Enabling Facebook OAuth Strict Mode

Enabling Facebook OAuth Strict Mode

Version 1.4.0 or higher

As of March 2018 Facebook will invalid all OAuth requests from URLs not listed in the Valid OAuth redirect URIs field. This means is that Strict Mode is now required by default for all apps and that the URLs you use have to exactly match your site.

Navigate to the Facebook Login / Settings page on your Facebook App and add the below URL to the Valid OAuth redirect URIs input.

          http://your-site.com/wp-admin/admin.php?page=wpna_facebook&tab=api&wpna-action=facebook_login
          

n.b. The URLs need to match exactly, so if your site uses an SSL certificate please ensure you change it to https.

It should end up looking something like this.

Version 1.3.5 or less - (Historical use only. No longer valid)

If you followed  our guide to setting up a Facebook App you'll notice we disabled Strict Mode. This means that Facebook validates the OAuth redirection URL (the URL that's provided to redirect you back to your site after authorising the Facebook App) against your domain and not the exact URL. This is perfectly secure for 99%of cases, however should you wish to enable Strict Mode then please add the following URLs to the Valid OAuth redirect URIs input under the Facebook Login / Settings page on your Facebook App.

          http://your-site.com/wp-admin/admin.php?page=wpna_facebook&tab=api&fb_action=login_cb&rerequest=true
          http://your-site.com/wp-admin/admin.php?page=wpna_facebook&tab=api&fb_action=login_cb
          

n.b. The URLs need to match exactly, so if your site uses an SSL certificate please ensure you change it to https.

It should end up looking something like this.