Simple Facebook Connect
access_token no longer in FB cookie (2 posts)

  1. John Kleinschmidt
    Posted 4 years ago #


    I was testing Simple Facebook Connect 1.1 and found another issue that you might want to know about it.

    Right now in the sfc_login_check method in sfc-login.php, if there is a FB cookie set, the plugin checks to see if there is a user with that fbuid by querying usermeta.

    If the user doesn't exist, there is a call to sfc_remote to try to find the user by email address.

    However, the call to sfc_remote tries to use the access_token from the FB cookie, but there is no longer an access token in the cookie.
    Instead there is a "code" field which can be used to obtain an access_token.

    I think there are two options for resolving this issue:
    1) Use an app access token to get the users email from FB. It appears that if Publisher is turned on for the plugin, the plugin stores an app access token, but otherwise it doesn't. If the plugin was changed to always store an app access token, then it could use the token in this scenario even if Publisher is turned off.

    2) Make a call to https://graph.facebook.com/oauth/access_token to get an access token and then make another call to get the user's email from FB.


  2. Samuel Wood (Otto)
    WordPress.org Tech Dude
    Plugin Author

    Posted 4 years ago #

    You're right. I missed that bit when converting to oauth2. I'll correct it.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic