Tag Archives: facebook

not_authorized Facebook problem

not_authorized status when Facebook Connectnot_authorized problem

Today I have huge problem with facebook connect. I've recieved not_authorized status when I tried to login to my website as facebook user.

But first thing first. I have tried to use FB connect on my websites, and everything works fine for me. Usually I'm using Firefox for daily work. So I've created app on facebook, and leave default settings for it. I've used Facebook SDK for JavaScript. After implementation and first tests It worked fine for me - I could login normally. But today product owner told me that he can't login via Facebook Connect on two different PCs. He used two different accounts, and he couldn't login on any of them...

So OK, we have problem that needs to be solved. He's using chrome on windows and safari on mac for his daily work. I've tested it in on my facebook account on every browser and I could login everywhere. So I tried to use my second facebook account for tests. And actually I have problem with login xD After clicking the Connect button, facebook dialog with authorization closed immediately. What the ...? After checking response from server I found what the problem was: not_authorized status every time. So I was checking multiple things that can be wrong

  • My app wasn't in application center, so I couldn't removed it and try re-auth
  • Our server is running on varnish so maybe there was the problem? But I can login with my second account so it's not that.
  • I cleared all possible caches (drupal cache, browser cache, varnish cache, delete all cookies) - not_authorized
  • I debugged all login code and still nothing. Status was always not_authorized
  • I checked all docs for facebook login searching for ultimate solution and still nothing
  • I asked around about my problem but no one knows the solution...

And FINALLY I've checked the developers.facebook.com for my app. I've noticed that "Sandbox mode" is ON and only administrators, developers and testers has access to my app..... epic fail xD


After turning sandbox mode off, any facebook user can login via FB connect. not_authorized is gone!

It's now default facebook settings after you create new application (sandbox mode on). So just be sure to turn it off before you go live with your website or add testers to your access list before you launch your product.



cURL CURLOPT_FOLLOWLOCATION issue with safe_mode/open_basedir

CURLOPT_FOLLOWLOCATION doesn't workToday I've encountered problem with the CURLOPT_FOLLOWLOCATION. I tried to get user profile picture from facebook with cURL. Unfortunately, on production server we have set open_basedir and follow location is not working;/ So I found some workaround of this issue. I created function that provides similar functionality for CURLOPT_FOLLOWLOCATION option. It's working when you are in safe_mode or you have open_basedir set.


function curl_follow_exec($ch)
    curl_setopt($ch, CURLOPT_HEADER, true);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    $data = curl_exec($ch);
    $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);

    if ($http_code == 301 || $http_code == 302) {
        preg_match('/(Location:|URI:)(.*?)\n/', $data, $matches);
        if (isset($matches[2])) {
            $redirect_url = trim($matches[2]);
            if ($redirect_url !== '') {
                curl_setopt($ch, CURLOPT_URL, $redirect_url);
                return curl_follow_exec($ch);
    return $data;

It just check if response code is 301 or 302, getting the location URL from headers and perform another cURL request for location URL. It is recurrence function and it will end when there's no redirection left. You can always add some counter and check if there's no more than 10 redirections for example. Just not to get into infinite loop with redirections.

Real-life usage

Example use here for grabbing profile image from facebook

public function getUserPicture($uid)
    $url = 'http://graph.facebook.com/' . $uid . '/picture?type=large';
    $ch = curl_init($url);
    $image = curl_follow_exec($ch);
    return $image;

$uid is facebook user id, you can get it for example from facebook api, when user will authorize your website for such informations. Function curl_follow_exec is taking one parameter which is curl handle. You can create curl handle with curl_init, set any option as you like and call curl_follow_exec instead of curl_exec.

You can read more about cURL, CURLOPT_FOLLOWLOCATION and other useful options in php manual here: http://php.net/manual/en/book.curl.php

Our services: