android – Facebook deauthorize callback is not called-ThrowExceptions

Exception or error:

I have develop an Facebook app (a game in “development mode”) consumed by a web client (Facebook canvas) and a mobile client (Android app). I have also a REST API (developed with Laravel) which allow the exchanges between clients and the Facebook API. The API is reachable over the internet (not localhost).

My aim is to detect when users uninstall my Facebook app.

The Facebook documentation says that:

People are able to uninstall apps via without interacting
with the app itself. To help apps detect when this has happened, we
allow them to provide a de-authorize callback URL which will be pinged
whenever this occurs.

You can enable a deauthorize callback via the App Dashboard. Just go
to your app, then choose the Settings menu, and finally the Advanced
tab. A text field is provided for the Deauthorize Callback URL.

Whenever a user of your app de-authorizes it, this URL will be sent an
HTTP POST containing a signed request. Read our guide to parsing the
signed request to see how to decode this to find out the user ID that
triggered the callback.

The Laravel route for this URL accepts GET and POST requests. I know that the Facebook callback uses POST request, but accepting the GET method allows me to use the “Open Graph Object Debugger” tool to test if my URL is reachable by Facebook servers (and it is successful).

Currently I use a self-signed SSL certificate (AES 128). Apache is my web server (it redirects all HTTP requests to HTTPS).

I know how to decode the signed_request encoded POST parameter (the problem is not here).


When I remove the app (with a Facebook test account) the callback URL is never called. The Apache logs (access/error) show absolutely nothing (while I can see previous access via the Open Graph Object Debugger).

I have tried to change the callback URL by another domain with a SSL certificate delivered by a known CA. Same result… this is very frustrating.

I don’t understand why. I missed something?

  • It is an issue with my web server?
  • It is an issue with my SSL certificate?
  • It is an issue with my Facebook app configuration?
  • It is because my Facebook app is in development mode?
  • It is a Facebook bug?

enter image description here

How to solve:

From my personal experience facebook notifications are not reliable.
I have developed a few apps that rely on real time updates from facebook and I have experienced following issues:

  1. Updates/callbacks getting lost
  2. Updates delivered days later
  3. When facebook updates graph api version some of the apps work that are still on old version and those that you migrate do not work.

Sometimes to fix it I would remove all subscriptions and re-add them again.
After a while I got tired from this and now I do pull as well and real time updates also I have implemented logging and monitoring.

I hope this helps

Leave a Reply

Your email address will not be published. Required fields are marked *