I managed to solve the issue I was having with misconfigured for Facebook on Android by ensuring I had the correct hash key for a release version.

To get the release version hash key, find the key you used to sign the application and do the following, insert the name of your keystore alias (without brackets). If you don't know your alias this can be found by exporting your app as a signed app and the alias is on the second page of the wizard. Also insert the path to your keystore (without brackets).

keytool -exportcert -alias [Alias of your keystore] -keystore [Path to keystore] | openssl sha1 -binary | openssl base64

Try to set it like this:

First download OpenSSL (if you have a 64-bit machine you must download openssl-0.9.8e X64, not the latest version, openssl-0.9.8k X64, because the output will not be valid). Extract your files, create the folder openssl, for example in C:/ and copy files there.

Find your path to keytoo. Mine is C:\Program Files\Java\jdk1.7.0_05\bin.

Find your path to debug.keystore. YHou can see what is path if you open in Eclipse, menu Window -> Preferences -> Android -> Build, and you will see Default Debug keystore:-and the path.

Find your path to openssl. Mine is C:\openssl8e\bin/.

Open cmd and type:

"C:\Program Files\Java\jdk1.7.0_05\bin\keytool" -exportcert -alias androiddebugkey -keystore "C:\Users\User.android\debug.keystore" | "C:\openssl8e\bin\openssl" sha1 -binary | "C:\openssl8e\bin\openssl" base64

Aand then press Enter.

Insert password: android

You will get your hash key for debug.keystore.

When you export a signed APK, and you create a keystore for the application, just replace in cmd debugkeystore alias with your alias for the app, the keystore path with the path to your newly created keystore for the app and insert the password for your app.keystore, and you will get a new hash key for your signed app.

I work at Facebook, and this is an important issue that needs to be addressed. The other answer for this question suggests that disabling SSO is very bad and will open up your app to malicious apps that can steal your user's Facebook credentials.

The hack launches a WebView dialog to Facebook without SSO, and the user must type their login credentials into that dialog. Malicious apps can then steal this information easily. It is always advised to implement Facebook SSO correctly to ensure that your app is secure and protect your user's sensitive data.

Prior to adding this error message, the dialog would automatically close without warning and fail silently. We added this error message to visually display that there is an issue with your app configuration in your Facebook app dashboard. For Android, if you check your LogCat, you'll see that after pressing "Okay", there should be an error message that will display a more technical description of what is causing the authentication to fail.

For example, if you use our Hackbook example and did not supply your own APP_ID in the source and did not add your hash key to the dashboard, you'll see this error in LogCat after pressing "Okay" in the native SSO dialog (if Util.ENABLE_LOG is set to true):

D/Facebook-authorize(24739): Login failed: invalid_key:Android key mismatch. Your key "uk3udeH7vrOGNFH2FJjdJbdWJWI" does not match the allowed keys specified in your application settings. Check your application settings at http://www.facebook.com/developers

We added the visual error message to help you. This, in theory, does not break previous implementations if it was implemented correctly to begin with. If you see this error message, that means you did not configure your app settings correctly on your dashboard.
Double check your Android Class/Package name, Android hash keys, etc. You will not see this message if you did everything correctly.

In summary, you are getting that error message because there is an issue with your app configuration, for example, a mismatch between the Android hash keys in your dashboard. Before Facebook added this error message, the dialog would launch, then automatically close and fail. To fix this, check your LogCat for any error messages and make sure that you have everything implemented correctly. You can read up on our documentation to make sure you have everything correct. Do not use the accepted answer for this question.

You can also follow the external bug report that a Facebook developer has reported for more updates.

I got the same error a few days ago. In my case it was due to an Android key mismatch. Here is how I fixed it if it may help you too:

Open Util.java in the Facebook SDK, set private static boolean ENABLE_LOG = true;. Now run your app and enter your email id and password. Facebook sends back a signature if there's a key mismatch. You'll find this key (signature) in LogCat. Just copy this key and paste it in the app dashboard. That should fix the problem. Remember to set private static boolean ENABLE_LOG = true; back to false.

I did a Toast for exceptions and found it throws a key mismatch exception today added the key in the FB app page and it works fine

Regarding apps signed with OWN keystore: After spending several hours solving this issue, I finally got it and want to provide an answer for those who are still suffering:

My steps: I signed my app via eclipse with my own keystore file (NOT debug.keystore). Via command line and known commands (keytool -exportcert -alias -keystore ~/.android/ | openssl sha1 -binary | openssl base64) I successfulluy received the key hash. Pasted the key hash in the dev dashboard,waited a few mins -> Still the same ERROR (as specified in the question above). i tried several differend keytools, on several jdks, etc... nothing changed.

Solution: I turned on debuggable in manifest, turned on debugging in facebook sdk. then i signed the apk with my own keystore and uploaded it on real device. i connected device via usb and opened DDMS perspective to see logcat on device.
I started my app and let the error message occur. It prints out a key totally different from the key generated by keytool. I took this key from logcat, pasted it to dev dashboard and voila -> EVERYTHING WORKS

I still don't know why this happens or what is causing the wrong key, but this way it works for me.