Tuesday, June 5, 2012

Login failed invalid key error with Facebook SDK

I get "Login failed error" with the Facebook Android SDK while running on the device. I have done everything what they specified, like creating a hash and all.

The error is:

Facebook-authorize(5539): Login failed: invalid_key facebook error: com.facebook.android.FacebookError: invalid_key

Source: Tips4all


  1. Update: I wrote a more detailed blog post about this problem and explains how SSO causes it: http://sean.lyn.ch/2011/07/android-the-facebook-sdk-sso-and-you/

    This question is long since answered here (and in the Facebook Android SDK), but I'm going to try and capture the full solution for anyone that ends up stumbling upon this thread.

    I was developing using the Facebook Android SDK in combination with PhoneGap and the Phonegap Facebook plug in. The authentication step was working just fine until I moved from deploying on the emulator to an actual device. The failure I saw when running adb logcat was the following.

    D/Facebook-authorize( 2194): Login failed: invalid_key
    W/System.err( 2194): com.facebook.android.FacebookError: invalid_key

    I have no idea why this worked on the emulator but failed on the device. I suspect that Facebook has a blanket policy to allow unsigned .apk applications, because they can't be distributed.

    The issue is that Facebook needs information about the key used to sign the application in order to allow the authorization. What I didn't know is that the Eclipse environment is signing builds automatically when you push them to the device using a debug keystore. Details about the Debug keystore are available in the Android Documentation - Signing Applications.

    In order to provide Facebook with information about the signature, you need to run the command Jay provides above (repeated here):

    keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore | openssl sha1 -binary | openssl base64

    This generates a short string of characters (which may include characters such as '=' or '/') that identify the signature called a certificate. Once you have this, you need to give it to Facebook.

    Find your application on Facebook's Developer page (or create a new one if you haven't set one up already). Once you're in the application summary page, choose Edit Settings and then pick Mobile and Devices on the left-hand side. Under the Android section, you'll see a box for Key Hash. Paste the certificate string from the command above into this box and hit save.

    Give it a few minutes to propagate and you should be all set!

  2. Just spent a couple hours on the same problem.

    When you are exporting the hash value of your key, be sure to specify the correct keystore and alias. For instance in:

    keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore
    | openssl sha1 -binary
    | openssl base64

    If you're not using the debug key to sign your APK, be sure that keytool references your export keystore and that it's using the alias that you've specified. You see the keystore and alias to be used in the "keystore selection" and "key alias selection" screens in the Eclipse export Android App wizard screen.

    Also, under the "Mobile and devices" section of the app settings, I've set the application to be "Native app" and not "HTML 5 / Mobile web" since I'm working with an Android app (and an iOS one as well).

  3. Another trap for new players: if you get the keystore password wrong in

    keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore
    | openssl sha1 -binary
    | openssl base64

    it will silently give the wrong result (the digest for the password wrong message, I suspect).

    Working through intermediate files avoids this. Using a Linux desktop might, as well.

  4. You can use this Java Android code to genereate your key:

    try {
    PackageInfo info = getPackageManager().getPackageInfo("**YOURPACKAGENAME**", PackageManager.GET_SIGNATURES);
    for (Signature signature : info.signatures) {
    MessageDigest md = MessageDigest.getInstance("SHA");
    Log.i("PXR", Base64.encodeBytes(md.digest()));
    catch (NameNotFoundException e) {}
    catch (NoSuchAlgorithmException e) {}

    Chek the source in Implementing Facebook into your application invalid key with keytool.

    The Eclipse project is available. It works fine for me!

  5. If the Facebook application is installed on the device, the described error will be raised.

    Uninstall the existing Facebook application and run the application; it is working well. This is an SDK problem.

  6. I had a similar problem (invalid_key) and for me the solution was to install Cygwin (I am using Windows 7 64-bit) and regenerate the key from there. I got a totally different key (than on PowerShell) and now my application does login just fine.

  7. I may just have solved the wrong keyhash issue in Windows 7. See my report in Invalid key issue for an Android application to call the Facebook API.

  8. This problem seems to be triggered when the Facebook app is installed thus the SDK is trying to use the app for authentication. And that part seems to fail always in my case.

    My current workaround to solve this is to make sure that the web login dialog gets triggered instead. The way to make that occur is to tamper with the FB_APP_SIGNATURE in Facebook.java (Line 763 latest SDK from GitHub), in my case I just replaced the last part "928a2" with an empty string.

    By doing this it seems that the SDK falls back on the web dialog and everything works.

    Please note that this isn't a perfect workaround, but it do solve the issue with the Facebook SDK and the Facebook App being incompatible for the moment on Android.

  9. I wasted about four hours solving such a problem (Windows 7, Eclipse). The keytool utility is really sly. I already had Eclipse installed.

    Install Cygwin.
    Download OpenSSL for Windows. Put it in any folder and add path to "lib" & "bin" subfolders in Windows PATH variable.
    Now you should be able to open the Cygwin Bash shell (from the start menu) and successfully run OpenSSL from it.

    Some keytool tricks:

    Do NOT USE the Windows shell (CMD) - always use Cygwin. Running keytool from CMD just silent produce the wrong hash!
    Remember, that the right Unix path separator you should use is "/", not "\"!
    If the keytool can not find the keystore file, it just silently generates the WRONG key! If you set the right path to the file, it asks your "Enter keystore password:". So, if it is not ask you about it, be sure you pass wrong path (see also #2).
    If you type the right keystore password, the hash is the same as if you do not pass a keystore password at all. If you type the wrong keystore password it silently generates the wrong hash.

  10. I have used Cygwin on Windows and iOS Bash, but both gave me the wrong keys! Finally I have found the solution in Implementing Facebook into your application invalid key with keytool.

    ProgrammerXR have written a really useful method that extracts the key hash straight from the signed application installed on the device - brilliant!

  11. Thanks to Facebook, now it's giving a key itself along with invalid_key exception. Use that value and update in application settings. I am using Windows 7 64-bit machine and for me the key doesn't have = (equal to) in the end but it worked cleanly.

  12. I fixed the bug with this:

    If you add Facebook.FORCE_DIALOG_AUTH to the authorize line:

    new String[] {"publish_stream", "read_stream", "offline_access"},
    new LoginDialogListener()