Making calls through a facebook portal setup

I’ve successfully set up a portal to facebook and authenticated etc. But when I go to make a facebook api call I get an error response 403 from dreamfactory: {“error”:[{“context”:null,“message”:“No valid session for user.”,“code”:403}]}

I can make calls to other things, like the DB, but not to the portal.

Getting very frustrated, what am I doing wrong?


When sending typical kvp’s this errorr message means that you don’t have a valid session - meaning that you haven’t passed a Session Token along with your REST call as a header.

Portal operates a bit differently. Facebook will generate the token and session values, which will eventually be passed through our Portal Server. However, there still must be a regular auth token passed originally to initiate the session.

This could’ve happened, because your session expired as you were creating the secret key and token on the Facebook side.

When you were making the other calls, were they all done near/around the same time?

Or did you setup a DB service, test the call.

Setup another service…test call… and eventually got the Portal Service setup, then tested and received your 403?

Let me know!


  • Mark

I’m making a dB call successfully followed immediately by the fb portal call which fails. Same session Id and app ID headers…

And, you have gone through the tutorials?

  • Mark


I have the same problem
and i went thru both tutorials

What i dont understand, is how do you get a seesionId to pass to DSP from facebook as


Actually i should first ask this:

I want a user authenticated with facebook to access data stored on the DSP

Is that possible?

Yeah I went through both tutorials. The first one got me started but the second one didnt help much, it just talks about the sandbox app but not how to actually program your own app.

I want to do exactly what selfeky suggested, which is to authenticate with facebook but then store/retrieve data on the DSP. But it would also be nice if you could log into the site without facebook, but the primary purpose of my app is to share things (images) so the facebook integration is #1.

My app is a cordova/phonegap app using html5…

The total lack of documentation on what seems like an incredible feature is frustrating. Once I figure it out I will be happy to write a tutorial on how to make a mobile app with this…

hey guys, jerry will respond soon, he’s tied up at the moment.

I did some digging in the code

  1. the provider should have is_login_provider as true
  2. after the user is authenticated with facebook, an account is created in dsp users with a password sh1(email address)

i would assume the next step would be post to /user/session and get an access token

I think we should wait for Jerry

Currently I had it so the user would register an account with the DSP, and then it would do the facebook oauth stuff, and finally the app would call /user/session and get that access token. But when I make the portal call with the token it doesnt work…

I would prefer a flow where they dont explicitly register with the dsp first.

I feel so close I can taste it…


it works we just need to know how to do it outside DSP

Here is what you can do to test it:

  1. enable open registration
  2. create an administrative role and set it as default role for user registration
  3. set is_login_provider to true

go to DSP login page you should see facebook as a login option
it will take you to facebook for auth and back to dsp authenticated

I tried setting the is_login_provider to true, which then gives a “Sign-in with one of these providers” option at the DSP login (with a missing icon), but when I click on that I get a nice error: “The provider “fbportal” has no associated mapping. Cannot create”.

Also, I can make the portal fb call when doing it directly in the browser, its just not working from a jquery call. So the problem seems to be with sessions or cookies or something.


For this to work correctly

make sure provider_name is set to Facebook and api_name is set to facebook


@greywire @selfeky Are you guys sorted out or need more info?


more info and best practices please

All the above is just playing around with code


Hey guys sorry for taking so long to respond. It’s been a while since I’ve looked at the portal service. Let me get a DSP set up with Facebook login and I’ll post back the exact steps and get you working.

You’re on the right track with is_login_provider and open registration. You do not have to grant admin rights as default however. That’s not very secure. :wink:

I’ll post back soon.

I’m getting closer but I still cant make the portal calls from my app. Maybe its a CORS issue but I can make other db calls no problem so I dont know…

is there any way to allow guest access to /rest/portal

I think that will solve most issues


Ok, as promised, I’m back with more information. Apologies for the long wait, but I wanted to be sure everything worked.

So, the problem is that the latest release (1.8) will not allow remote logins under any circumstances because of a bug. The “allow_open_registration” configuration indicator was being evaluated as “false” in all cases. Therefore, no providers will ever appear. I’ve got it fixed in the develop branch and we’ll be pushing a new release soon.

Secondly, I’ve ensured that the portal sandbox is working properly. It still doesn’t create providers (next free weekend I’ll do that) but it does let you play around with existing providers.

To get the sandbox on your DSP, you have to edit your composer.json file and add a line to the “require” section:

    "dreamfactory/portal-sandbox": "*"

Once in place, run composer update or the installer utility to pull in the sandbox. It will then be available in your list of applications and you can send portal calls through it without any coding.

Let me know if you guys have any more issues and we’ll take it from there.

OK I am still trying to work out the proper flow.

I think I was not specific enough in my original question.

I have a cordova/phonegap application that I wish to use with Dreamfactory as the backend.

Currently, I have it working directly with facebook. I have the oauth flow working. But, I want to also store things on dreamfactory without having to log in separately. The portal seems like the idea way to do this.

What I need to know at this point is how to make the oauth flow work through dreamfactory instead.

Now, the flow when in a phonegap app is a little tricky compared to what happens in a browser. the portal example works in the browser but I’m not sure how to make it work in phonegap.

Currently, the first thing I do is call to facebook which gets me the login and then approving the app to access, passing to it the URL I wish to be redirected to when facebook authenticates:

Now in a browser, the redirect_url is just another page on the website. In phonegap, you cant do that. So it has a low level way of catching any url redirects and then running some javascript instead. I just look for a url of “whateveriwant” and then grab the facebook token etc.

How do I do this dreamfactory? It would seem to be:

But this doesnt seem to work. It doesnt use my return_url so I cant catch it.