XF 1.5 Facebook: Strict Redirect URI Matching

[rdn]

In 90 days, we're making a security update to Facebook Login that will invalidate calls from URIs not listed in the Valid OAuth redirect URIs field of your Facebook Login settings.

This update comes in response to malicious activity we saw on our platform, and we want to protect your app or website by requiring a new strict mode for redirect URIs. Take action now to ensure your redirect traffic continues to work. Learn More

https://developers.facebook.com/docs/facebook-login/security/#strict_mode

What is the correct "Valid OAuth redirect URIs" for XenForo to work fine?

 

[PaulB]

Some of us can't get the Facebook login working anymore, which is why I asked if you could post your Facebook settings.

I've been able to get both login and the test to work. Settings attached below.

 

[dknife]

I've been able to get both login and the test to work. Settings attached below.

Thank you. The test now works correctly and I believe I know why the actual Facebook integration wasn't working either. I had a &reg=1 on the URL for the /register/facebook

 

[snoopy5]

Xenforo 1.5.22

I have the xact same provlem as described above. It seems that only if I enter that url:

https://mydomain.com/admin.php?tools/test-facebook&x=?/&=&y=2

The error while using the test within ACP goes away.

/admin.php?tools/test-facebook&x=%3F%2F%26%3D&y=2

What exactly does this part means? Why at the end the number "=2"?

 

[snoopy5]

Please are aware, that you sometimes have to write the domainname without www. in the URL. See for more details here:

https://xenforo.com/community/threads/facebook-app.135424/page-2#post-1286115

 

[SurferJon]

Using Xenforo 1.4.6.

I applied the patch in a previous post to fix the "Test FB Integraton" file. It works now.

However when I try to associated my XF account with my FB account on the "External Account" pages on XF, I get the "URL Blocked" error. I'm assuming this is because of what people previously mentioned about the old XF versions using 'assoc' in the URL.

Does anyone know how I can patch my version of XF so that it's not using the 'assoc' anymore? Thank you!

 

[PaulB]

Xenforo 1.5.22

I have the xact same provlem as described above. It seems that only if I enter that url:

https://mydomain.com/admin.php?tools/test-facebook&x=?/&=&y=2

The error while using the test within ACP goes away.




What exactly does this part means? Why at the end the number "=2"?

That’s definitely not the right URL. Your querystring is all messed up.

Edit: Never mind, misread it.

 

[dethfire]

mydomain.com/xenforo/register/facebook
&
mydomain.com/xenforo/admin.php?tools%2Ftest-facebook

Anyone get this to work in 2.1? Anyone with an updated URL whitelist?

I get: URL Blocked: This redirect failed because the redirect URI is not whitelisted in the app’s Client OAuth Settings. Make sure Client and Web OAuth Login are on and add all your app domains as Valid OAuth Redirect URIs.

 

[Chris D]

That's covered in the manual:

About connected accounts | Manual | XenForo

End-user documentation for XenForo

xenforo.com

 

[MesterPerfect]

Hi
After all these updates made by facebook, is there a solution to this problem?

Error
Warning
URL Blocked: This redirect failed because the redirect URI is not whitelisted in the app’s Client OAuth Settings. Make sure Client and Web OAuth Login are on and add all your app domains as Valid OAuth Redirect URIs.

I know very well that there is no longer support for xf1.5, but I like to use it and I have no problem with this other than simple things, including this aforementioned problem