Don't use type=client_cred, this is not the access token that a user grants for your app to use. You don't need redirect_uri or code or any approval to get the client_cred type access token.

Facebook implements an early draft of OAuth 2 at this time. So there is not support for "state" yet.

But it is nice that you can suffix your state to the redirect_uri, the important point to note here is that the site url that you specified (which is the redirect_uri)

不要使用 type=client_cred，这不是用户授予您的应用程序使用的访问令牌。您不需要 redirect_uri 或代码或任何批准来获取 client_cred 类型的访问令牌。

Facebook 此时实施了 OAuth 2 的早期草案。所以还不支持“状态”。

但是很高兴您可以将您的状态后缀到redirect_uri，这里要注意的重点是您指定的站点url（即redirect_uri）

should not have a

不应该有

question mark at the end or anywhere in what you suffix as client state, encoded or not. If you did, you will get the dreaded "Error validating verification code"

在末尾或任何您作为客户端状态后缀的任何地方添加问号，无论是否编码。如果你这样做了，你会得到可怕的“验证验证码错误”

Don't use like that

不要这样使用

http://www.Redirect.com?

http://www.Redirect.com？

Correct Url is http://www.Redirect.com/

正确的网址是http://www.Redirect.com/

Hope it helps.

希望能帮助到你。

This works for me :-)

这对我有用:-)

header('Location: https://graph.facebook.com/oauth/access_token?' . http_build_query(array(
    'client_id'     => FB_APP_ID,
    'type'          => 'client_cred',
    'client_secret' => FB_SECRET,
    'code'          => $code)));

Of course you would use file_get_contents instead and parse the token out of the response

当然，您会改用 file_get_contents 并从响应中解析令牌

I ran into the exact same problem but it turned out the issue is not the encoding of the redirect_uri parameter, or that I had a trailing slash or question mark it's simply that I passed in two different redirect urls (had not read the specification at that time).

我遇到了完全相同的问题，但结果证明问题不是 redirect_uri 参数的编码，或者我有一个尾部斜杠或问号，这只是我传入了两个不同的重定向 url（当时没有阅读规范时间）。

The redirect_uri is only used as a redirect once (the first time) to redirect back to the relying party with the "code" token. The 2nd time, the redirect_uri is passed back to the auth server but this time it's not used as you'd expect (to redirect) rather it's used by the authentication server to verify the code. The server responds with the access_token.

redirect_uri 仅用作重定向一次（第一次），以使用“代码”令牌重定向回依赖方。第二次，redirect_uri 被传递回身份验证服务器，但这次它没有像您期望的那样使用（重定向），而是由身份验证服务器使用它来验证代码。服务器使用 access_token 进行响应。

http://tools.ietf.org/html/draft-ietf-oauth-v2-05#section-3.5.2

http://tools.ietf.org/html/draft-ietf-oauth-v2-05#section-3.5.2

You'll notice facebook documentation (which is terrible) says fetch"Exchange it for an access token by fetchinghttps://graph.facebook.com/oauth/access_token. "

您会注意到 facebook 文档（这很糟糕）说fetch“通过获取https://graph.facebook.com/oauth/access_token 将其交换为访问令牌。”

In summary, I didn't have to encode or do anything special to the Uri, just pass in the same redirect_uri twice, and fetchthe 2nd page to get the access_token inside.

总之，我不需要对 Uri 进行编码或做任何特殊的事情，只需传入相同的 redirect_uri 两次，然后获取第二页以获取其中的 access_token。

You can request an access token via terminal (OSX Users) using curl:

您可以使用 curl 通过终端（OSX 用户）请求访问令牌：

curl -F type=client_cred -F client_id=xxxxxxxxxxxxxxx -F client_secret=c0f88xxxxxxxxxxxxxxxxxx1b949d1b8 https://graph.facebook.com/oauth/access_token

Once you have your access token you can then use it in future curl requests to makes changes via the new graph API:

获得访问令牌后，您可以在未来的 curl 请求中使用它，通过新的图形 API 进行更改：

Post a message to a profile id:

向个人资料 ID 发布消息：

curl -F 'access_token=xxxxxxxxxxxxx|mGVx50lxxxxxxxxxxxxhzC2w.'  -F 'message=Hello Likers'  -F 'id=1250000000000905'  https ://graph.facebook.com/feed

Please note that

请注意

'type' => 'client_cred',

'type' => 'client_cred',

is only a way to circumvent the below, having said that, the above also works

只是一种规避下面的方法，话虽如此，上面也有效

After the user authorizes your application, we redirect the user back to the redirect URI you specified with a verification string in the argument code, which can be exchanged for an oauth access token. Exchange it for an access token by fetching https://graph.facebook.com/oauth/access_token. Pass the exactsame redirect_uri as in the previous step:

在用户授权您的应用程序后，我们将用户重定向回您使用参数代码中的验证字符串指定的重定向 URI，该字符串可以交换为 oauth 访问令牌。通过获取https://graph.facebook.com/oauth/access_token 将其交换为访问令牌。传递精确相同REDIRECT_URI在前面的步骤：

via: by: http://developers.facebook.com/docs/apisee also: http://forum.developers.facebook.net/viewtopic.php?pid=238371

通过：通过：http: //developers.facebook.com/docs/api另见：http: //forum.developers.facebook.net/viewtopic.php?pid=238371

Try to follow the API, i.e without typebut add redirect_uriand code(even though we don't need it):

尝试遵循 API，即没有type但添加redirect_uri和code（即使我们不需要它）：

$token = file_get_contents('https://graph.facebook.com/oauth/access_token?client_id=<app_id>&client_secret=<app secret>&redirect_uri=<url>&code=<code>');

Maybe your problem is solved but i yet not found accepted answer from you and maybe this answer helps those who face similar problem

也许你的问题已经解决了，但我还没有找到你接受的答案，也许这个答案可以帮助那些面临类似问题的人

First we have to Create our Application instance.

首先，我们必须创建我们的应用程序实例。

$facebook = new Facebook(array(
  'appId' => '149865361795547',
  'secret' => 'ee827a8df6202e1857b3fc28f3185a61',
  'cookie' => true,
)); 

easy way to get access_token

获取access_token 的简单方法

$token = $facebook->getAccessToken();

get page status as you ask in your question

在您提出问题时获取页面状态

$response = $facebook->api($pageID . '/feed','get',$token);

thanks..

谢谢..

Sorry for posting in old question. Due to changes in recent fb access. I have this code working and thought I would post for anyone else requiring help. This method works great with jQuery ajax and eliminates the redirect_uri given example from facebook.

抱歉在旧问题中发帖。由于最近fb访问的变化。我有这个代码工作，并认为我会为其他需要帮助的人发布。此方法适用于 jQuery ajax，并消除了 facebook 中给定示例的 redirect_uri。

$ch = curl_init("https://graph.facebook.com/oauth/access_token?client_id=INSERT_YOUR_APP_ID_HERE&client_secret=INSERT_YOUR_APP_SECRET_HERE&grant_type=client_credentials");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_NOSIGNAL, 1);
curl_setopt($ch, CURLOPT_TIMEOUT_MS, 30000);
$data = curl_exec($ch);
$curl_errno = curl_errno($ch);
$curl_error = curl_error($ch);
curl_close($ch);

if ($curl_errno > 0) 
{
        echo "cURL Error ($curl_errno): $curl_error\n";
} 
else 
{
    echo $data;
}

outputs a public available access_token for showing to non facebook users. i.e a facebook page feed wall via graph api for websites. access_token=191648007534048|eVilnMh585rlQLZLvBAmqM6s-1g

输出一个公共可用的 access_token 以显示给非 Facebook 用户。即通过网站的图形 API 的 facebook 页面提要墙。access_token=191648007534048|eVilnMh585rlQLZLvBAmqM6s-1g

phpfacebookoauth2facebook-accesstokenfacebook-oauth

php facebook oauth2 facebook-accesstoken facebook-oauth

You can also get this error if your connect URL isn't a base of your redirect URI. For example

如果您的连接 URL 不是重定向 URI 的基础，您也会收到此错误。例如

Connect URL: http://www.example.com/fb/connect/

Redirect URI: http://www.example.com/fb/connect/redirect

I ran into an issue where my redirect URI was the same as the connect URL, but I forgot the trailing / on the redirect URI so FB saw them as different and failed the auth.

我遇到了一个问题，即我的重定向 URI 与连接 URL 相同，但我忘记了重定向 URI 上的尾随 /，因此 FB 认为它们不同并且未通过身份验证。

Make sure you have url encoded your query parameters, your one should actually be:

确保您对查询参数进行了 url 编码，您的查询参数实际上应该是：

000000000000%7CAaaAaaAaaAAaAaaaaAaaAa0aaAA

Note: also the type parameter seems to be required, without it you also get 500 error with message:

注意：似乎还需要 type 参数，如果没有它，您还会收到 500 错误消息：

{
   "error": {
   "type": "OAuthException",
   "message": "Error validating verification code."
   }
}

rather than the message you get with other missing parameters. Cannot see that mentioned in the documentation.

而不是您收到的其他缺少参数的消息。看不到文档中提到的。