I have a published Xamarin.Forms app. The app suggests users to authenticate via several OAuth authentication providers (Google, Facebook, Microsoft, Yandex, Vkontakte, Mail.Ru, Odnoklassniki).
On Windows the authentication via Facebook is built in the following way:
string clientID = "<client ID from facebook app settings>";
string startUri = "https://m.facebook.com/dialog/oauth/?" +
"client_id=" + clientID +
"&scope=" + "email,public_profile" +
"&redirect_uri=" + "https://m.facebook.com/connect/login_success.html" +
"&state=" + Guid.NewGuid().ToString("N") +
"&response_type=" + "token";
System.AggregateException: One or more errors occurred. --->
System.Exception: Exception from HRESULT: 0x800C0503
--- End of inner exception stack trace ---
---> (Inner Exception #0) System.Exception: Exception from HRESULT: 0x800C0503<---
I've been working closely with Facebook SDK support and Microsoft support on the issue. This is much like to be banged from two sides simultaneously while trying to be pleasant to yourself in the same time. Feeling myself spoiled and wasted yet satisfied.
Long story short I have a workaround which I now use just for the Facebook/Windows desktop combo:
//We need to instruct the WebAuthenticationBroker to end the scenario //somehow without specifying the callbackUri parameter. This is called //`an implicit callback Uri scenario` in which WebAuthenticationBroker //is expecting to see this Uri for the end: string callbackUri = WebAuthenticationBroker.GetCurrentApplicationCallbackUri().AbsoluteUri; //So we need to instruct Facebook authentication to finally redirect to this Uri. string startUri = "https://m.facebook.com/dialog/oauth/?" + "client_id=" + clientID + "&scope=" + "email,public_profile" + "&redirect_uri=" + callbackUri + "&state=" + Guid.NewGuid().ToString("N") + "&response_type=" + "token"; //The workaround is to go with the WebAuthenticationBroker.AuthenticateAsync //overload which does not accept the callbackUri parameter. WebAuthenticationBroker.AuthenticateAsync( WebAuthenticationOptions.None, new Uri(startUri)));
Neither Facebook nor Microsoft did a thing to be helpful in getting around this or provide any logical explanation on why this scenario has to be used for Windows desktop. I mention that again: on Windows Phone 8.1 / 10 the explicit callback Uri scenario works perfectly.
I have to mention that in order for such an implicit callback Uri to be accepted by Facebook authentication you need to include these Uris into the Valid OAuth redirect URIs setting of
Facebook login parameters for your app.
...another design masterpiece by Facebook. Argh.