I am currenty using a v6.1.6 umbraco set up with uShare v6.1.0 and after setting up the feature to share to facebook, I keep getting the error "Facebook not authorized - Please ensure to authorize". I'm sure I've done everything required in order to get this functionality working. The App ID and App Secret in the uShare.config both match the one in the Facebook app Dashboard, and the ID for the page I'm sharing to is also correct. I've authorized it in umbraco many times, and it still fails to recognize the Facebook authorization. Is there a setting I could be missing that might be causing this problem?
Can you please confirm that you're using SQL Server? If you look in your database, you should see a uShareAuthorizations table if it installed properly. When logging in with the Facebook popup, this should contain your Facebook authorisation access tokens.
Apart from this, it does sound like your configuration is correct. There shouldn't be any other settings apart from those in uShare.config and then the uShare datatype.
Can you please have a look in the Umbraco log files (\App_Data\Logs\UmbracoTraceLog.txt) to see if any exceptions are being logged on the failed authorisation? If you do a search for "uShare", you might find more info as well.
System.Net.WebException: The remote server returned an error: (403) Forbidden.
at System.Net.HttpWebRequest.GetResponse()
at Governor.Umbraco.uShare.OAuth2.ServiceProviderConsumers.FacebookConsumer.ShareLinkOnBehalfOfPage(String pageUsernameOrId, String shareLink, String pageAccessToken)
Also, the uShareAuthorizations table was in the database, but for one of the entries the "AccessTokenValue2" column is empty. Could this be the cause of the authorization error?
1) Yes, for Facebook, the AccessTokenValue2 should be populated. However, this would probably mean that somewhere in the authorisation process, something went wrong, and didn't complete the authorisation. This would probably also explain why you're getting a 403 forbidden response from Facebook when trying to share a link (ShareLinkOnBehalfOfPage error above).
2) Can you please confirm that the Facebook authorisation popup does actually show up and allows you to complete the authorisation process without showing up any errors (i.e. using the Facebook Authorise button on the uShare tab in the content section). Facebook should take you through about three steps here, first logging in, then authorising your uShare app to share on your behalf based on the required and specified app permissions). Once completed, this should populate AccessTokenValue1 and AccessTokenValue2. To clear out any current (incomplete) authorisations, you should be able to use the Facebook Deauthorise button, which will also clear out AccessTokenValue1 and AccessTokenValue2, to start again fresh.
3) This might not be related, however I would suggest upgrading to uShare 6.1.2. This used an alternative method to show the authorisation popups. The method used in uShare 6.1.0 became blocked by newer browser versions. However if you do get the popup, then this is not an issue in your case.
4) Again, as you've mentioned, I assume your uShare.config and Facebook app is configured correctly in terms of the following fields:
5) Can you also please check that the Facebook user you're using to login and authorise with, does have permissions on your Facebook page to post content to.
Hopefully these would help in getting closer to the cause of this issue.
Also, can you please check that your Facebook app permissions are correct:
4.5) Facebook app: App details > App Center Listed Platforms > Configure App Center Permission > App Center Permissions should have the following entries: "publishactions" and "managepages".
All of the settings listed above are as they should be, I've unauthorized and reauthorized numerous times, and the login popup appears when authorizing. I've added the publish_actions and manage_pages permissions but I still seem to run into the same error. I was wondering if I needed to submit the facebook app in order to properly use it, even though it's not really a public app.
Submitting your Facebook app shouldn't be a requirement. Mine is not public and as far as I remember, I didn't have to submit it for review.
This might or might not make a difference, can you please check in your app:
Settings > Security > Client OAuth Login is On and that there is a Client Token generated?
There are also various tools that Facebook offer to help you troubleshoot your Facebook Graph API calls - one useful one is here https://developers.facebook.com/tools/explorer/ however it might need some further explanation on how to use it. When using the uShare Facebook Authorise button, you can also look in Fiddler to get the URL it uses to call graph.facebook.com and see if there are any other errors showing up here in the response. This URL can also be used in the Graph API Explorer mentioned above to test your API calls.
It's the kind of thing which is tricky to test without your actual access tokens, Facebook permissions, URL query string parameters etc.
Looking at the above, does it shed any further light?
I used the Graph API Explorer tool like you suggested, and after getting my request URL through Fiddler, I'm still not sure of what the error could be, as the response I get is this:
I got this error with every version of the Graph API Explorer, and only got different errors when I removed the client_id or the Redirect_Uri fields.
Here is my Call: https://graph.facebook.com/oauth/authorize?display=popup&client_id=321267211412694&redirect_uri=https%3A%2F%2Fwww.bankofsullivani.com%2Fumbraco%2Fplugins%2Fushare%2Fusharefacebook.aspx&state=ayP9piyxFj_oMB1CBy2oxw&scope=manage_pages%20publish_stream&response_type=code
Do you see anything wrong with what I'm doing here?
I've compared your request to one of mine, and they look the same (apart of course from the unique fields).
Your callback page which is: https://www.xxxxxxx.com/umbraco/plugins/ushare/usharefacebook.aspx - can you please confirm that this is publicly available. Basically, the popup will load the Facebook hosted authorisation pages, then once the process is complete, Facebook will make a callback to your uShare Facebook aspx page to return the authorisation tokens etc. This page needs to be accessible from the outside. I've tried browsing it to test but it seems it cannot be reached. If this is the case, it might explain the 403 forbidden error. To solve it, move the ushare/usharefacebook.aspx page to another unprotected area in your site and change the website URL accordingly in your Facebook app.
Is that is perhaps?
In terms of the Facebook API Explorer, note at the top you can either use the Graph API Explorer app or your own app. I suggest testing with both. For each, do the following:
1) Paste your full request URL in the box
2) Click Get Access Token and click Clear and Cancel to start without any authorisation tokens
3) Click Get Access Token > Extended Permissions and select manage_pages and actions and Get Access Token. This should mimic the permissions set in your uShare app during setup.
4) If I then Submit your URL with either the Graph API Explorer app or my uShare app, it returns a valid response without an error. This seems a bit odd since you had a different result. I've used version 2.2 here.
What fields did you use on your call? I keep getting the same error, no matter what version of the Graph API Explorer I use. Only when I delete the "client_id" or the "redirect_uri" does the error change. I was also able to access "https://www.bankofsullivan.com/umbraco/plugins/ushare/usharefacebook.aspx" publically. What I did notice is that when I try deauthorizing then authorizing Facebook, there are virtually no changes from the uShareAuthorizations table. How can I tell which one is the Facebook entry in the table, and would it posssibly help if I manually deleted the entry in the table, then authorized facebook?
Using the Facebook Deauthorise button should delete your Facebook row from the uShareAuthorizations table. The Facebook authorisation row in that table will be the one with ServiceProviderId set to 1 (it's a foreign key to the uShareAuthorizations table). If this does not delete that entry, yes please delete it manually and try the Facebook Authorise button again, however that still tells me that something is wrong with the Facebook API calls. Unlike the other providers (Twitter and LinkedIn), Facebook actually provides the means to properly deauthorise the user by deleting its access token and preventing further API calls. In other words the deauthorise button does make a call to the Facebook API. So if this call fails, then subsequently it also probably won't delete your Facebook row in the uShareAuthorizations table.
When testing your URL in the Graph API Explorer, I use your exact URL on all the versions. However needed to geenrate the access token first by selecting those two extended permissions first. Without the access token you can't access these API calls.
IN terms of your usharefacebook.aspx page being reachable by the Facebook callback, it's not perhaps restricted by IP address or something?
I was able to get the app working by manually deleting the row and authorizing Facebook, which worked as normally should. You were right about the de-authorize button not working properly, and while I didn't figure out why this was the case, I was able to at least find a way around it for the time being. Thank you for all your help regarding this issue.
It seems that there are two responses from facebook. One is AccesTokenSuccessResponse (for the manage_page), and one is UnauthorisedResponse (I'm guessing for publish_stream).
Could it be a problem that uShare is requesting publish_stream, while in my App Settings I have selected the permission publish_actions? I can't find publish_stream.
Thanks for posting your solution! It seems that Facebook has been changing their permissions recently. I'll include this fix in the next release of uShare.
Facebook not authorized - Please ensure to authorize
Hello,
I am currenty using a v6.1.6 umbraco set up with uShare v6.1.0 and after setting up the feature to share to facebook, I keep getting the error "Facebook not authorized - Please ensure to authorize". I'm sure I've done everything required in order to get this functionality working. The App ID and App Secret in the uShare.config both match the one in the Facebook app Dashboard, and the ID for the page I'm sharing to is also correct. I've authorized it in umbraco many times, and it still fails to recognize the Facebook authorization. Is there a setting I could be missing that might be causing this problem?
Thank you
Hi Brandon
Can you please confirm that you're using SQL Server? If you look in your database, you should see a uShareAuthorizations table if it installed properly. When logging in with the Facebook popup, this should contain your Facebook authorisation access tokens.
Apart from this, it does sound like your configuration is correct. There shouldn't be any other settings apart from those in uShare.config and then the uShare datatype.
Can you please have a look in the Umbraco log files (\App_Data\Logs\UmbracoTraceLog.txt) to see if any exceptions are being logged on the failed authorisation? If you do a search for "uShare", you might find more info as well.
Regards,
Rigardt
Hello Rigardt,
This is the error I found in the logs:
ERROR Governor.Umbraco.uShare.OAuth2.ServiceProviderConsumers.FacebookConsumer - [Thread 55] uShare: Error calling Facebook ShareLinkOnBehalfOfPage. Potential reasons include: access token expired / app deauthorized / service provider user password changed.
System.Net.WebException: The remote server returned an error: (403) Forbidden.
at System.Net.HttpWebRequest.GetResponse()
at Governor.Umbraco.uShare.OAuth2.ServiceProviderConsumers.FacebookConsumer.ShareLinkOnBehalfOfPage(String pageUsernameOrId, String shareLink, String pageAccessToken)
Also, the uShareAuthorizations table was in the database, but for one of the entries the "AccessTokenValue2" column is empty. Could this be the cause of the authorization error?
Thank you,
Brandon
Hi Brandon
Can you please check the following points:
1) Yes, for Facebook, the AccessTokenValue2 should be populated. However, this would probably mean that somewhere in the authorisation process, something went wrong, and didn't complete the authorisation. This would probably also explain why you're getting a 403 forbidden response from Facebook when trying to share a link (ShareLinkOnBehalfOfPage error above).
2) Can you please confirm that the Facebook authorisation popup does actually show up and allows you to complete the authorisation process without showing up any errors (i.e. using the Facebook Authorise button on the uShare tab in the content section). Facebook should take you through about three steps here, first logging in, then authorising your uShare app to share on your behalf based on the required and specified app permissions). Once completed, this should populate AccessTokenValue1 and AccessTokenValue2. To clear out any current (incomplete) authorisations, you should be able to use the Facebook Deauthorise button, which will also clear out AccessTokenValue1 and AccessTokenValue2, to start again fresh.
3) This might not be related, however I would suggest upgrading to uShare 6.1.2. This used an alternative method to show the authorisation popups. The method used in uShare 6.1.0 became blocked by newer browser versions. However if you do get the popup, then this is not an issue in your case.
4) Again, as you've mentioned, I assume your uShare.config and Facebook app is configured correctly in terms of the following fields:
4.1) uShare.config: FacebookClientApiKey
4.2) uShare.config: FacebookClientSecret
4.3) uShare.config: FacebookPageUsernameOrId
4.4) Facebook app: Settings > Website > Site URL (your publicly available callback URL to your Umbraco site by Facebook at the end of the authorisation e.g. http://yoursite.com/umbraco/plugins/ushare/usharefacebook.aspx)
5) Can you also please check that the Facebook user you're using to login and authorise with, does have permissions on your Facebook page to post content to.
Hopefully these would help in getting closer to the cause of this issue.
Best regards,
Rigardt
Also, can you please check that your Facebook app permissions are correct:
4.5) Facebook app: App details > App Center Listed Platforms > Configure App Center Permission > App Center Permissions should have the following entries: "publishactions" and "managepages".
I've got a feeling this might be the one :)
Hello Rigardt,
All of the settings listed above are as they should be, I've unauthorized and reauthorized numerous times, and the login popup appears when authorizing. I've added the publish_actions and manage_pages permissions but I still seem to run into the same error. I was wondering if I needed to submit the facebook app in order to properly use it, even though it's not really a public app.
Thank you,
Brandon
Hi Brandon
Submitting your Facebook app shouldn't be a requirement. Mine is not public and as far as I remember, I didn't have to submit it for review.
This might or might not make a difference, can you please check in your app:
Settings > Security > Client OAuth Login is On and that there is a Client Token generated?
There are also various tools that Facebook offer to help you troubleshoot your Facebook Graph API calls - one useful one is here https://developers.facebook.com/tools/explorer/ however it might need some further explanation on how to use it. When using the uShare Facebook Authorise button, you can also look in Fiddler to get the URL it uses to call graph.facebook.com and see if there are any other errors showing up here in the response. This URL can also be used in the Graph API Explorer mentioned above to test your API calls.
It's the kind of thing which is tricky to test without your actual access tokens, Facebook permissions, URL query string parameters etc.
Looking at the above, does it shed any further light?
Regards,
Rigardt
Hello Rigardt,
I used the Graph API Explorer tool like you suggested, and after getting my request URL through Fiddler, I'm still not sure of what the error could be, as the response I get is this:
{
"error": {
"type": "http",
"message": "unknown error",
"status": 0
}
}
I got this error with every version of the Graph API Explorer, and only got different errors when I removed the client_id or the Redirect_Uri fields.
Here is my Call: https://graph.facebook.com/oauth/authorize?display=popup&client_id=321267211412694&redirect_uri=https%3A%2F%2Fwww.bankofsullivani.com%2Fumbraco%2Fplugins%2Fushare%2Fusharefacebook.aspx&state=ayP9piyxFj_oMB1CBy2oxw&scope=manage_pages%20publish_stream&response_type=code
Do you see anything wrong with what I'm doing here?
Thank you,
Brandon
Hi Brandon
I've compared your request to one of mine, and they look the same (apart of course from the unique fields).
Your callback page which is: https://www.xxxxxxx.com/umbraco/plugins/ushare/usharefacebook.aspx - can you please confirm that this is publicly available. Basically, the popup will load the Facebook hosted authorisation pages, then once the process is complete, Facebook will make a callback to your uShare Facebook aspx page to return the authorisation tokens etc. This page needs to be accessible from the outside. I've tried browsing it to test but it seems it cannot be reached. If this is the case, it might explain the 403 forbidden error. To solve it, move the ushare/usharefacebook.aspx page to another unprotected area in your site and change the website URL accordingly in your Facebook app.
Is that is perhaps?
In terms of the Facebook API Explorer, note at the top you can either use the Graph API Explorer app or your own app. I suggest testing with both. For each, do the following:
1) Paste your full request URL in the box 2) Click Get Access Token and click Clear and Cancel to start without any authorisation tokens 3) Click Get Access Token > Extended Permissions and select manage_pages and actions and Get Access Token. This should mimic the permissions set in your uShare app during setup. 4) If I then Submit your URL with either the Graph API Explorer app or my uShare app, it returns a valid response without an error. This seems a bit odd since you had a different result. I've used version 2.2 here.
Regards,
Rigardt
Hello Rigardt,
What fields did you use on your call? I keep getting the same error, no matter what version of the Graph API Explorer I use. Only when I delete the "client_id" or the "redirect_uri" does the error change. I was also able to access "https://www.bankofsullivan.com/umbraco/plugins/ushare/usharefacebook.aspx" publically. What I did notice is that when I try deauthorizing then authorizing Facebook, there are virtually no changes from the uShareAuthorizations table. How can I tell which one is the Facebook entry in the table, and would it posssibly help if I manually deleted the entry in the table, then authorized facebook?
Thank you,
Brandon
Hi Brandon
Using the Facebook Deauthorise button should delete your Facebook row from the uShareAuthorizations table. The Facebook authorisation row in that table will be the one with ServiceProviderId set to 1 (it's a foreign key to the uShareAuthorizations table). If this does not delete that entry, yes please delete it manually and try the Facebook Authorise button again, however that still tells me that something is wrong with the Facebook API calls. Unlike the other providers (Twitter and LinkedIn), Facebook actually provides the means to properly deauthorise the user by deleting its access token and preventing further API calls. In other words the deauthorise button does make a call to the Facebook API. So if this call fails, then subsequently it also probably won't delete your Facebook row in the uShareAuthorizations table.
When testing your URL in the Graph API Explorer, I use your exact URL on all the versions. However needed to geenrate the access token first by selecting those two extended permissions first. Without the access token you can't access these API calls.
IN terms of your usharefacebook.aspx page being reachable by the Facebook callback, it's not perhaps restricted by IP address or something?
Rigardt
Hello Rigardt,
I was able to get the app working by manually deleting the row and authorizing Facebook, which worked as normally should. You were right about the de-authorize button not working properly, and while I didn't figure out why this was the case, I was able to at least find a way around it for the time being. Thank you for all your help regarding this issue.
Brandon
Hi Brandon
I'm still not sure why some of the Facebook API calls are failing in your case, however glad you got it working in the end.
Regards,
Rigardt
Hello!
I am unfortunatly running into the same problems. I cannot get the proper authorisation.
This is the error in the log:
2015-02-16 18:27:06,686 [11] ERROR Governor.Umbraco.uShare.OAuth2.ServiceProviderConsumers.FacebookConsumer - [Thread 204] uShare: Error calling Facebook ShareLinkOnBehalfOfPage. Potential reasons include: access token expired / app deauthorized / service provider user password changed.
System.Net.WebException: The remote server returned an error: (403) Forbidden.
at System.Net.HttpWebRequest.GetResponse()
at Governor.Umbraco.uShare.OAuth2.ServiceProviderConsumers.FacebookConsumer.ShareLinkOnBehalfOfPage(String pageUsernameOrId, String shareLink, String pageAccessToken)
2015-02-16 18:30:44,602 [11] INFO DotNetOpenAuth.Messaging.Channel - Scanning incoming request for messages: http://umbracoschoon.azurewebsites.net/app_plugins/ushare/usharefacebook.aspx
2015-02-16 18:30:44,602 [11] INFO DotNetOpenAuth.Messaging.Channel - Prepared outgoing EndUserAuthorizationRequestC (2.0) message for https://graph.facebook.com/oauth/authorize?display=popup: ;
client_id: 924891820854784
redirect_uri: http://umbracoschoon.azurewebsites.net/app_plugins/ushare/usharefacebook.aspx
state: OmgJ-6VsO0ggALIMMj32Ew
scope: manage_pages publish_stream
response_type: code
The callback-URL can be reached.
Also, I have the proper permissions set in the App Details section on Facebook.
The database-entries get populated and deleted properly when authorising/deauthorising
What I do run into is a warning on the login pop-up, telling me:
Submit for Login Review
Some of the permissions below have not been approved for use by Facebook.
Submit for review now or learn more.
Does FaceBook have a more strict policy now, regarding posting on behalf of a user?
When I continue through the login-popup, I'm only asked for the manage_page permission, not for posting on behalf of.
Thank you for your help in advance,
Sincerely, Wesley
EDIT:
I also found this:
2015-02-16 19:52:13,674 [36] WARN DotNetOpenAuth.Messaging - Multiple message types seemed to fit the incoming data: {AccessTokenSuccessResponse (2.0),
UnauthorizedResponse (2.0),
}
2015-02-16 19:52:13,674 [36] INFO DotNetOpenAuth.Messaging.Channel - Processing incoming AccessTokenSuccessResponse (2.0) message:
access_token: CAAWDK0zF4ZA0BANT3OSwxw6dwZAKu4kq6FP5MicVYKYGNouFR0G2WGQ1UISeAFxYw6Naflzlp6K3bQmAwGp8dpbM3ZC7rZClKXVjCySZCDfLgF6j3wu0BwnMfVW9kheJzS6W5lsZCZCrIGAaVQXhB5bqFw2tFCSdbZAbVX4DbTeee8gBJ81MJGlUmrGSOY1V7iz7gJqhdZAyNrWgEHdZB1O0TG
token_type: bearer
expires: 5184000
It seems that there are two responses from facebook. One is AccesTokenSuccessResponse (for the manage_page), and one is UnauthorisedResponse (I'm guessing for publish_stream).
Could it be a problem that uShare is requesting publish_stream, while in my App Settings I have selected the permission publish_actions? I can't find publish_stream.
In the uShare source, I have changed publish_stream to publish_actions. uShare is now fully functional! Thanks.
Hi Wesley
Thanks for posting your solution! It seems that Facebook has been changing their permissions recently. I'll include this fix in the next release of uShare.
Best regards,
Rigardt
is working on a reply...