When trying to login with a Facebook app, I'm getting the following error:

Can't Load URL: The domain of this URL isn't included in the app's domains. To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings.

As you can see on the following image:

URL: http://www.facebook-php-test.com

Below is the configuration I have set on my Facebook App.

(Notice: for privacy purposes I changed the values for App ID and App Secret on the image)

The code for this basic sample application is on this GitHub repository:

https://github.com/zeuscronos/facebook-php-test.com

I really don't know why it says that the domain of this URL isn't included in the app's domains when it is actually there.

On the field: App Domains I tried with both domains at the same time:

• facebook-php-test.com
• www.facebook-php-test.com

but no success.

The generated login URL is as follows:

https://www.facebook.com/v2.10/dialog/oauth?client_id=012345678901234&state=d3758e484d539bebd6505427aaf1fa3b&response_type=code&sdk=php-sdk-5.6.1&redirect_uri=http%3A%2F%2Fwww.facebook-php-test.com%2Ffb-callback.php&scope=email%2Cuser_friends%2Cuser_photos

I configured the domain: facebook-php-test.com as a virtual host on an Apache server.

I have to say that I have worked a lot with the Facebook PHP SDK and this is the first time I'm getting struggle with this. Actually, I got this problem with another big application I was working with then after couple of hours trying to solve the problem I created this dummy application to try to figure out what's the cause of the problem.

I have tried many things with no success.

Any idea on how to solve this?

Thanks.

EDIT 01

Following the suggestion of Mr.Geeker comment I did the following...

Added the product: Facebook Login and configured like below:

Then, finally I could go forward, and I was asked for permissions:

But unfortunately, after granting permissions, I got the following:

Any idea on how to continue from this point?

EDIT 02 - SOLUTION

I ended disabling the option: Use Strict Mode for Redirect URIs under Client OAuth Settings. They say it is strongly recommended has this feature On but I could not get this working with that On.

By the way I also disabled: Client OAuth Login since my app doesn't use it.

Finally, the only feature I have enable under: Client OAuth Settings is: Web OAuth Login.

Facebook now roles some features as plugins. In the left hand side select Products and add product. Then select Facbook Login. Pretty straight forward from there, you'll see all the Oauth options show up.

As originally answered here

On March 2018, facebook updated the API and forced all apps to keep strict mode On.

To make it work, you have to include the full callback url in the Valid OAuth Redirect URIs field. If you redirect to "https://www.example.com/facebook/callback", the full URI must be included (without parameters):

The domain must be set in the App domains and the Website Site URL fields on the basic settings page:

If none of these works and the "Can't Load URL: The domain of this URL isn't included in the app's domains." message keeps showing, check if you have the latest version of the SDK. I could make it work after updating de PHP SDK from version 5.5 to 5.6.2

I'm using PHP 5.5 and I found the bug.

The PHP Facebook API VERSION = '5.5.0', DEFAULT_GRAPH_VERSION = 'v2.9' was adding the URI ?code=XXX in my callback page like this:

mydomainExample.com/callbackFacebook.php ?code=XXXXXXX

and I changed the source code to remove the string after '?'. Now the callback url is only

mydomainExample.com/callbackFacebook.php

The fixed can be done in the file Facebook/Helpers/ FacebookRedirectLoginHelper.php inside the getAccessToken function. I added a 'if' as below in the line 226 and the issue gone:

$redirectUrl = $redirectUrl ?: $this->urlDetectionHandler->getCurrentUrl();

//the next 3 lines was added to avoid the bug (fixed)
if(strripos($redirectUrl, "?")){
  $redirectUrl = substr($redirectUrl, 0, strripos($redirectUrl, "?"));
}

// At minimum we need to remove the state param
$redirectUrl = FacebookUrlManipulator::removeParamsFromUrl($redirectUrl, ['state']);