Another trap for new players: if you get the keystore password wrong in

keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore | openssl sha1 -binary | openssl base64

it will silently give the wrong result (the digest for the password wrong message, I suspect).

Working through intermediate files avoids this. Using a Linux desktop might, as well.

You can use this Java Android code to genereate your key:

try {
   PackageInfo info = getPackageManager().getPackageInfo("**YOURPACKAGENAME**", PackageManager.GET_SIGNATURES);
   for (Signature signature : info.signatures) {
        MessageDigest md = MessageDigest.getInstance("SHA");
        md.update(signature.toByteArray());
        Log.i("PXR", Base64.encodeBytes(md.digest()));
   }
}
catch (NameNotFoundException e) {}
catch (NoSuchAlgorithmException e) {}

Update: I wrote a more detailed blog post about this problem and explains how SSO causes it: http://sean.lyn.ch/2011/07/android-the-facebook-sdk-sso-and-you/

This question is long since answered here (and in the Facebook Android SDK), but I'm going to try and capture the full solution for anyone that ends up stumbling upon this thread.

I was developing using the Facebook Android SDK in combination with PhoneGap and the Phonegap Facebook plug in. The authentication step was working just fine until I moved from deploying on the emulator to an actual device. The failure I saw when running adb logcat was the following.

D/Facebook-authorize( 2194): Login failed: invalid_key
W/System.err( 2194): com.facebook.android.FacebookError: invalid_key

I have no idea why this worked on the emulator but failed on the device. I suspect that Facebook has a blanket policy to allow unsigned .apk applications, because they can't be distributed.

The issue is that Facebook needs information about the key used to sign the application in order to allow the authorization. What I didn't know is that the Eclipse environment is signing builds automatically when you push them to the device using a debug keystore. Details about the Debug keystore are available in the Android Documentation - Signing Applications.

In order to provide Facebook with information about the signature, you need to run the command Jay provides above (repeated here):

keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore | openssl sha1 -binary | openssl base64

This generates a short string of characters (which may include characters such as '=' or '/') that identify the signature called a certificate. Once you have this, you need to give it to Facebook.

Find your application on Facebook's Developer page (or create a new one if you haven't set one up already). Once you're in the application summary page, choose Edit Settings and then pick Mobile and Devices on the left-hand side. Under the Android section, you'll see a box for Key Hash. Paste the certificate string from the command above into this box and hit save.

Give it a few minutes to propagate and you should be all set!

I fixed the bug with this:

If you add Facebook.FORCE_DIALOG_AUTH to the authorize line:

mFacebook.authorize(
    MundialRugby2011Activity.this,
    new String[] {"publish_stream", "read_stream", "offline_access"},
    Facebook.FORCE_DIALOG_AUTH,
    new LoginDialogListener()
);

I had a similar problem (invalid_key) and for me the solution was to install Cygwin (I am using Windows 7 64-bit) and regenerate the key from there. I got a totally different key (than on PowerShell) and now my application does login just fine.

If the Facebook application is installed on the device, the described error will be raised.

Uninstall the existing Facebook application and run the application; it is working well. This is an SDK problem.