Is there a reliable way of getting access token errors from the facebook platform?
Our iOS/Android App needs to save the users Facebook session. This is fine except that authentication errors we get from Facebook seem to be inconsistent.
Essentially, if we get an error from facebook, we want to know if this requires the user to reauthenticate or if it's due to an intermittent error (i.e. they are being rate limited for some reason).
Most facebook graph errors seem to include an error code in the body of the error message text.
Some do not.
e.g
{"error":{"message":"Error validating access token: The session is invalid because the user logged out.","type":"OAuthException"}}
Does not contain an error code, so the only way to check against this error is to do a string comparison on "message". That seems a remarkably unreliable way of checking for errors.
It seems ~almost~ possible to check to see if the "type" variable in the json string indicates an "OAuthException", except that if the user is rate limited, then that will throw an OAuthException as well but it doesn't require the user to log back in, it only requires them to wait a little while and stop posting so much.
I have seen the How-To listed here: https://developers.facebook.com/blog/post/500 but that will still have the problem that my games will require users to log back into facebook if they happen to be over-enthusiastic about posting to their wall.
So, is there a reliable way of getting errors from the facebook platform?
Right now the best solution I can find is to parse the message string for error codes, and if I don't find any then reparse the string looking for specific messages (such as "Error validating access token") and then finally if I can't determine what the error is, just panic and log the user out.
Unfortunately I haven't found a great way of handling this. The best solution I've found so far is to look to see if the error is an OAuthException, compare the error message against a white list of "acceptable failures" that do not require reauthentication, but if the error does not match any error on this white list, I assume that the user has to reauthenticate with Facebook.
For reference, the only error I've found that can be whitelisted is the "user is rate limited" error. To detect this, I check to see if the error message contains the substring "(#341)", which is the error code of this error (not that this error is one of the few errors that contains an error code in the error message body).
Related
I am trying to implement FIDO2 on Android. I have the assetlinks.json hosted on my domain (Sorry I don't want and not sure if I'm allowed to reveal the whole url yet).
I have the assets_statements string defined and added it to my Manifest and I also implemented the whole get register challenge logic where I am creating a pending intent from PublicKeyCredentialCreateOptions.
After I launch the intent I see a white screen which shows up and closes really fast without any descriptive error or anything and I have no idea how to debug this issue. The log shows:
ActivityTaskManager: Displayed com.google.android.gms/.fido.fido2.ui.Fido2FullScreenActivity
E/Fido: [DigitalAssetsAssociationChecker] JSON Object doesn't have linked key
E/Fido: [Fido2RequestController] The incoming request cannot be validated
E/Fido: [Fido2RequestController] The incoming request cannot be validated
On https://developers.google.com/digital-asset-links/tools/generator it says that my domain grants app deeplinking to my package name.
I am using com.google.android.gms:play-services-fido:18.1.0
The errors in the log are not helpful in any way and I'm not sure if I am still missing something here, any help would be appreciated.
OK, I figured it out by playing with the example app https://github.com/googlecodelabs/fido2-codelab and changing things around, so I'm going to answer my own question.
When requesting a registration challenge the RP.id field needs to be the same as your domain name.
On the sample the Rp.id value is "webauthn-codelab.glitch.me", I changed it to "webauthn.glitch.me" just to try out what would happen. Guess what, I'm getting the same errors as before:
E/Fido: [DigitalAssetsAssociationChecker] JSON Object doesn't have linked key
E/Fido: [Fido2RequestController] The incoming request cannot be validated
E/Fido: [Fido2RequestController] The incoming request cannot be validated
To conclude, be sure that the RP.id that get's returned from backend matches the domain url.
Also here is a link explaining RP id: https://www.w3.org/TR/webauthn-2/#relying-party-identifier
Got the same error JSON Object doesn't have linked key on Fido2ApiClient.getSignPendingIntent() call.
The solution for my case was to set real user key (aka id) in allowList.
Our app have a subscription option with various tiers.
We are validating the subscription tokens via the Google Purchases.subscriptions.get method :
GET https://www.googleapis.com/androidpublisher/v2/applications/packageName/purchases/subscriptions/subscriptionId/tokens/token
When validating some subscription tokens, we keep getting the following error :
{"error"=>{"errors"=>[{"domain"=>"global", "reason"=>"invalid", "message"=>"Invalid Value"}], "code"=>400, "message"=>"Invalid Value"}, "status"=>400}
While many of the subscriptions are okay, we are still experiencing a high volume of such "Invalid Value" validation responses.
At first we suspected it might be due to usage of apps like Lucky Patcher as mentioned here : enter link description here but it seems to cumbersome to be so common.
Please advice!
I've lunched the PubNub sample Android app and it works fine. Yet with my own pub/sub/secret keys, it doesn't.
While with Javascript in Chrome it works fine using my own keys. On Android i'm getting error "publish timed out" constantly.
Is it a known issue? How do I make it work?
Publish Timed Out Error on PubNub Network
This is an unhelpful error which is returned from the error callback within the PubNub Android SDK via Publish. The error reporting service is being upgraded currently and will provide better feedback for debugging. Currently the known errors which will occur on publish are the following:
Common Error Reasons
Invalid JSON
Message Too Large
Invalid Publish Key or Subscribe Key
Incorrect Origin
Note that because the error reporting service will always return "publish timed out", the actual error may be any of the above.
Valid JSON may be in the form of a "String", 123 (number), [1,2,3] (array) or an { 'object' : 'data } (object).
Messages can be up to 32K in size! We charge based on your average usage not your peaks. Also, make sure to double check your API Keys are in the correct order
PubNub is on Mashape! Visit our API Playground - https://www.mashape.com/pubnub/pubnub-network/ - and learn about some of the REST Endpoints available on the PubNub Global Real-time Network.
I am trying to connect to a site using the oAuth protocol, and I am getting the exception 'Received authentication challenge is null' on some devices when I attempt to make a https post. Now this was previously working in the emulator, but I now see the error there as well. I did a web search, and it seems like I would get this exception when I receive an 401 error from the site. Others said this was due to a malformed authentication header, but I am not setting a authentication header at all for this call.
This exact same code works on a number of devices, and used to work in the emulator (I cannot figure out what has changed). The person who runs the site has checked his logs, and does not see an error on his side at all. Does anyone have any idea what might be going on here?
Thanks.
I have found the problem. It turns out that if the time stamp on your oAuth call is incorrect, the server returns a 401 status error which on Android devices causes the "Received authentication challenge is null" exception to be thrown. All of the devices that were having this problem had incorrect times, and fixing the times fixed the problem.
Android I am using jTwitter
Twitter my_twiter = new Twitter("my_user_name","my_pass");
my_twiter.setStatus("hello world");
line 2 throws
winterwell.jtwitter.TwitterException$E403: Forbidden http://twitter.com/statuses/update.json (my_user_name)
what does that mean ??
One reason Twitter will return a 403 error is if you repeatedly post the same status message. That's probably what you've encountered here.
Try adding a random number to your test code, e.g.
my_twiter.setStatus("hello world "+new Random().nextInt(1000));
By the way, I see you're using the username/password login method. Twitter have announced they're switching that off - I think at the end of August. You may want to switch to OAuth. See the JTwitter homepage for details: http://www.winterwell.com/software/jtwitter.php
403 Forbidden: The request is understood, but it has been refused. An accompanying error message will explain why. This code is used when requests are being denied due to update limits.
Statuses over 140 characters will also cause a 403. But since you are just doing "hello world" that shouldn't be the case. The response body will contain a detailed error message.