How To Get Code For Facebook Login
Macedonio Heninger
So when using Facebook login, it turns out that if you set response_type to token or code%20token then the "response data is included as a URL fragment" on the URL that redirects to your app. Seriously, why? When would that ever be useful to anyone?
Anyway, I'm hoping that this is somehow security related and that it's there for a reason other than to annoy people, but I would otherwise like to know if there's a way to disable it, since I'm using Angular and it's a real pain to handle urls with hashbangs.
If I set a response_type of code only, the code is returned as a nice and clean query parameter, but I would like to receive both in order to perform additional validations. Is there a way to change this behaviour? Thanks.
EDIT:Well it turns out that setting a response_type of code returns #/= at the end of the url, so there's no way to get a clean querystring. It has already been established that there is no way to change this behaviour, but I'm still interested in finding out why Facebook is doing it. Is it security related? What is the purpose of these url fragments?
To your main question, as far as I know, you can not change how Facebook redirects successful authorizations. Facebook doesn't give you the token as a clean query parameter. If you use token or code token, what you want will be in the hash fragment. Sorry.
NOTE: This may not be a problem for you. I'm not sure what you want with "additional validations", but when you use code token, exchanging the resulting code gets you a different token than the one you just got embedded in the URI. Both are now valid and will expire separately. Really, you probably need either the code or the token; both won't help you since they're not linked.
You have everything you need to call the Facebook APIs. The access token returned is valid, but should probably be checked against Facebook's token inspection endpoint if you're doing something server-side. (Really, at that point, just use code. I've never done it this way, so good luck.)
Now you have both an access token and a code (that expiration applies to the token, not the code). As stated earlier, that code can be exchanged for an access token in the usual way, but the returned access token will be different from the one you just got embedded in the URI.
I don't have any problem with my account at all, all 100% fine. I'm just trying to TEST the recovery codes of this page. When clicking on "show codes", I can see the 10 alphanumeric two word codes clearly. However, I can't find any place to input them.
If I go to incognito mode (to not get log-in automatically) and then to the Facebook login screen in the desktop or on Android Chrome.
Where do I put them?
In the password field?
If so, what do I put in the username field?
Desktop: If the correct way is to click on "Forgot account", and then use them to reset password, as it says when you continue that path, then that's bad, because, I don't want to reset my password. Now, Facebook says clearly in the page linked before:
The recovery codes are used for 2 Factor Authentication if you don't have your phone. So after you log into Facebook on a new device, you would enter the recovery code instead of the code that gets SMSed to you (or you get out of an authenticator app like Google Authenticator).
John C's answer is incorrect. There is no way to access your account if you have two-part authentication on and have lost your phone. Period. The recovery codes are eight-digit. Authentication codes are six. If you input recovery code (any of the ten) into the two-part authentication box, you will get an error:
You can submit a request via the link in the box "need another way to authenticate" but you must submit a picture ID, then the email you get back is one to reset your password. Once you do that, it goes back to the two-part authentication box and you're back where you started. So..., if you lose the phone that you set up two-part authentication with, you will NEVER be able to access your Facebook account again. Start another account.
If your end goal is to log into Facebook, you can also generate a physical security key via USB or NFC. These two methods depend heavily on the device you are using; therefore, it is better to have a plan B handy.
The very concept of Facebook Code Generator works closely with two-factor authentication. This feature is based on security and helps in protecting Facebook accounts in addition to password protection.
By using Code Generator, one can easily get two-factor authentication codes without even using a mobile number. For instance, if you are in a region with no mobile network, you can easily use this tool to generate a code for a login.
We already know that the Code Generator is readily available in the Facebook app for iOS and Android. But what if you break your phone or lose it. That could be a problem if your primary source of accessing the Code Generator is your phone.
For those who lost a tablet or laptop etc. there is the option of logging out of Facebook from other devices. Needless to say, this does not require setting up a mobile number and subsequently removing it.
As you select a new phone number for two-factor authentication, Facebook will use it to facilitate future login. In case someone tries to log in to your Facebook from an unknown device, a verification code will be sent.
As you add a new email address to receive login alerts, Facebook will notify you whenever someone tries to log into your account using an unknown device. You will get an email alert informing you about the login attempt.
I also tried downloading the app on PC, with idea to connect. this forced me to merge my oculus account into my facebook account, then forced merging my facebook account into a meta account, so now I have no Idea what I should be using. This forum seems to require my original oculus account.
The crux is that when I try to login on the quest, it now asks for a 6 digit code. But it doesn't say how or where it was sent. It certainly has not been emailed to me, it's not appeared in facebook, nor messenger. I can't think of anywhere else it would have been sent.
The whole login and authentication system is so cumbersome, bug ridden and pointlessly over the top - I just want to play some games, but cant even do that since some weeks due to this broken code system.
Same here. I keep one number so this doesn't happen so whatever number they have was made by them & I wasn't informed. Also I downloaded the free Resident Evil 4 & linked my facebook account as well so sending me an email for a pass code shouldn't be a problem, you'd think
Hey Nutmix! We know how important it is to be able to get into your device without having to go through all these issues. We like for this process to be as easy as possible. This is something we are looking into but let's give you some tips to help you out:
Hey Nutmix! Just wantiing to reach back out to you to see if you are still needing help with the pairing code? Let us know if the suggestions helped and if not go ahead and send us a private message so we can look more into this. You can send us a PM by doing the following:
Please select our name to get to our profile page, or click here: Next, click "Send a Message" to privately message us! Please remember, you must be signed into the community first to send us a private message.
I tried the headset again today. This time it asked me to go through a new pairing routine which involved having to go to the meta website, and enter pairing codes, instead of asking for a 6 digit code. This seems to have worked. I haven't managed to actually play a game yet though.
Hey Nutmix, we're glad to hear your pairing code worked! Let us know if you're able to play games and use your device successfully. The option to send us a PM for additional support is always there, and we'd be more than glad to help you resolve any issues you may experience. Happy gaming!
Having trouble with a Facebook or Instagram account? The best place to go for help with those accounts is the Facebook Help Center or the Instagram Help Center. This community can't help with those accounts.
This is not a blog post about travel, history, nature, or tea, although, as always, a lot of tea was consumed in the composition of it. Instead, I hope this serves as a cautionary tale about how to potentially avoid the mistakes that have seen me locked out of Facebook for over a month. While I am all in favour of digital detoxes, this is not exactly what I had in mind!
Second, they activated two-factor authentication. This is supposed to increase the security of a system because you need to enter a code in addition to your password. The problem occurs when, again, it points away from the account owner and to the hackers instead.
I am always sorry to hear about people experiencing Facebook hacking and I completely understand your frustration, but I do not have any additional information beyond what is published here.
When you go through the process of sending a photo of your ID to be verified and you receive the email from Facebook confirming your ID is accepted with a link to reset your password, DO NOT CLICK THE LINK IN THE EMAIL!!!! Instead, follow the instructions further down in the email which says something along the lines of
All of the information I have about the Facebook two-factor authentication problem is listed in this blog post. I will no longer be responding to emails or messages regarding this issue since I cannot provide any further assistance.
I was just wondering if you ever got a reply from facebook/ managed to get back in? Like you, I have about a decade of photos on there, and also just feel really uncomfortable that a hacker still has access to my account!
Hi there! The same thing happened to me and I am STRUGGLING. I run multiple facebook accounts for my clients through my personal account and am at a complete loss. If you have found a solution, please do share!