Facebook移动OAuth redirect_uri

Question

承认经过身份验证的引荐机制是currently not working with the mobile web settings for Facebook applications，我遇到了根据返回的代码验证访问令牌的问题。

我正在尝试获取访问令牌的URL是： https://staging.fanhood.com/facebook/mobile/challenge?fh_gameChallengeID=2678&ref=web_canvas&refid=9&refsrc=http://apps.facebook.com/fanhood-dev/challenge&returned=true

这是访问者在通过此网址预先验证后发送到的网址：http://apps.facebook.com/fanhood-dev/challenge?fh_gameChallengeID=2678。但是，与常规的经过身份验证的引用不同，没有其他数据传递到URL中，因此应用程序可以快速执行oauth重定向循环。

此时，我正在将访问者重定向到移动OAuth对话框以对其进行身份验证： http://m.facebook.com/dialog/oauth?client_id=250258605018414&redirect_uri=https%3A%2F%2Fstaging.fanhood.com%2Ffacebook%2Fmobile%2Fchallenge%3Ffh_gameChallengeID%3D2678%26ref%3Dweb_canvas%26refid%3D9%26refsrc%3Dhttp%3A%2F%2Fapps.facebook.com%2Ffanhood-dev%2Fchallenge%26returned%3Dtrue&scope=email%2Cfriends_about_me%2Cfriends_education_history%2Cfriends_hometown%2Cfriends_interests%2Cfriends_likes%2Cfriends_location%2Coffline_access%2Cpublish_actions%2Cpublish_stream%2Cuser_activities%2Cuser_birthday%2Cuser_education_history%2Cuser_hometown%2Cuser_games_activity%2Cuser_interests%2Cuser_likes%2Cuser_location&response_type=code&display=touch

当用户被重定向回来时，我确实收到了要交换的代码：

编码：AQBCH25OC57BiMBgj3rCKGhkFi0ypp0R8e2yKGwFfhml9x1B47-w2Baex8oZ3BKgb2NhziRnSIuJ1MV9hErKBUhu0YqxaonwFF_7mcqozwpy3Ch08rkNh-YEIa6HV_LHxl6pymfkAbQEMgSA6F4BdtINsCQ7QlLpcRwrZWkzxZVyJbJDnqOesB3zFLr5ohpgtpQ

但是，我交换此代码的请求目前都没有。我正在尝试redirect_uri格式的不同变体，其中没有一个正在起作用：

原始网址为redirect_uri：

我有一个机制来删除特定的查询参数，按字母顺序重新排序，然后重新组合，以便redirect_uris在请求之间保持一致。 在这种情况下，redirect_uri与传递给对话框URL的内容完全匹配： https://staging.fanhood.com/facebook/mobile/challenge?fh_gameChallengeID=2678&ref=web_canvas&refid=9&refsrc=http://apps.facebook.com/fanhood-dev/challenge&returned=true == https://staging.fanhood.com/facebook/mobile/challenge?fh_gameChallengeID=2678&ref=web_canvas&refid=9&refsrc=http://apps.facebook.com/fanhood-dev/challenge&returned=true

https://graph.facebook.com/oauth/access_token?client_id=250258605018414&client_secret=xxx&redirect_uri=https%3A%2F%2Fstaging.fanhood.com%2Ffacebook%2Fmobile%2Fchallenge%3Ffh_gameChallengeID%3D2678%26ref%3Dweb_canvas%26refid%3D9%26refsrc%3Dhttp%3A%2F%2Fapps.facebook.com%2Ffanhood-dev%2Fchallenge%26returned%3Dtrue&code=AQBCH25OC57BiMBgj3rCKGhkFi0ypp0R8e2yKGwFfhml9x1B47-w2Baex8oZ3BKgb2NhziRnSIuJ1MV9hErKBUhu0YqxaonwFF_7mcqozwpy3Ch08rkNh-YEIa6HV_LHxl6pymfkAbQEMgSA6F4BdtINsCQ7QlLpcRwrZWkzxZVyJbJDnqOesB3zFLr5ohpgtpQ&access_token=250258605018414%7C65adc2f073d3c901d02a7329c6acba21

空白redirect_uri尝试进行身份验证的引荐：

https://graph.facebook.com/oauth/access_token?client_id=250258605018414&client_secret=xxx&redirect_uri=&code=AQBCH25OC57BiMBgj3rCKGhkFi0ypp0R8e2yKGwFfhml9x1B47-w2Baex8oZ3BKgb2NhziRnSIuJ1MV9hErKBUhu0YqxaonwFF_7mcqozwpy3Ch08rkNh-YEIa6HV_LHxl6pymfkAbQEMgSA6F4BdtINsCQ7QlLpcRwrZWkzxZVyJbJDnqOesB3zFLr5ohpgtpQ&access_token=250258605018414%7C65adc2f073d3c901d02a7329c6acba21

redirect_uri结构化为我们的移动画布网址：

https://graph.facebook.com/oauth/access_token?client_id=250258605018414&client_secret=xxx&redirect_uri=https%3A%2F%2Fm.facebook.com%2Fapps%2Ffanhood-dev%2Fchallenge%3Ffh_gameChallengeID%3D2678%26ref%3Dweb_canvas%26refid%3D9%26refsrc%3Dhttp%3A%2F%2Fapps.facebook.com%2Ffanhood-dev%2Fchallenge%26returned%3Dtrue&code=AQBCH25OC57BiMBgj3rCKGhkFi0ypp0R8e2yKGwFfhml9x1B47-w2Baex8oZ3BKgb2NhziRnSIuJ1MV9hErKBUhu0YqxaonwFF_7mcqozwpy3Ch08rkNh-YEIa6HV_LHxl6pymfkAbQEMgSA6F4BdtINsCQ7QlLpcRwrZWkzxZVyJbJDnqOesB3zFLr5ohpgtpQ&access_token=250258605018414%7C65adc2f073d3c901d02a7329c6acba21

redirect_uri结构化为我们的画布URL：

https://graph.facebook.com/oauth/access_token?client_id=250258605018414&client_secret=xxx&redirect_uri=https%3A%2F%2Fapps.facebook.com%2Ffanhood-dev%2Fchallenge%3Ffh_gameChallengeID%3D2678%26ref%3Dweb_canvas%26refid%3D9%26refsrc%3Dhttp%3A%2F%2Fapps.facebook.com%2Ffanhood-dev%2Fchallenge%26returned%3Dtrue&code=AQBCH25OC57BiMBgj3rCKGhkFi0ypp0R8e2yKGwFfhml9x1B47-w2Baex8oZ3BKgb2NhziRnSIuJ1MV9hErKBUhu0YqxaonwFF_7mcqozwpy3Ch08rkNh-YEIa6HV_LHxl6pymfkAbQEMgSA6F4BdtINsCQ7QlLpcRwrZWkzxZVyJbJDnqOesB3zFLr5ohpgtpQ&access_token=250258605018414%7C65adc2f073d3c901d02a7329c6acba21

有谁知道Facebook用于移动OAuth请求的redirect_uri格式？如果支持查询参数？这个URL适用于我们的常规画布应用程序，而不适用于我们的移动版本。

Answer 1

请参阅Authenticated Referrals & Server-Side Auth Flow - What is the redirect_uri?

当我在＆amp; code = ...之后删除request_uri部分时，它开始工作。