[FacebookAuthorization] not working in changeset 50830 / new permissions API

May 26, 2010 at 6:41 PM

I am trying to implement the latest FDT source (changeset 50830) with the new Facebook permissions API.  This is an existing Iframe MVC app which has been working well up until now.  I am seeing exceptions and/or empty session data in any scenario except where the user is already logged in and is already an app user.

To simplify the repro of the problems I am seeing I made a very simple test controller:


    public class TestController : Controller
        [FacebookAuthorization(IsFbml = false)]
        public ActionResult Index()
            var api = this.GetApi();
            ViewData["userid"] = api.Session.UserId;
            return View();


And all the view does is display the userid from ViewData.

My expectation is that the user is prompted to log into facebook (if they are not already logged on) and prompted to add the app and accept app TOS (if they are not already an app user) prior to rendering the View which simply displays the userid.

Here is what actually happens:

If the user is not logged in and not an app user:

I get prompted to log in and prompted to add the app (good!)

Then I get an exception on line 473 of Utilities.cs,


	var o = serializer.Deserialize<T>(response);


The exception is "Invalid JSON Primitive", and a sanitized version of the response it is trying to parse is:


This looks like a double-response which I guess is what is triggering the exception.  How does this happen?  It doesn't happen on subsequent page requests, just the first one in this scenario.

After this I get an exception on line 155 of IFrameCanvasSession.cs where it tries to format the redirect URL, the exception is Input string is not in a correct format

Now at this point if I try to re-load the same page, it all works and the userid is displayed on the view correctly.  Setting a breakpoint on line 473 of Utilities.cs shows that this time, there is a single JSON object in the response (no repeats)

If the user is not logged in and is already an app user, OR if the user is logged in and is not an app user:

The View renders with no exceptions, but the session information is empty and the userID is 0.  

The user is never prompted to log in, and if they are not an app user already they are not prompted to add the app.  

I thought the point of the [FacebookAuthorization(IsFbml = false)] controller method decoration was to force a Facebook login, and that's how it worked on the 3.0 FDT.

Normally I would go on to do some FQL and other API calls requiring a current session and userID, and these would fail if I was in this state since userid == 0.  If I refresh the page it stays the same...userID == 0.

An interesting side note on the scenario where the user is logged in and is not an app user is that the app now appears in the user's list of installed applications, although the user was never prompted to add the app or accept TOS.

If the user is logged in and is an app user:

Works as expected.  UserID and session info are populated and available for use in other API calls.

I'm not sure if it is relevant, but I'm using .NET 4.0, MVC 2.0, and VS2010

Are there many folks using MVC with the FDT?  It looks like the MVC samples were pulled (they did exist at one point didn't they?  Or are we all just going off the Kevin Marshall blog post?)

May 27, 2010 at 7:48 PM

I have exactly the same problème.

Do you solve it ?

May 27, 2010 at 8:49 PM

No, not yet.  I was trying to implement the latest FDT changes so I could flip the "migrate to new permissions" switch on my app.  The deadline was June 1, but Facebook just announced that it was moving out to June 30, so there is a little more time to get it worked out now.  So for now my temporary "solution" is to stick with the old permissions mode and the FDT from a month or so ago.

May 29, 2010 at 4:53 PM

Hi, thanks

How to switch to old authentification mode ? Only on application facebook config on application page ?


May 31, 2010 at 6:01 PM

It is on the Migrations tab for your FB app settings

Jun 1, 2010 at 8:59 PM

I am using MVC in an iframe app and it is working great.  If you are using an iframe app and mvc, make sure you use this.GetApiIFrame().  I forgot i had made the GetApi() use iframe on my own branch, but another dev added the GetApiFrame() which is the right way to do it if you do both fbml and iframe and need to have both options available.  Hope this helps.  Yeah i also noticed that whenever you go to an app, even without allowing, it shows in users list.  I dont like how facebook does that.  It misleads the users.

Jun 2, 2010 at 12:47 AM

Thanks Jim!

I resolved my issue by disabling "New SDKs" in the Migrations settings.  So "New Data Permissions" is OK, but "New SDKs" is definitely not (at this time)

Aug 22, 2010 at 5:15 AM


I'm starting an MVC 2 facebook app from scratch using the developer toolkit.

I set up the web.config file with the appropiate Secret, ApiKey, Callback and AppID values and then created a control with this code:

    public class TestController : Controller
[FacebookAuthorization(IsFbml = false)]
public ActionResult Index()
var api = this.GetApi();
ViewData["userid"] = api.Session.UserId;
return View();

I thought this would display a login screen if the user is not logged in but it doesn't?

I think userid is always 0.

What am I doing wrong?

Aug 22, 2010 at 5:21 AM

I have been working on a new toolkit that is more about using .NET 4 and dynamics along with MVC 2 that you might find simpler to use for a green field project.  You can find it at http://facebooksdk.codeplex.com/

It is much easier to maintain as new features in facebook just work without adding a bunch of static classes every time.

Nov 17, 2010 at 11:56 PM

Hi all,

I am getting an error since few weeks now. The users get following error message when providing access to my app to publish feed and offline access extended permissions.

"An error occurred with App. Please try again later."

This used to work properly and still works if the user has already granted permission to the application. One thing, the users can log-in to the facebook, and then facebook displays the allow permission page and then when they press allow, the error pops out. I'm redirecting the user to following link:


Even though it may not be the relevant place to post this, I am desperate to solve the authentication issue.

I hope that somebody could help me figure out the problem.