API Calls From The Server Require An Appsecret_proof Argument

I can't make API requests with the Android Facebook SDK, or even get the user from the login callback - it always returns null. Particularly, with the newMeRequest, I get the follo

Solution 1:

The only way that I was able to put it working, was by settings to No the App Secret proof for API calls in the advanced settings of the facebook App.

However, this is a fix, not a solve, since I wasn't able to do the request in the option set to Yes (as is possible in the iOS facebook sdk).

Solution 2:

you need to add a parameter "appsecret_proof" to your request containg a 'sha256' hash of accessToken and appSecret

https://developers.facebook.com/docs/graph-api/securing-requests

Solution 3:

You need to disable Require App Secret in facebook app advance settings.

Solution 4:

While not an actual answer to your question (since it doesn't involve the Android SDK), it seems that, as of March 2018, there still are some issues regarding the appsecret_proof and calls from web page (Javascript) / and possibly mobile (not sure about that) clients.

Facebook bug report (February 2018) - issue reappeared

Facebook bug report (October 2016)

Facebook bug report (February 2015)

That is, for an application with Require App Secret enabled App Dashboard > Settings > Advanced > Security > Require App Secret, it seems that one cannot perform API calls from Javascript without passing the appsecret_proof - at the moment of writing (March 2018).

Quick "fix" - disable the flag. Depending on the requirements, one may also choose to have two Facebook applications: one for web page / mobile calls (flag disabled), and one for server side calls (flag enabled).