There are presently (as of March 2011) undocumented requirements regarding what makes a valid redirect_uri.

目前（截至 2011 年 3 月）有关于什么是有效的 redirect_uri 的未记录要求。

First, both redirect_uri paramaters to authorize and access_token must match.

首先，要授权的 redirect_uri 参数和 access_token 都必须匹配。

Apparently Facebook (or rather OAuth2) is using the redirect_uri as a internal key to encode the code returned for the access_token request. It's kinda clever since it verifies back to your site. It explains why the access_token request which wouldn't otherwise need a redirect_uri parameter requires one.

显然，Facebook（或者说 OAuth2）正在使用 redirect_uri 作为内部密钥来编码为 access_token 请求返回的代码。这有点聪明，因为它会验证回您的网站。它解释了为什么不需要 redirect_uri 参数的 access_token 请求需要一个。

Second, you cannot use many special characters in the redirect_uri.

其次，您不能在 redirect_uri 中使用许多特殊字符。

A lot of discussion rages whether parameters can be passed at all. They can, you're limited which characters are valid but no one has published a list that I know. Traditional methods like url/html encoding will fail because percent(%) is not valid. Slash (/) is not valid either so a nested redirection url will always fail. The ONLY way to overcome the special char limitation is to encode the value of the parameter to base64. If you're using ASP.NET, look up Convert.ToBase64.

很多讨论都在激烈讨论是否可以传递参数。他们可以，您可以限制哪些字符有效，但没有人发布过我知道的列表。像 url/html 编码这样的传统方法会失败，因为百分比 (%) 无效。斜线 (/) 也无效，因此嵌套重定向 url 将始终失败。克服特殊字符限制的唯一方法是将参数值编码为 base64。如果您使用的是 ASP.NET，请查找 Convert.ToBase64。

Lastly, and this is more of a side-note. There are a lot of programmers passing along misinformation that a simple solution is to pass type=client_cred. This may limit your access to some of the permissions you requested in your authorization. It is inadvisable.

最后，这更像是一个旁注。有很多程序员传递错误信息，一个简单的解决方案是传递 type=client_cred。这可能会限制您访问您在授权中请求的某些权限。这是不可取的。

Had the same problem all day when testing with redirect_uri=http://localhost:8000(encoded to http%3A%2F%2Flocalhost%3A8000)...

使用redirect_uri=http://localhost:8000（编码为http%3A%2F%2Flocalhost%3A8000）进行测试时一整天都遇到了同样的问题......

Solution was simply to make sure to put the trailing slash /on the end of the uri. So redirect_uri=http://localhost:8000/(encoded to http%3A%2F%2Flocalhost%3A8000%2F).

解决方案只是确保将尾部斜杠/放在 uri 的末尾。所以redirect_uri=http://localhost:8000/（编码为http%3A%2F%2Flocalhost%3A8000%2F）。

Again, make sure the redirect_uriis identical for both requests.

再次确保redirect_uri两个请求的 相同。

I have had this problem. I knew for a fact that my URLs were the same because I used a class with the same $var, but I kept getting the 400 response and that error in the JSON response.

我遇到过这个问题。我知道我的 URL 是相同的，因为我使用了一个具有相同 $var 的类，但我一直收到 400 响应和 JSON 响应中的错误。

The only thing I did was change my redirect_uri from:

我所做的唯一一件事就是将我的 redirect_uri 更改为：

http://myredirecturi.com

to

到

http://myredirecturi.com/

Yeh, just added the trailing slash and it worked.

是的，只是添加了尾部斜杠并且它起作用了。

You don't really need to encode, just put the '/' at the end of your redirect_url and everything should be fine!

你真的不需要编码，只需在你的redirect_url末尾加上'/'，一切都应该没问题！

Part of the information given by Aaron Wheeler is incorrect.

Aaron Wheeler 提供的部分信息是不正确的。

It is true that the 'redirect_uri' parameter must be identical in both requests, however it is perfectly possible to URL encode a regular URLand use that as the value for the 'redirect_url' parameter, so long as you're careful to further URL encode any inline URLs.

确实，两个请求中的“redirect_uri”参数必须相同，但是完全有可能对常规 URL 进行 URL 编码并将其用作“redirect_url”参数的值，只要您小心进一步的 URL对任何内联 URL 进行编码。

For instance, you wish facebook to redirect to the following URL:

例如，您希望 facebook 重定向到以下 URL：

http://www.mysite.com/Users/oAuthComplete?my_param_1=/Party/pants

Attempting to redirect the user to

试图将用户重定向到

'https://www.facebook.com/dialog/oauth?client_id=12345&redirect_uri='
. urlencode('http://www.mysite.com/Users/oAuthComplete?my_param_1=/Party/pants');

Will fail as /Party/Pantscreates an invalid URL

将失败，因为/Party/Pants创建了无效的 URL

However, redirecting to

但是，重定向到

'https://www.facebook.com/dialog/oauth?client_id=12345&redirect_uri='
.urlencode('http://www.mysite.com/Users/oAuthComplete?my_param_1='
.urlencode('/Party/pants'));

Will work as expected.

将按预期工作。

If you are using the returned the redrect_uri value in the second, authenticate application request, be sure to url encode again - the value is automatically URL decoded when populating the $_GET superglobal. - This is what tripped me up.

如果您在第二个验证应用程序请求中使用返回的 redrect_uri 值，请确保再次进行 url 编码 -该值在填充 $_GET superglobal 时会自动进行 URL 解码。- 这就是让我绊倒的原因。

'https://graph.facebook.com/oauth/access_token?client_id=12345&&client_secret=SECRET&code=1234567'
.urlencode('http://www.mysite.com/Users/oAuthComplete?my_param_1='
.urlencode($_GET['my_param_1']));

P.s. In your actual code, I'd recommend using sprintf() rather than chaining string together like in my example, for better readability.

Ps 在您的实际代码中，我建议使用 sprintf() 而不是像我的示例中那样将字符串链接在一起，以获得更好的可读性。

From what I can see, the problem here is that the redirect_uri must end with '/' and not contain '?' or other special characters. I think that is why you are getting 'Error validating verification code'. This error only appears if you are using file_get_contents(), and not when using the facebook php library. This is the solution for php, don't know if this error appears in other SDK's.

从我所看到的，这里的问题是redirect_uri 必须以'/' 结尾并且不包含'?' 或其他特殊字符。我认为这就是您收到“验证验证码时出错”的原因。此错误仅在您使用 file_get_contents() 时出现，而在使用 facebook php 库时不会出现。这是php的解决方法，不知道其他sdk有没有出现这个错误。

I'm not sure if it will help, but i would suggest to encode only values in the url. Not the whole thing. eg:

我不确定它是否会有所帮助，但我建议只对 url 中的值进行编码。不是全部。例如：

redirect_uri='http://localhost/test_blog/index.php?r='.urlencode('site/oauth2');

I was having the pb and finally fix it adding the type=client_cred parameter in the url.

我正在使用 pb 并最终修复它，在 url 中添加 type=client_cred 参数。

I just had the same problem.

我只是遇到了同样的问题。

Admittedly, I am a super n00b so excuse me if this solution doesnt make any sense in actual practice.

诚然，我是一个超级 n00b 所以如果这个解决方案在实际实践中没有任何意义，请原谅我。

I simply set a short fuse cookie (1-2 min) with a test variable in the page with my FB Connect button. When FB came back with information to my data parsing/handling script I checked for this cookie where I was redirecting it and if found, directed the user to the proper URL using header:location.

我只需使用我的 FB Connect 按钮在页面中设置一个带有测试变量的短保险 cookie（1-2 分钟）。当 FB 将信息返回给我的数据解析/处理脚本时，我检查了重定向它的 cookie，如果找到，则使用 header:location 将用户定向到正确的 URL。

Of course some browsers/users etc disable cookies. This obviously wont work there (maybe use a session var and destroy it in the fb data handler?) I am sure there is a better way to do it but at the moment, this bandaid works.

当然，某些浏览器/用户等会禁用 cookie。这显然不会在那里工作（也许使用会话变量并在 fb 数据处理程序中销毁它？）我相信有更好的方法来做到这一点，但目前，这个创可贴有效。

The answer for me was this:

我的答案是这样的：

$user = $facebook->getUser();     
if (!$user) {
    $loginUrl = $facebook->getLoginUrl(array(
        'scope' => '',
        'redirect_uri' => $this->domain,
    ));
    print('<script> top.location.href=\'' . $loginUrl . '\'</script>');
}

I've been cracking my head a long time before I found this solution, seeming I am not the only one with this issue I hope this works for you to!

在找到这个解决方案之前，我一直在努力解决这个问题，似乎我不是唯一一个遇到这个问题的人，我希望这对你有用！