Invalid appsecret_proof provided in the API argument

Question

i have created an app in my facebook account and done post to my friend using my access token (php).

But another user cannot post to their friend using my app id and secret and getting the error

Invalid appsecret_proof provided in the API argument

i have disabled

Required app secret proof in my app settings

any solution please?

public function facebookUsershare() { 
require '../facebook/src/facebook.php'; $facebook = new Facebook(array( 'appId' => 'app     id', 'secret' => 'secret_key', )); 

$privacy = array( 'description' => 'Vladimir Sergeevich', 'value' => 'CUSTOM', 'friends'   =>'friend id' 'allow' => 'loged in user' );
try {
$result = $facebook->api('/me/feed', 'POST', array( "access_token" => 'access_token',   'picture' => "path to image", 'link' => "gmail.com";, 'name' => "Go wi6 7", 'caption' =>   "capn", 'privacy' => json_encode($privacy) ));

echo 'Successfully posted to Facebook Personal Profile'; //return $facebookfrndids; }   catch(Exception $e) { 
echo $e->getMessage(); 
return false; } 

Answer 1

finally i got the answer.... disable Required app secret proof in the advanced settings of app, and comment the following code in base_facebook.php sdk

if (isset($params['access_token'])) {
  $params['appsecret_proof'] = $this->getAppSecretProof($params['access_token']);
}

Answer 2

As for documentation:

Graph API calls can be made from clients or from your server on behalf of clients. Calls from a server can be better secured by adding a parameter called appsecret_proof.

So you need to specify additional param appsecret_proof togather with access_token. The appsecret_proof is digital signature of access_token that signed with your app secret. The signature need to confirm access_token. To get appsecret_proof you need to calculate signature like this:

secret = 'app secret'
token = 'access token'
digest = OpenSSL::Digest.new('sha256')
proof = OpenSSL::HMAC.digest(digest, secret, token)

# result params:
"access_token=#{token}&appsecret_proof=#{proof}"

The example is on Ruby language but this is not language problem. Please refer your language manual to refer for hmac signature api.