Facebook debug token without using any SDK, just a HTTP GET request -

instead of using facebook sdk, i'm using http requests. here url i'm using log user application: (not real id or url)

https://www.facebook.com/dialog/oauth?   client_id=6545941f68498461   &redirect_uri=https://script.google.com/macros/s/hcz-irojhm/exec?   &response_type=token   &scope=publish_stream 

the documentation here. official facebook login

after user signs in facebook, website loads access token appended url. request response_type=token token, not code or both code , token.

according facebook documentation, confirming identity

because redirect flow involves browsers being redirected urls in app login dialog, traffic directly access url made-up fragments or parameters. if app assumed these valid parameters, made-up data used app potentially malicious purposes. result, app should confirm person using app same person have response data before generating access token them. confirming identity accomplished in different ways depending on response_type received above:

and because receiving token quote facebook documentation should apply me:

when token received, needs verified. should make api call inspection endpoint indicate token generated , app. can client or server, depending on use case.

for particular situation, there section titled, inspecting access tokens:

here quote facebook documentation:

whether or not app uses code or token response_type login dialog, @ point have received access token. however, same security reasons above, should perform automated check confirm token belongs person app expecting belong to, , app generated token. provide following graph api endpoint can used inspect access tokens:

get graph.facebook.com/debug_token?      input_token={token-to-inspect}      &access_token={app-token-or-admin-token} 

so, have parsed access token end of url, , made request server configured in example inspection, , can not work. have tried using generated app token , have tried using app id plus app secret, , nothing works. error message:

execution failed: invalid argument: 

if use facebook debugger

and paste in token returned login, works fine. information back. token i'm getting valid.

i'm using exact syntax inspecting access token, , i've checked every character many times spelling or syntax errors. there must else causing request rejected. test purposes, sending http request different url, because tokens portable, facebook allows requests different places, example, server.

why request failing?

i'm wondering if there apps script urlfetch service causing error. token valid. in online debugger, token fine. keep getting invalid argument error. get requests don't have payload, trying use payload, trying use parameter wouldn't me.

i muted httpexceptions, , got response back:

{"error":{"message":"unsupported request.","type":"graphmethodexception","code":100}} 

in facebooks receiving error codes table, there no code 100.

i set "escaping" : false thinking maybe there might character shouldn't escaped being escaped, did nothing.

maybe there in url fetch doesn't like. maybe need manually escape something.

okay, have figured out. google apps script urlfetchapp.fetch(getapptknurl, optnapptkn); not " | " character. if use character, execution failed: invalid argument: error, has nothing http request.

so, using app id , app secret access_token, divided " | " character produce error. and, app access token uses character divide app id , app token. maybe can figure out escape characters " | " character.

i found problem. facebook configures app token divider after app id.

appid|apptoken

the " | " character divider. character has escape code of %7c. in case, | character needed escaped in url. did that, started getting responses facebooks server.