/** * Takes a valid code from a login redirect, and returns an AccessToken entity. * * @param string|null $redirectUrl The redirect URL. * * @return AccessToken|null * * @throws FacebookSDKException */ public function getAccessToken($redirectUrl = null) { if (!($code = $this->getCode())) { return null; } $this->validateCsrf(); $redirectUrl = $redirectUrl ?: $this->urlDetectionHandler->getCurrentUrl(); // At minimum we need to remove the state param $redirectUrl = FacebookUrlManipulator::removeParamsFromUrl($redirectUrl, ['state']); return $this->oAuth2Client->getAccessTokenFromCode($code, $redirectUrl); }
/** * Set the endpoint for this request. * * @param string * * @return FacebookRequest * * @throws FacebookSDKException */ public function setEndpoint($endpoint) { // Harvest the access token from the endpoint to keep things in sync $params = FacebookUrlManipulator::getParamsAsArray($endpoint); if (isset($params['access_token'])) { $this->setAccessTokenFromParams($params['access_token']); } // Clean the token & app secret proof from the endpoint. $filterParams = ['access_token', 'appsecret_proof']; $this->endpoint = FacebookUrlManipulator::removeParamsFromUrl($endpoint, $filterParams); return $this; }
/** * @dataProvider provideUris */ public function testParamsGetRemovedFromAUrl($dirtyUrl, $expectedCleanUrl) { $removeParams = ['state', 'code', 'error', 'error_reason', 'error_description', 'error_code']; $currentUri = FacebookUrlManipulator::removeParamsFromUrl($dirtyUrl, $removeParams); $this->assertEquals($expectedCleanUrl, $currentUri); }