This error arises when the Facebook SDK detects a potential security risk during the login process. The state parameter acts as a crucial security measure to prevent Cross-Site Request Forgery (CSRF) attacks. It ensures that the request to obtain a Facebook access token originates from your legitimate application and not a malicious source.

class FacebookAuthController extends Controller { protected $helpers = ['url', 'session']; // Load the URL and session helper

private $fb; // Declare Facebook object as a private property public function __construct() {     include_once APPPATH . "Libraries/vendor/autoload.php";     // Initialize Facebook SDK in the constructor     $this->fb = new Facebook([         'app_id' => '=',         'app_secret' => '',         'default_graph_version' => 'v11.0',     ]); } public function login() {     // Use the previously initialized Facebook object from the property     $fb = $this->fb;     // Redirect to Facebook's OAuth consent screen     $helper = $fb->getRedirectLoginHelper();     $redirectURL = base_url('auth/facebook/callback');     // Generate a CSRF token and save it in session     $csrfToken = bin2hex(random_bytes(32)); // Generate a random token     session()->set('csrf_token', $csrfToken);     $permissions = ['email']; // Specify the permissions you need     $loginURL = $helper->getLoginUrl($redirectURL, $permissions);     // Append the CSRF token to the login URL as state parameter     $loginURL .= '&state=' . $csrfToken;     return redirect()->to($loginURL); } public function callback() {     // Use the previously initialized Facebook object from the property     $fb = $this->fb;     try {         $accessToken = $fb->getRedirectLoginHelper()->getAccessToken();         if (!$accessToken) {             throw new Exception('No access token received');         }         // Validate CSRF token         $state = $this->request->getGet('state');         $csrfToken = session()->get('csrf_token');         if ($state !== $csrfToken) {             throw new Exception('CSRF token mismatch');         }         // Implement your Facebook API logic using $accessToken and $fb         // ... (e.g., get user data, store access token, create user account)         $userData = $fb->get('/me?fields=id,name,email', $accessToken);         $facebookData = $userData->getData();         // Example usage (replace with your specific logic)         if (isset($facebookData['email'])) {             $email = $facebookData['email'];             // ... (check user existence in your database, create account if needed) ...         }         // ... (Handle successful login) ...     } catch (\Facebook\Exceptions\FacebookResponseException $e) {         // Handle Facebook API response error         echo 'Facebook API Error: ' . $e->getMessage();     } } 

}`

Facebook SDK returned an error: Cross-site request forgery validation failed. Required param "state" missing.

I received FB email saying

Your app is currently accessing Graph API v13.0 which will reach the end of its 2-year lifetime on 28 May, 2024. We estimate 7 endpoints that App calls will be impacted by this change and may stop working after the automatic upgrade push.

However, when I go to the API Upgrade Tool, it said

Your app has no changes for the methods you selected between v13.0 and v19.0

Does it mean I don't need to do anything, e.g. upgrade my FB client library?

We have an application with Facebook that has been successfully granted several permissions in the past. I know that the process of getting app permissions with meta has always been unnecessarily difficult and I expected nothing less when applying for the 'Page Public Content Access' permission.

However, this has turned out to be substantially more challenging than predicted.

Initially we tried accessing the permission from our currently 'live' application which didn't work and were quickly guided by meta support to create a test application (a copy of the parent application) and attempt to use the endpoints/permissions based on this 'development' application.

This is what we did and we added the 'pages_show_list' and 'pages_read_engagement' permissions before requesting an access token in order to test the 'pages/search' endpoint that we would be screencasting for our permissions approval.

This though is giving us the exact same results

{ "error": {     "message": "(#10) This endpoint requires the 'pages_read_engagement' permission or the 'Page Public Content Access' feature or the 'Page Public Metadata Access' feature. Refer to https://developers.facebook.com/docs/apps/review/login-permissions#manage-pages, https://developers.facebook.com/docs/apps/review/feature#reference-PAGES_ACCESS and https://developers.facebook.com/docs/apps/review/feature#page-public-metadata-access for details.",     "type": "OAuthException",     "code": 10,     "fbtrace_id": "AICjKBRUbuIP8RrzxSfYG1C"   } } 

I feel like I've read the documentation a million times and it has not improved my understanding, nor my mood towards their application mechanism.

What are we doing wrong here?

While Integrating the Facebook login for business I am facing "It looks like this app isen't available". I have followed all the steps mention in the META documentation. please click here to refer the images which I have followed.

<!DOCTYPE html> <html> <head>     <title>Facebook Login JavaScript Example</title>     <meta charset="UTF-8">     <script type="text/javascript" src="<c:url value='/facebooksdk/js/fbsdk.js'/>"></script>     <script>         window.fbAsyncInit = function() {           FB.init({             appId      : APPID,             cookie     : true,             xfbml      : true,             version    : APIVERSION,             response_type: "code"           });           checkLoginState();         };         (function(d, s, id){            var js, fjs = d.getElementsByTagName(s)[0];            if (d.getElementById(id)) {return;}            js = d.createElement(s); js.id = id;            js.src = "https://connect.facebook.net/en_US/sdk.js";            fjs.parentNode.insertBefore(js, fjs);          }(document, 'script', 'facebook-jssdk'));       </script> </head> <body>       <fb:login-button onlogin="checkLoginState();"> </fb:login-button>     <div id="status">     </div> </body> </html> const APPID = "1450727115804587"; const APIVERSION = "v19.0"; const CONFIGID = "422168783777066"; function statusChangeCallback(response) { // Called with the results from FB.getLoginStatus().     console.log('statusChangeCallback');     console.log(response); // The current login status of the person.     if (response.status === 'connected') { // Logged into your webpage and Facebook.         testAPI();     } else { // Not logged into your webpage or we are unable to tell.         document.getElementById('status').innerHTML = 'Please log '             + 'into this webpage.';     } } function checkLoginState() { // Called when a person is finished with the Login Button.     FB.getLoginStatus(function (response) { // See the onlogin handler         statusChangeCallback(response);     }); } function testAPI() {     console.log('Welcome!  Fetching your information.... ');     FB.api('/me', function (response) {         console.log('Successful login for: ' + response.name);         document.getElementById('status').innerHTML = 'Thanks for logging in, '             + response.name + '!';     }); } 

Step 1 : Create a new app Note : I have selected Other option

Select an App Type -> I have selected an second option Business App Type

Provide App Name & Business Profile and click on Create App

(3.1) Business App details - Business app is verified

App Details : - Display Name - EduCRM - App Domain : educloud.app - Privacy policy & Terms of service Url : https://zdp2.educloud.app/lms/tandc - Category : Education - Image Update : Yes

Add Product “facebook login for business”

Click Setup button of Facebook Login for Business

• Vali Oatuh Redirect url - https://zur1.educloud.app/webhooks/fblogincallback/
• Trun on Javascript SDK option Allowed Domains for the JavaScript SDK : https://zur1.educloud.app

Facebook Login for business get Advance permission Permission requested pages_show_list ads_management
leads_retrieval pages_read_engagement
pages_manage_metadata
pages_read_user_content pages_manage_ads
pages_manage_engagement public_profile

Configuration Quick Start steps: Select Web option : to get SDK code Make the App live :

I've read the docs and try to make a function to upload image on facebook and get its api but it seems not work at all. (the access token have permisson to do that request so ye)

def upload_image(token, gid, image_path):         res = requests.post(f"https://graph.facebook.com/{gid}/photos", params={"access_token": token}, files={"source": open(image_path, "rb")})         print(res.text)         return res.json().get("id") 

The weird part is I kept getting the error #324 (Requires upload file).