问题
I can't make API requests with the Android Facebook SDK, or even get the user from the login callback - it always returns null.
Particularly, with the newMeRequest, I get the following error message:
{ "error": {
"message": "API calls from the server require an appsecret_proof argument",
"type": "GraphMethodException",
"code": 100 } }
Actually, it seems pretty obvious, because the flag is set to true in the Facebook app options. However, I know it is possible, for the mobile sdks, to make API requests without the secret. However, if I try to use the access token from the currentSession in the Facebook Graph API Debugger, the response will be the same as above.
I don't know if this is related to the new Android Facebook SDK, but my code is basically the same as in the examples. The login goes nicely and I get the session token but I can't make any API requests...
loginButton.setUserInfoChangedCallback(new LoginButton.UserInfoChangedCallback() {
@Override
public void onUserInfoFetched(GraphUser user) {
graphUser = user;
}
});
Request.newMeRequest(currentSession, new Request.GraphUserCallback() {
@Override
public void onCompleted(GraphUser user, Response response) {
}
}
}).executeAsync();
回答1:
The only way that I was able to put it working, was by settings to No the App Secret proof for API calls in the advanced settings of the facebook App.
However, this is a fix, not a solve, since I wasn't able to do the request in the option set to Yes (as is possible in the iOS facebook sdk).
回答2:
you need to add a parameter "appsecret_proof" to your request containg a 'sha256' hash of accessToken and appSecret
https://developers.facebook.com/docs/graph-api/securing-requests
回答3:
You need to disable Require App Secret in facebook app advance settings.
回答4:
While not an actual answer to your question (since it doesn't involve the Android SDK), it seems that, as of March 2018, there still are some issues regarding the appsecret_proof and calls from web page (Javascript) / and possibly mobile (not sure about that) clients.
Facebook bug report (February 2018) - issue reappeared
Facebook bug report (October 2016)
Facebook bug report (February 2015)
That is, for an application with Require App Secret enabled App Dashboard > Settings > Advanced > Security > Require App Secret, it seems that one cannot perform API calls from Javascript without passing the appsecret_proof - at the moment of writing (March 2018).
Quick "fix" - disable the flag. Depending on the requirements, one may also choose to have two Facebook applications: one for web page / mobile calls (flag disabled), and one for server side calls (flag enabled).
来源:https://stackoverflow.com/questions/22359611/api-calls-from-the-server-require-an-appsecret-proof-argument