There is so much documentation on facebook apps, both through the official docs and through discussions, however I still cannot find a solid answer to this.
I have a facebook tab app that should have 3 pages: a landing page that requires no authorization, an interior page that does require authorization, and a final page that displays the results of what happened on page 2 (also requires authorization).
My plan was to simply POST data between each page and dynamically include files based on a variable. The problem, however, is that I lose my signed_request after POSTing. Should I just use 100% AJAX to load new pages and post back to the server? Thanks.
When user loads your canvas url: https://apps.facebook.com/your_app, in both case you'll get signed_request by authorized user and non-authorized user.
But if user auhtorized signed_request will included user's facebook id and access token to query on graph api.
By using facebook javascript api, you'll get cookies including signed_request.
For the first page load, by signed_request you recognized the user.
For successive calls you use cookie
For your case:
Landing page: you got signed_request "anonymous"
Page 2:
Either you can ask authorization by javascript methods then you got cookies
for successive pages you can do whatever you want
Or you can redirect to authorization page and at the returning you got signed_request including users info and access token, for next page either you pass it by http param or by cookie written by you or by cookie written by facebook javascript sdk
.
Note: sorry for long answer :/
Related
I have a Facebook application used as a tab in a fan page, that displays different information depending on whether tha user is a fan of that page or not.
Now I've been asked to have it post a message to a user's wall if they perform certain action (follow a link or whatever), and so far I haven't found a way to do that. All the documentation I have found refers to stand alone apps, and I've even seen it suggested (in the FB forums) that you can't get the auth token from an app.
So, i still think it can be done, but how?
If a user has authorized your app, you can post to her wall using the PHP SDK. See the PHP SDK api documentation for examples.
All apps have to be iframe apps now, so loading the JS sdk should be fine.
You have to get permissions first ->
http://developers.facebook.com/docs/authentication/#applogin
Then you can post using php with what Dhiren said, or, post with the fb.api function with JS ->
http://developers.facebook.com/docs/reference/javascript/FB.api/
Let me know if you need an example script.
Cheers
I started a new facebook app with php-sdk 3.0 and I have a problem :
when the user comes on the app for the first time, he gets a page with just the facebook logo and a link "access facebook.com" even if the user is already connected to facebook ...
how can I skip this step ? without previous sdk , I was able to go the permissions request screen directly ?
The dreaded facebook blue box of death. It sounds like you're trying to do a redirect inside the app; try using javascript to do window.top.location.href = url; instead.
First I have a question to clarify. Then some possible answers based on some assumptions about your question.
Are you writing a Website with Facebook integrated, or an App for facebook?
Im going to assume you are writing a website with facebook integration. If you look at the example that came with the new API you can see they are using
$facebook->getUser();
This attempts to get the facebook User. You can get a facebook user, but they may not have a valid FB session, so to check this you want to use.
$facebook->api('/me/home');
If this returns information instead of an exception you have a user with a valid session.
At this point attempting, using php's header() function you can redirect them to the page given to you by $facebook->getLoginUrl(); and they should just be taken to the permissions window and not required to log in.
However, If you do not check for a valid user before you attempt to get the login url im pretty sure the api assumes that there is no one logged in and forces them to the log in page first.
If on the other hand you are talking about creating an App for Facebook itself, I think the original poster had the proper answer.
I am a bit of a catch 22 situation here.
When you load your app into a tab and ask for permission you need to send with it a callback url.
The callback url is a bit of a mission because on a page http://www.facebook.com/pages/<PAEG NAME>/<PAGE ID>?sk=app_<APP ID> the only way to get the <PAGE ID> is to get it out of the signed request:
parse_signed_request($_REQUEST['signed_request'], $APPSecret)
which you can only do when the user has given permission. And you need the ID to be able to get the <PAGE NAME>, which basically means I cannot construct the callback url...
Does anyone know of a better way or different way to Ask for permissions immediately as the page loads and then reload the page?
It seems that you are a bit confused, here are some points:
Your callback (redirect) url should be something relative (or identical) to the Tab url you specify in the application settings. Something like:
http://www.example.com/canvas/tab/index.php
So no need for the page id.
Even if the page id is not needed, you'll still receive it (even without authorization) in the signed_request!
Read the Facebook documentation related section carefully:
When a user selects your Page Tab, you
will received the signed_request
parameter with one additional
parameter, page. This parameter
contains a JSON object with an id (the
page id of the current page), admin
(if the user is a admin of the page),
and liked (if the user has liked the
page). As with a Canvas Page, you will
not receive all the user information
accessible to your app in the
signed_request until the user
authorizes your app.
So the thing that you'll not receive is the USER ID not the page id which is kind of obvious since the admin "allowed" the application.
Hope this will clear things out for you.
Use JavaScript SDK
http://developers.facebook.com/docs/reference/javascript/
And use this allow dialog
http://developers.facebook.com/docs/reference/javascript/FB.login/
This way you don't even need to refresh.
Also, you can get page_id in signed_request even without user allowing it. You're talking about user_id and oauth_token which won't get passed unless signed-in user doesn't allow your app.
I'm trying to do something similar to the login/registration flow described on this page but via php only.
http://developers.facebook.com/docs/plugins/registration/
What I want to do is display a register link if a user is logged in to facebook but not registered with my site, and a login link if they're not logged in to facebook, however I want to do this all on my side in php, and not using the fb:login-button widget. Is this possible?
I have the login url working, i just want to change the name of the button based on the users status.
You can't do it without loading the javascript lib. If you load nothing from Facebook on the client, then there is no way to do cross domain communication (security). Which means there is no way to tell who the user is, much less if they are logged into Facebook. By loading the javascript API on the client, the javascript code can check for a Facebook cookie and determine who they are and whether they are logged into Facebook or not.
Check through javascript and do a page reload if need be. Better yet, just use css to show/hide what you want.
http://developers.facebook.com/docs/reference/javascript/FB.getLoginStatus/
Yes, it is possible. Here's a tutorial:
Tutorial,
Example tutorial
I want to display a different message if a user is currently logged in to facebook and likes the current page. I understand:
FB.Event.subscribe('edge.create', function(response) {
// you like this
});
Which will fire when a user likes the page, but when you reload the page how do you determine they already like the current page?
Thanks!
I'm pretty sure you cant do what you want (in this context).
Take a look at this page : http://fbrell.com/fb.api/does-like
You'll see you need the user to approve a permission to view the likes.
It's a huge security risk to allow someone to see the 'likes' of a user - even for the current page. Think about it you can easily spoof the current page and pretend to be any page.
BUT...
What I recommend you do is just set a cookie for your own benefit (in javascript) when the user 'Likes' your page. Assuming you're getting a large percentage of your 'Likes' from this page then you can safely correlate the presence of the cookie with a 'Like'.
I've seen some security exceptions doing this, but it seems to work (at least in Chrome).
Sense you describe the page as "current page" I understand that it is in an iframe tab. If this is the case, signed request supplies you with that information as $decode_signed_request = array('page' => array('liked' => true/false)).
Otherwise you can supply a canvas page with the GET parameters fb_page_id, which should include the parameter fb_sig_added to the server request with a 0/1 depending on if the user is a fan of that page. (This may require disabling OAuth 2.0 in your migration settings)
If you are talking about the like social plugin with an open graph url, you can not readily find out if the user is a fan without an application installation. If you do have that you can do an api call to /me/likes which will return a list of all the likes that user has, and search for the id of the object you are testing for.
You're safer using the Graph API since Facebook is in the process of deprecating their REST API. So to get if a user likes your page, you will need the page ID and the access token of your app.
https://graph.facebook.com/me/likes/PAGE_ID?format=json&access_token=ACCESS_TOKEN
Where PAGE_ID is the page id you want to check.
and ACCESS_TOKEN is your apps access token.
From the Graph API you can get the likes of a user by his id, as:
https://graph.facebook.com/ID/CONNECTION_TYPE
so for getting the likes you put your access token and:
https://graph.facebook.com/me/likes?access_token=2222222222222222
then look for your page if it is liked or not.
However you can always try FQL queries which i didnt try for Likes actually.
I hope that helped.
save user id or third_party_id in database when the user liked the link
to Get third_party_id
graph.facebook.com/me/?fields=third_party_id&access_token=xxx
https://graph.facebook.com/{FB_USER_ID}?fields=likes.target_id(167584559969748)&access_token={VALID_ACCESS_TOKEN}
shows data if that user has liked that Facebook fan page.
or
https://graph.facebook.com/{FB_USER_ID}?fields=likes.fields(link)
shows a list of liked links, from where you can get the link you are looking for.
All of these need 'user_likes' and/or friend_likes permissions.