问题
Since the latest change on Facebook, regarding the appsecret_proof: https://developers.facebook.com/docs/reference/api/securing-graph-api/, we are still unable to download performance reports even after enabling/disabling features from Advanced Settings in our app, or apply the code as described in their document.
We are constantly getting this error:
{"error":{"message":"Invalid appsecret_proof provided in the API argument","type":"GraphMethodException","code":100}}
and I've open a confidential bug but no one returns to me with an answer.
I really don't know what more could we try?
回答1:
The error is (based on my experience) almost certainly correct; it means you're proving an invalid appsecret_proof with your API call
Assuming you're using the standard PHP SDK without modifications, the most likely reasons for this are:
- You configured the wrong app ID in the SDK code
- You configured the wrong app secret in the SDK code
- You're trying to use an access token from the wrong / another app
回答2:
Another potential cause of the "Invalid appsecret_proof ..." error, is a user access token that is not associated with an app. If you are generating a user access token using the graph explorer, make sure to select an app from the dropdown on the top right corner. Otherwise, you will be generating tokens that only work within the graph API explorer.
I filed a bug with the Python SDK before I caught my mistake. GUIs are the devil.
回答3:
There is a bug in the Facebook SDK. After 20 hours of trying everything to debug my own code (which had no issues!), I commented this out in base_facebook.php:
/* Commented out by SJ
if (isset($params['access_token'])) {
$params['appsecret_proof'] = $this->getAppSecretProof($params['access_token']);
}
*/
And all the problems went away!
回答4:
No bug in the latest version of the facebook PHP SDK. You need to create appsecret_proof as per the docs:
$appsecret_proof= hash_hmac('sha256', $access_token, $app_secret);
then pass it as a parameter to your api call.
See the docs here: https://developers.facebook.com/docs/graph-api/securing-requests/
Once I did this all was good and I didn't have to hack base_facebook.php
回答5:
This is error is because of in correct token. It may be because you are using different account for configuring web app and mobile app for Facebook configuration. Both accounts should be same.
The app ID must be the same for your mobile app and your web app.
回答6:
This error is the result of setting incorrect access token. For e.g posting to page album using a user's(admin's) access token. I have solved this error almost all the times by setting the proper access token
回答7:
If this error is unexpected behavior, you may have checked a setting in your app to require it. Uncheck it and you should stop getting that error. That setting is in settings -> advanced and is called "App Secret Proof for Server API calls". Set that to NO.
As of now, that setting is on this page (make sure to put your appId in the URL): https://developers.facebook.com/apps/YOUR-APP-ID/settings/advanced/
Note this is not a universal solution, only a solution for people who don't want that behavior.
回答8:
make sure your setting correct fbappid + fbappsecret
this error happens when those are not set correct
like you have 2 apps one development and one production
and you mess up the codes, double check those two
回答9:
Just for people having the same problem;
When you set Client OAuth Login to "yes" on facebook, you should give proper Valid OAuth redirect URIs . Otherwise facebook throws exactly the same error.
回答10:
In my case I needed to set Default Access Token via method: setDefaultAccessToken()
I used token generated in GraphApi dev tool but I did not switch into proper application. It was solved by changing application into proper one and using regenerated token.
回答11:
I know that this is an old question but I solved mine by changing the Application to the proper application that I should be generating an access token with. E.g. from Project1 to Project2.
回答12:
Perhaps something wrong with your access token, you need Business Manager style.
You can get the token from the content of https://business.facebook.com/settings/system-users/{sys_user_id}?business_id={business_id} with regex r'"accessToken":"([\d|\w]+)","context"'
回答13:
Works for me:
$appsecret_proof = hash_hmac('sha256', $facebook_page_token, $app_secret);
WHERE facebook_page_token is the page token stored in my database created when I associate the page to the app.
来源:https://stackoverflow.com/questions/18683421/why-do-i-get-invalid-appsecret-proof-provided-in-the-api-argument