not_authorized problem
Today I have huge problem with facebook connect. I've recieved not_authorized status when I tried to login to my website as facebook user.
But first thing first. I have tried to use FB connect on my websites, and everything works fine for me. Usually I'm using Firefox for daily work. So I've created app on facebook, and leave default settings for it. I've used Facebook SDK for JavaScript. After implementation and first tests It worked fine for me - I could login normally. But today product owner told me that he can't login via Facebook Connect on two different PCs. He used two different accounts, and he couldn't login on any of them...
So OK, we have problem that needs to be solved. He's using chrome on windows and safari on mac for his daily work. I've tested it in on my facebook account on every browser and I could login everywhere. So I tried to use my second facebook account for tests. And actually I have problem with login xD After clicking the Connect button, facebook dialog with authorization closed immediately. What the ...? After checking response from server I found what the problem was: not_authorized status every time. So I was checking multiple things that can be wrong
- My app wasn't in application center, so I couldn't removed it and try re-auth
- Our server is running on varnish so maybe there was the problem? But I can login with my second account so it's not that.
- I cleared all possible caches (drupal cache, browser cache, varnish cache, delete all cookies) - not_authorized
- I debugged all login code and still nothing. Status was always not_authorized
- I checked all docs for facebook login searching for ultimate solution and still nothing
- I asked around about my problem but no one knows the solution...
And FINALLY I've checked the developers.facebook.com for my app. I've noticed that "Sandbox mode" is ON and only administrators, developers and testers has access to my app..... epic fail xD
Solution
After turning sandbox mode off, any facebook user can login via FB connect. not_authorized is gone!
It's now default facebook settings after you create new application (sandbox mode on). So just be sure to turn it off before you go live with your website or add testers to your access list before you launch your product.