
    	$cookie = get_facebook_cookie(FACEBOOK_APP_ID, FACEBOOK_SECRET);
    
    	//get atoken from cookie
    	$atoken = get_atoken_remote(FACEBOOK_APP_ID, FACEBOOK_SECRET, $cookie['code']);
    
    	if ($cookie && $atoken) {
    		//store user info into user array
    		$fbuser = json_decode(@file_get_contents('https://graph.facebook.com/me?access_token='. $atoken));
    	    //if user data is empty, then nothing will happen
    	    if( !empty($fbuser) ){
    	    	//this should never happen, since email address is required to register in FB
    	    	//I put it here just in case of API changes or some other disaster, like wrong API key or secret
    		    if( !isset($fbuser->email) || empty($fbuser->email) ){
    		    	do_action('fb_connect_get_email_error');
    		    }
    
    	    	//if user is logged in, then we just need to associate FB account with WordPress account
    	    	if( is_user_logged_in() ){
        			/*global $current_user;
    				get_currentuserinfo();
    				$fb_uid = get_user_meta($current_user->ID, 'fb_uid', true);
    
    				if($fb_uid == $fbuser->id)*/
    					return true;
    
    				if( $fbuser->email == $current_user->user_email ) {
    					//if FB email is the same as WP email we don't need to do anything.
    					/*do_action('fb_connect_wp_fb_same_email');
    					$fb_uid = get_user_meta($current_user->ID, 'fb_uid', true);
    
    					if($fb_uid == $fbuser->id )
    						update_user_meta( $current_user->ID, 'fb_uid', $fbuser->id );*/
    					return true;
    
    				} else {
    					//else we need to set fb_uid in user meta, this will be used to identify this user
    					/*do_action('fb_connect_wp_fb_different_email');
    					$fb_uid = get_user_meta($current_user->ID, 'fb_uid', true);
    					if( !$fb_uid )
    						update_user_meta( $current_user->ID, 'fb_uid', $user->id );
    					$fb_email = get_user_meta($current_user->ID, 'fb_email', true);
    					if( !$fb_uid )
    						update_user_meta( $current_user->ID, 'fb_email', $user->email );*/
    					//that's it, we don't need to do anything else, because the user is already logged in.
    					return true;
    				}
    	    	}else{
    			    //check if user has account in the website. get id
    			    $existing_user = $wpdb->get_var( 'SELECT DISTINCT <code>u</code>.<code>ID</code> FROM <code>' . $wpdb->users . '</code> <code>u</code> JOIN <code>' . $wpdb->usermeta . '</code> <code>m</code> ON <code>u</code>.<code>ID</code> = <code>m</code>.<code>user_id</code>  WHERE (<code>m</code>.<code>meta_key</code> = "fb_uid" AND <code>m</code>.<code>meta_value</code> = "' . $fbuser->id . '" ) OR user_email = "' . $fbuser->email . '" OR (<code>m</code>.<code>meta_key</code> = "fb_email" AND <code>m</code>.<code>meta_value</code> = "' . $fbuser->email . '" )  LIMIT 1 ' );
    			    //if the user exists - set cookie, do wp_login, redirect and exit
    			    if( $existing_user > 0 ){
    			    	$fb_uid = get_user_meta($existing_user, 'fb_uid', true);
    			    	if( !$fb_uid )
    			    		update_user_meta( $new_user, 'fb_uid', $fbuser->id );
    			    	$user_info = get_userdata($existing_user);
    			    	do_action('fb_connect_fb_same_email');
    			    	wp_set_auth_cookie($existing_user, true, false);
    			    	do_action('wp_login', $user_info->user_login);
    			    			    if (wp_get_referer()) {
    	wp_redirect($url.'/my-profile');
    } else {
    	wp_redirect( $url.'/my-profile' );
    }
    			    	exit();
    			    //if user don't exist - create one and do all the same stuff: cookie, wp_login, redirect, exit
    				} else {
    					do_action('fb_connect_fb_new_email');
    					//sanitize username
    					$username = sanitize_user($fbuser->email, true);
    					$user_nicename = sanitize_title($fbuser->name);
    
    					//put everything in nice array
    					$userdata = array(
    						'user_pass'		=>	wp_generate_password(),
    						'user_login'	=>	$username,
    						'user_nicename'	=>	$user_nicename,
    						'user_email'	=>	$fbuser->email,
    						'display_name'	=>	$fbuser->name,
    						'nickname'		=>	$username,
    						'first_name'	=>	$fbuser->first_name,
    						'last_name'		=>	$fbuser->last_name,
    						'role'			=>	'subscriber'
    					);
    					//$userdata = apply_filters('fb_connect_new_userdata', $userdata, $fbuser);
    					//create new user
    					$new_user = wp_insert_user($userdata);
    					do_action('fb_connect_new_user', $new_user);
    					//if user created succesfully - log in and reload
    					if( $new_user > 0 ){
    
    						update_user_meta($new_user, 'fb_uid', $fbuser->id );
    						update_user_meta($new_user, 'rich_editing', 'true');
    						update_user_meta($new_user, 'comment_shortcuts', 'false');
    						update_user_meta($new_user, 'admin_color', 'fresh' );
    						update_user_meta($new_user, 'use_ssl', 0 );
    						update_user_meta($new_user, 'show_admin_bar_front', 'false');
    						update_user_meta($new_user, 'show_admin_bar_admin', 'false');
    
    						$user_info = get_userdata($new_user);
    						wp_set_auth_cookie($new_user, true, false);
    						do_action('wp_login', $user_info->user_login);
    
    						wp_redirect($url.'/edit-profile');
    				    	exit();
    					} else {
    						echo('Facebook Connect: Error creating new user!');
    					}
    				}
    	    	}
    		}
        }
    
    }

    Still something is not right. Keeps redirect to $url.’/edit-profile’

    Lev, are you on gTalk?

    Lev

    (@levsorokagmailcom)

    that redirect is for my site, i have a page where users go after they are sucesfully logged in which is edit profile. you need to change that to to the url that you want the users to go to after they are logged in.
    or have the same url of the same page that way it will refresh the page.
    same goes here if user is already registered and wants to log in
    wp_redirect($url.'/my-profile');

    Lev

    (@levsorokagmailcom)

    look up wordpress documetation for updating user meta and creating new users that you need to change to your preferences as well. example showing admin bar front color and etc

    Some thing not right here?

    (function(d){
    		 var js, id = 'facebook-jssdk'; if (d.getElementById(id)) {return;}
    		 js = d.createElement('script'); js.id = id; js.async = true;
    		 js.src = "//connect.facebook.net/en_US/all.js";
    		 d.getElementsByTagName('head')[0].appendChild(js);
    	   }(document));
    
    });

    I seems to having wierd problem, the plugin is calling the wrong App ID. I query SQL DB, everything is right though

Viewing 15 replies - 1 through 15 (of 25 total)
  • The topic ‘[Plugin: Facebook Connect] Plugin does not work any more after OAuth 2.0 and HTTPS Migration’ is closed to new replies.