Common error messages

Common errors messages returned by Facebook during verification

Can’t load URL

Can’t load URL: The domain of this URL isn’t included in the app’s domains. To be able to load this URL, add all domains and sub-domains of your app to the App Domains field in your app settings.

The problem is that the App domains field does not contain your site’s current domain. Check the 11th and 15th steps of the App setup to fix the problem.

URL blocked

URL blocked: This redirect failed because the redirect URI is not white-listed in the app’s client OAuth settings. Make sure that the client and web OAuth logins are on and add all your app domains as valid OAuth redirect URIs.

The problem is that the entered Valid OAuth redirect URIs field is not correct for your app. Check the 11th step of the App setup to fix the problem.

Error validating verification code

Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request

The problem is that the entered Valid OAuth redirect URIs field is not correct for your app. Check the 11th step of the App setup to fix the problem.

Invalid App ID

Invalid App ID: The provided app ID does not look like a valid app ID.

The entered APP id is not correct. Maybe the app with the entered ID was deleted. Go to the Facebook provider → Settings and make sure that an existing App’s ID and secret was entered.

Client secret error

Error: Error validating client secret

The App secret you copied from the Facebook app is invalid. Make sure the correct one was copied.

Unable to validate CSRF state

Error: Unable to validate CSRF state

The problem is often related to the server’s cookie related caches. Some servers only accept special cookie name as the caching server allows only these special cookie names. You should get in touch with your host and ask them about their cookie related caches.

  • Pantheon server: If you’re using Pantheon server, update your Nextend Social Login version to 3.0.6 or greater where the error should be fixed.
  • LiteSpeed Cache: If you’re using the LiteSpeed Cache plugin, you may need to add the following lines to your .htaccess file:
  • If you can whitelist cookies at your server, try whitelisting SESSnsl which is the cookie we’re using. If your host has strict policy of the cookie names they accept you could try overriding the default names. Name of the session cookie can be changed with nsl_session_name filter and NSL_SESSION_NAME constant.

You can also see this error if somethnig (like a 3rd party plugin) messes up the site transients and prevents us from accessing them. Usually database or object caches create such problems when they’re configured wrongly. Try turning off your object/database cache temporarly, see if the “Unable to validate CSRF state” error still shows. If it does not get in touch with the support team of the database/object cache you’re using for assistance on how to configure it properly.