Problem logging in and changing permissions in Facebook
- by kujawk
Hi everybody,
I've got a piece of code that logs into Facebook, gets a session, sets status_update and offline_access permission if they are not set, and gets a new session with the newly set permissions. This code used to work fine but now I'm getting error 100 "One of the parameters specified was missing or invalid" as a response to the second call to get session and I can't figure out why. Here's the sequence in detail:
CREATE TOKEN
restserver.php?method=auth.createToken&api_key=[our key]&v=1.0&format=JSON&sig=[sig created with our secret]
response: new token
LOGIN
m.facebook.com/login.php?api_key=[our key]&v=1.0&auth_token=[token created above]
login screen loads and user successfully logs in with their username/password.
GET SESSION
restserver.php?method=auth.getSession&api_key=[our key]&v=1.0&format=JSON&auth_token=token created above&sig=[sig created with our secret]
response: session key with expiration date and a secret
CHECK/AUTHORIZE PERMISSIONS
restserver.php?method=users.hasAppPermission&api_key=[our key]&v=1.0&format=JSON&ext_perm=status_update&call_id=[proper id]&session_key=[key returned above]&sig=[sig created with secret returned for get session]
response: 0
m.facebook.com/authorize.php?api_key=[our key]&v=1.0&ext_perm=status_update
authorization screen loads and user authorizes
Same steps for status_update
CREATE NEW TOKEN
Same steps as done to create the first token
LOGIN
m.facebook.com/login.php?api_key=[our key]&v=1.0&auth_token=[new token]
user is already logged in, redirected to their homepage
GET NEW SESSION
restserver.php?method=auth.getSession&api_key=[our key]&format=JSON&auth_token=[new token]&sig=[sig created with our secret]
response: error 100 - missing or invalid parameter. Of course it doesn't tell me which one.
Anybody have any ideas what I'm doing wrong here? I tried skipping the second login and going right to creating the new session and that didn't work. The only thing that seems to work is logging out the user after they've authorized the permissions and having them log back in again. I'd like to avoid this if possible. Can you have two outstanding sessions at one time?
This code used to work but I'm thinking maybe something changed on Facebook's end that I'm not aware of.
Thanks,
kris