[QuickFix] Login Error: "We need your email in order to continue. Please try loging again.

[jonaphin]

Hi,

I know many users are having trouble with the plugin right now. The issue lies in the fact that many apps are secured with the appsecrect_proof parameter as per the FB Documentation.

As a quick fix people can just edit the login_or_register_user() function of wp-facebook-login/public/class-facebook-login-public.php
and modify add_query_arg to also carry the appsecret_proof parameter.

        $app_access_token = $_POST['fb_response']['authResponse']['accessToken'];
        $app_secret = '<your app secret>';
        $appsecret_proof = hash_hmac('sha256', $app_access_token, $app_secret);

        // Get user from Facebook with given access token
        $fb_url = add_query_arg( array(
            'fields'                   =>  'id,first_name,last_name,email,link',
            'access_token'     =>  $_POST['fb_response']['authResponse']['accessToken'],
            'appsecret_proof' => $appsecret_proof
        ), 'https://graph.facebook.com/v2.4/'.$_POST['fb_response']['authResponse']['userID'] );

Your plugin will have to probably take this case into account and expose the app_secret field in the settings.

Please let me know if you have any question.

[timersys]

Hi @jonaphin, yes I had some users reporting that issue but I was never able to replicate it. I will include the extra security on the next version.

Thanks!

[timersys]

Added!