Support » Plugin: Simple Facebook Connect » sfc_remote & malformed access token

  • Hi Otto,

    I have a problem, I’m trying to use sfc_remote to get some extra details for a user. The problem is that with your default code, to get the user email it doesn’t work.

    $data = sfc_remote($fbuid, '', array(

    The curious part is that the login works. But print_r($data); returns an FB error that I have an malformed access token, after a little more investigation I realized that the access token returned from your sfc_remote function returns me something like


    And afterwords the function will try to use the acces_token, it encodes the $expires=4866 and that’s how I get a malformed url.

    I hacked you sfc_base.php and at sfc_remote, at line 407 after
    $args['access_token'] = str_replace('access_token=','',$resp['body']);
    I added an explode $at = explode("&", $args['access_token']); $args['access_token'] = $at[0];

    This fixes the issue, and I was wondering how the rest is working if this is broken, or if there are other solutions… Or if this is the case to more people, maybe push a repair 🙂

    The main reason why I wanted this to work is to make the function do_action('sfc_login_new_fb_user'); // TODO hook for creating new users if desired
    to auto-register users with login without passing through the register page. After I’m done, I’ll come back to share the snippet.


Viewing 2 replies - 1 through 2 (of 2 total)
  • I finished my function.

    Unfortunately if I use the add_action facebook me will return me an oauth exception (not sure if it’s from the cookie parsing or the sfc_remote, even weired is that it works before).

    So this is the function

    function sfc_login_register_user( $data ){
    		if ( empty( $data ) ) return 0;
    		if ( array_key_exists( $data['error'] ) )  return 0; 
    		$username = str_replace( ' ', '', strtolower( $data['first_name'].".".$data['last_name'] ) );
    		$username = sanitize_user($username, true);
    		$counter = 1; //Check for Unicity
    		if ( username_exists( $username ) )
    				$finalname = $username;
    				$finalname = $finalname . $counter;
    			} while ( username_exists( $finalname ) );
    			$finalname = $username;
    		if ( !email_exists( $data['email'] ) ) {
    			$random_password = wp_generate_password( $length=12, $include_standard_special_chars=false );
    			$user_id = wp_create_user( $finalname, $random_password, $data['email'] );
    				array (
    					'ID' => $user_id,
    					'first_name' => $data['first_name'],
    					'last_name' => $data['last_name']
    			update_usermeta( $user_id, 'fbuid', $data['id'] ); 
    			$user = new WP_User( $user_id );
    			if( is_user_logged_in() ) {
    				wp_redirect( home_url() );
    		} else {
    			echo "Email already exists.";

    On sfc_login.php on line 169, I have replaced the do_action('sfc_login_new_fb_user'); // TODO hook for creating new users if desired

    $succes = sfc_login_register_user($data);
    if ($succes == 0) { wp_redirect( site_url( 'wp-login.php', 'login' ) ); }

    Line 2 is there because on the first login $data from sfc_remote is empty, and if I refresh it’s ok. Weird.
    It works, also, I added “username,first_name,last_name” to fields from sfc_remote on line 155


    If anyone finds it useful, I’m glad 🙂

    The problem is that function sfc_remote in file sfc-base.php is not properly parsing the oauth/access_token response from Facebook, which then causes “Malformed access token” errors.

    The following change solved my login problem where the user’s e-mail address was not being provided:

    I replaced the following problem code:

    if (!is_wp_error($resp) && 200 == wp_remote_retrieve_response_code( $resp )) {
    	$args['access_token'] = str_replace('access_token=','',$resp['body']);
    	$saved_access_tokens[$obj] = $args['access_token'];


    if (!is_wp_error($resp) && 200 == wp_remote_retrieve_response_code( $resp )) {
    	$fb_params = array();
    	parse_str($resp['body'], $fb_params);
    	$args['access_token'] = $fb_params['access_token'];
    	$saved_access_tokens[$obj] = $args['access_token'];
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘sfc_remote & malformed access token’ is closed to new replies.