ngCordovaOAuth - not getting user data


I’m using ngCordova Facebook plugin and I can successfully login to facebook using the plugin:

FB login page is shown in inAppBrowser, success callback is called when returning from the login page and I get the access token but I’m stuck to get user data using $http.get("" - error callback is always called.

FB app is registered, published, callback is set to http://localhost/callback, whitelist plugin is installed and the meta tag in index.html is set to

<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'">

What am I doing wrong? (@nicraboy )

Thank you very much.

Hey @alfons12,

I don’t have knowledge of all the Facebook APIs, but have you seen this?:

Should demonstrate what you’re after, and I did personally test that it works.

It’d also help to know the error you’re receiving in your callback.


Hi Nic, thank you. I followed the example you mentioned.

I’m calling the same API as in the example and the error response is {data:null, status:0,… and then the address I’m calling and arguments I used such as access token}.

It’s definitely not a response from Facebook, it rather seems like the call is blocked or something.

Is there something/some setting which might be blocking requests to Facebook API? Im running the code on the real device.

It’s the same problem as mentioned here: (Login ok, subsequent call for user details fails)


Maybe found the problem:

Content Security Policy
On Android, support for CSP within the system webview starts with KitKat
(but is available on all versions using Crosswalk WebView).

I’m using 4.3 :frowning: Can this be solved?

Ok, on Android < 4.4 use

<access origin="https://*" />

You could update the example and doc @nicraboy, it might save somebody several hours like me :frowning:

Last I checked, the access origin was defaulted as:

<access origin="*" />

For all fresh installations. Is this no longer the case?

I probably restricted it according to some “cordova security best practices” article before I published the app. But it might happen to somebody anyway so mentioning it explicitly would be nice I guess.

@nicraboy I’ve discovered another problem if you could please help. Sometimes it happens that the inAppBrowser is opened twice even though I call $cordovaOauth.facebook("… just once. This implies that after successful login the first browser is closed but there’s another underneath so I can’t return to the application. If I try login to the second screen I get an error.

It doesn’t happen every time, sometimes I get the expected result. I can’t say why it sometimes happens and sometimes not :frowning:

It happens on Android 4.3. Is there any hint how to avoid that?

Maybe you launched the function twice due to a double click? Never seen this happen, but if I can’t reproduce, I can’t troubleshoot.

Let me know.


I have the same problem, it opens Instagram with cordovoauth twice sometimes.
i searched online and couldnt find any working solution so far