This error arises when the Facebook SDK detects a potential security risk during the login process. The state parameter acts as a crucial security measure to prevent Cross-Site Request Forgery (CSRF) attacks. It ensures that the request to obtain a Facebook access token originates from your legitimate application and not a malicious source.

class FacebookAuthController extends Controller { protected $helpers = ['url', 'session']; // Load the URL and session helper

private $fb; // Declare Facebook object as a private property public function __construct() {     include_once APPPATH . "Libraries/vendor/autoload.php";     // Initialize Facebook SDK in the constructor     $this->fb = new Facebook([         'app_id' => '=',         'app_secret' => '',         'default_graph_version' => 'v11.0',     ]); } public function login() {     // Use the previously initialized Facebook object from the property     $fb = $this->fb;     // Redirect to Facebook's OAuth consent screen     $helper = $fb->getRedirectLoginHelper();     $redirectURL = base_url('auth/facebook/callback');     // Generate a CSRF token and save it in session     $csrfToken = bin2hex(random_bytes(32)); // Generate a random token     session()->set('csrf_token', $csrfToken);     $permissions = ['email']; // Specify the permissions you need     $loginURL = $helper->getLoginUrl($redirectURL, $permissions);     // Append the CSRF token to the login URL as state parameter     $loginURL .= '&state=' . $csrfToken;     return redirect()->to($loginURL); } public function callback() {     // Use the previously initialized Facebook object from the property     $fb = $this->fb;     try {         $accessToken = $fb->getRedirectLoginHelper()->getAccessToken();         if (!$accessToken) {             throw new Exception('No access token received');         }         // Validate CSRF token         $state = $this->request->getGet('state');         $csrfToken = session()->get('csrf_token');         if ($state !== $csrfToken) {             throw new Exception('CSRF token mismatch');         }         // Implement your Facebook API logic using $accessToken and $fb         // ... (e.g., get user data, store access token, create user account)         $userData = $fb->get('/me?fields=id,name,email', $accessToken);         $facebookData = $userData->getData();         // Example usage (replace with your specific logic)         if (isset($facebookData['email'])) {             $email = $facebookData['email'];             // ... (check user existence in your database, create account if needed) ...         }         // ... (Handle successful login) ...     } catch (\Facebook\Exceptions\FacebookResponseException $e) {         // Handle Facebook API response error         echo 'Facebook API Error: ' . $e->getMessage();     } } 

}`

Facebook SDK returned an error: Cross-site request forgery validation failed. Required param "state" missing.