View Full Version : Facebook "App Not Setup" Error

Marcia Booth
19-Aug-2015, 01:42 PM
I created a new user on Facebook to use it in my tests. When logging in as the new user, I get an error stating that the App Not Setup:


No error code or description were displayed in the sample. I checked OnLoginFail and all strings were empty. How come wpsErrorDesc is not populated with the explanation displayed on the screen?

The token displayed was shorter than a real token and, of course, the sample complained if I pressed Execute:

What settings should I check for my new Facebook user to make sure I can successfully login through the sample using that user?

19-Aug-2015, 06:06 PM
Mike will need to add you as a test user as his 'app' is still in testing mode on FB....they have a lengthy approval process...

Mike Peat
20-Aug-2015, 02:32 AM

That is correct: I had already added you - Marcia Booth - as a tester for the app (Chuck and Dennis are "Developers" for it, you, Frank, Randall and Focus are "Testers"). For a different FB ID I would need to set that up. If I am not already a FB "Friend" of that user (and since it is new I will not be), I will need its FB ID to add it. To find the account's FB ID, navigate to its personal page and the copy the browser's URL, then go to http://findmyfbid.com/, paste that into the form there and click the "Find Numeric ID" button. Let me know what that is and I can add the user.


20-Aug-2015, 03:39 AM
Or just click edit profile on the left and hover over your profile pic and you will see the id in the url in the status bar

Mike Peat
20-Aug-2015, 12:22 PM

"Marcia Daw Booth" is now a Tester.


Marcia Booth
22-Aug-2015, 05:42 PM
Thanks! It worked as expected.

About that - from the documentation that step is not clear:

… This means a user can have access to their resources from within your application without having to trust it beyond the "scope" (which is a term often used technically in the mechanism) of the access they wish to grant.

To use the OAuth 2.0 mechanism your application needs to direct the user to the vendor's OAuth 2.0 authentication and authorisation end-point (typically an HTTPS URL) where, if they are not currently logged-in to the vendor's service, they will first be asked to do so, they will then be asked if they wish to allow your application to access the requested resources on their behalf.

I thought their login through the app would be enough to access their information: I log in to the app using my app user/pwd (e.g. guest/guest) and then simply login to <vendor> (e.g. Facebook) when I request the app to access my information on <vendor>. The app wouldn’t need to know my <vendor> credentials at all.

The way I understood the process worked was that the application would need to register with Facebook (so Facebook knows who you are, gives your app access to their data, and is OK with exchanging information with your app through their API) and then users of the application would need to simply login to <vendor> to be able to get their info through the application.

If users need to be registered with your application, that makes the process a bit cumbersome – the application must know the user credentials (or a portion of it) so users can run the app. That seems to defeat the purpose of logging in to <vendor> as you, the application developer, will need to know who will be using your app beforehand and register them within the app as well.

Mike Peat
23-Aug-2015, 12:32 PM

The problem is that Facebook are very picky about allowing apps to access data. They want to know all about the app and what it is for and what it will do with the data before they will allow it general access. My explanation that it was only to be used for testing their OAuth mechanism did not impress them and basically they said no (it was more complicated than that) - I quote from their rejection:


Your instructions don't clearly explain how, why and where you're using the permissions you've requested. In order to approve your submission, we need to be able to reproduce the real experience that people will have when using your app.

Please provide the following information, in English, for each permission you are requesting:

A clear explanation of why your app requests this permission and how it is used to enhance a person's experience.

Detailed step-by-step instructions that will allow our review team to reproduce the use of this permission.

For sample explanations and step-by-step instructions please see our review documentation. (https://developers.facebook.com/docs/apps/review/#instructions)

I felt I had better things to do than try to persuade FB to let me play with their toys, so ATM the app - for FB only - remains "unreleased" in development mode, only accessible to nominated developers (me, plus Chuck and Dennis) and testers (you - twice! - Frank, Randall and Focus).

This is just a Facebook thing, not an OAuth thing. AFAIK it does not affect any of the other samples, although I am hoping that testing will confirm this (I didn't know about this feature of FB until others tried testing it, at which point I started adding developers and testers). Even with Facebook, the sample still demonstrates that the OAuth mechanism is actually working with it, it is just that they are restricting access to those nominated individuals.

If another developer wants to use the OAuth component to have their own app access FB data, they will have to have the battle with FB's gatekeepers about what it is going to do - it just doesn't seem worth the effort to try to persuade FB in the case of my sample app.


23-Aug-2015, 02:47 PM
That of course raises the ugly issue of working with FB and other apps that you are at their mercy. Makes me very leery about investing in development to talk to some of them as the investment (and our image in the customers eye) could be lost quick.

Chip Casanave
24-Aug-2015, 01:11 PM

Isn't it feasible to use a FaceBook ID in a web app purely for the purpose of validating a user's identity to access the resources of the web app? For example, let's say that I wanted to publish the web-order sample. Could I validate "Mike Peat" or "Fred Flintstone" as users of my app if they had initiated their relationship with the site using the very familiar "Sign in with your FaceBook ID" (see enclosed)?

Chip Casanave
24-Aug-2015, 01:18 PM

I think that the "ugly issue" is an issue and a business risk that just needs to be accepted depending upon the user base of the web site/app. If the typical user is going to expect to employ his Facebook or Twitter or whatever ID for access and if the publisher wants the site to grow, you just do it. The uglier issue is a site in which an investment is made that is not well accepted by the market that it is trying to capture because it does not confirm to expected norms.

24-Aug-2015, 01:34 PM
I thinks this particular usage is probably the most important and should end up being a DAC provided class. The interesting thing will be how much pain each developer has to go through to get their App allowed by Facebook. In fact what would really be helpful would be a class that handled your whole SignInSample!

Chip Casanave
24-Aug-2015, 04:27 PM
I agree regarding the potential broad usage for sign-in but from what I read here, I think that the app interface will need to be the developer's, not DAW's. Can anyone comment?

Remember too, what we're looking at is example code for popular web sites wrapped around OAuth 2.0. And it's consciously detached from DataFlex itself (that's why it's here in "Resources"). We are hoping that developers will expand upon what's been started and, as practical experience is gained, share their results and knowledge with the community.