Facebook social login: "Error validating client secret" - "Missing code" error

irridium · June 12, 2023, 2:18pm

I’m using the PHP SDK to generate social login URLs, like this:

$auth0->login( 'https://example.com/callback.php', array( 'connection' => 'facebook' ) );

This works fine for providers like google-oauth2 but for Facebook, I receive an error in my callback function after logging in via the Facebook login form.

The callback URL looks like this:

callback.php?error=invalid_request&error_description=Error validating client secret.&state=#_=_

There is an Exception thrown:

Auth0\SDK\Exception\StateException
Error: Missing code

My client secret is configured correctly as per the quickstart guide and as I said this works fine with Google.

I did have this working previously - I don’t believe I’ve made any code changes, so I don’t know why this has suddenly stopped working.

Edit: One thing I did do was I switched from using the OAuth dev keys to using a real Facebook API key, but then I switched it back (left the fields blank in the Auth0 settings page) to continue development. Not sure if this could be a contributing factor?

Any ideas please?

evansims · June 12, 2023, 4:43pm

Hi @irridium, thanks for your question.

There haven’t been any recent updates to the SDK that change this behavior.

I noticed the callback URL you provided includes an error and error_description, which indicate the cause of the failure, “Error validating client secret.” This is a service-returned API error meaning something is misconfigured somewhere.

Please double-check that your configurations of:

SDK: The Auth0 domain, application ID, and secret are configured correctly.
Auth0: The Facebook connection’s configured app and secret are configured correctly.
- Note that these are different from your Auth0 application details. Facebook provides these values.
Facebook: The application is configured correctly.
- People often overlook the configured domain for redirects/callbacks, which is important.