I have found the problem myself. It’s because the SDK 3.2.2. For facebook update (from the Changelog for API version 2.3):
[Oauth Access Token] Format – The response format of https://www.facebook.com/v2.3/oauth/access_token returned when you exchange a code for an access_token now return valid JSON instead of being URL encoded. The new format of this response is {“access_token”: {TOKEN}, “token_type”:{TYPE}, “expires_in”:{TIME}}. We made this update to be compliant with section 5.1 of RFC 6749.
But SDK is recognize the response as an array(in the getAccessTokenFromCode function):
$response_params = array();
parse_str($access_token_response, $response_params);
if (!isset($response_params['access_token'])) {
return false;
}
return $response_params['access_token'];
This will not get user access token correctly, and you can’t get user’s data. So you should update this function to parse data as json:
$response = json_decode($access_token_response);
if (!isset($response->access_token)) {
return false;
}
return $response->access_token;
Then all of the function will work as usual.
Additionally, you must make similar changes to setExtendedAccessToken()
. Otherwise, your app won’t be able to extend access tokens. The code below demonstrates how to upgrade the function.
/**
* Extend an access token, while removing the short-lived token that might
* have been generated via client-side flow. Thanks to http://bit.ly/ b0Pt0H
* for the workaround.
*/
public function setExtendedAccessToken() {
try {
// need to circumvent json_decode by calling _oauthRequest
// directly, since response isn't JSON format.
$access_token_response = $this->_oauthRequest(
$this->getUrl('graph', '/oauth/access_token'),
$params = array(
'client_id' => $this->getAppId(),
'client_secret' => $this->getAppSecret(),
'grant_type' => 'fb_exchange_token',
'fb_exchange_token' => $this->getAccessToken(),
)
);
}
catch (FacebookApiException $e) {
// most likely that user very recently revoked authorization.
// In any event, we don't have an access token, so say so.
return false;
}
if (empty($access_token_response)) {
return false;
}
//Version 2.2 and down (Deprecated). For more info, see http://stackoverflow.com/a/43016312/114558
// $response_params = array();
// parse_str($access_token_response, $response_params);
//
// if (!isset($response_params['access_token'])) {
// return false;
// }
//
// $this->destroySession();
//
// $this->setPersistentData(
// 'access_token', $response_params['access_token']
// );
//Version 2.3 and up.
$response = json_decode($access_token_response);
if (!isset($response->access_token)) {
return false;
}
$this->destroySession();
$this->setPersistentData(
'access_token', $response->access_token
);
}