I'm currently writing a facebook app. In my app, the user is identified with the Javascript FB SDK:
FB.init({
appId : appId,
status : true,
cookie : true,
xfbml : true,
});
FB.ui({method: 'oauth'
,client_id: appId
,redirect_uri: 'some_URI'
,scope: 'publish_stream'});`
After the user loggs in, I can get the access token like this:
FB.getLoginStatus(function(response) {
if (response.session) {
alert(response.session.access_token);
My question is, if I could pass it back to the php code in order to use it?
you can send it via ajax request to your php script & use/operate with it as you want
Well, theoretically you could just do a ajax query and send the access token back to a php, e.g.
http://www.mydomain.com/setfbtoken?token=
Correct me if I'm wrong, but the session should be attached to your url as a get parameter (at least it is in PHP), so you could just fetch it off the $_GET parameter.
I think you can use this as in theory you should have the facebook cookie.
The information I posted here Facebook PHP SDK getSession() fails to get session. Cookie problem? might be useful and the functions listed there.
Related
I am working with the TwitterOAuth Framework from Abraham to get login via a twitter account to my web app.
I first save the token_secret in the session with the global laravel session helper and then redirect the user to the authorization page on twitter, like this:
session(['token_secret' => $requestToken['oauth_token_secret']]);
return Redirect()->away($url);
Before the redirect, the token_secret is saved in the session as expected, but when twitter redirects back to my site, its not. I check it like this:
dd(session()->all());
It worked with the PHP Session Handling but I decided to use the laravel session helper instead.
My Routes are like this:
Route::group(['middleware' => 'web'], function () {
Route::prefix('/twitter')->group(function () {
Route::get('/authenticate', [TwitterController::class, 'authenticate'])->name('twitter_authenticate');
Route::get('/saveCredentials', [TwitterController::class, 'saveCredentials'])->name('twitter_saveCredentials');
});
});
Does anyone know how I can fix this?
Thanks!
I had the exact same problem today and could solve it with the use of the cookie session driver.
Before the response is send to the browser the cookie needs to be filled with the data.
For other drivers the response is send first and the session data will be saved afterwards via the terminate function.
you can use redirect and with and automatically laravel send data to another route.
return redirect('/dashboard')->with('token_secret', $requestToken['oauth_token_secret'])
I am building a website that uses the php facebook libraries. At the beginning of every page I am checking to see if the user is logged into facebook or not (or trying to) with the $facebook->getLoginStatusUrl($params) function. The issue I have is that the only real way to check with that function is to have the user redirected to a page based on their statues (by directing them to the url given back by that function). I cant use file_get_contents or cURL because the URL returned by that function uses https. Is their anyway I can get the contents of that URL with a server-side method? Or is the absolute only way to do this with a redirect? I would much prefer not to make this a client side action (via Javascript). Any ideas?
You can use the facebook getUser() function to check if the user is logged and has given permisssions to your web. After that you can use getLoginUrl() or getLogoutUrl() to show the user the right button:
$user = $facebook->getUser();
if (!$user)
{
$loginUrl = $facebook->getLoginUrl(array(
'redirect_uri' => REDIRECT_URL,
'scope' => APP_PERMS,
'display' => 'page'
));
//do something with $loginUrl, for example:
echo 'Login with facebook';
}
else
{
//check that this user is still valid
$realUser = $facebook->api('me');
...
You can learn more about this functions in facebook docs:
https://developers.facebook.com/docs/reference/php/
Is their anyway I can get the contents of that URL with a server-side method?
That won’t help you, because it’s not your server that the client uses to log in to Facebook, but his browser.
And therefor the check if the user is logged in must happen in their browser – that’s why the browser gets redirected to Facebook, because this is the only way to read the cookies that are set under Facebook’s domain.
I would much prefer not to make this a client side action (via Javascript).
It already is kind of a client-side action, because of the redirect.
There is absolutely no way to have your server alone figure out if the user is logged in to Facebook in their browser.
The question might sound a bit dull at first and I'm baffled myself..
I'm developing a PHP application that relies heavily on the Facebook API, thus is using the PHP SDK to connect and getting the currently logged in user via
$fb->getUser();
I have also included the Javascript SDK but its currently only fetching the logged in user and prints their data object to the console.
Today I began to implement a local dev-version of the app, set up a second dev-app on Facebook, connected them and voila.. it doesn't work.
getUser() always returns 0 for me locally.
What I just found out though is that it works in Firefox.
I var_dump the getUser() value, and recieve a full user id (mine) in Firefox, but 0 in Chrome (and yes, I'm logged in to Facebook on both browsers).
I cleared the cache, cookies, destroyed the session.. I just cant imagine what difference the browser makes for a PHP request to Facebook?
Has anybody ever experienced anything like this?
Obviously the app_key and secret must be correct because it works on Firefox.
Edit: just for reference, the live version of the application (hosted) works well in Chrome, it's only this very local app that I can't get to work.
Edit#2: This is the Javascript that I run on the app
<div id="fb-root"></div>
<script>
window.fbAsyncInit = function() {
FB.init({
appId : {$_connect.app_id}, // App ID
channelUrl : '{$_connect.channel_file}', // Channel File
status : true, // check login status
cookie : true, // enable cookies to allow the server to access the session
xfbml : true // parse XFBML
});
{if !$_user.is_authorized}
// listen for and handle auth.statusChange events
FB.Event.subscribe('auth.statusChange', function(response) {
if (response.authResponse) {
// user has auth'd your app and is logged into Facebook
FB.api('/me', function(me){
if (me.name) {
console.log(me);
//window.location = 'index.php';
// redirection is currently causing loop
}
})
} else {}
});
{/if}
};
// Load the SDK Asynchronously
(function(d){
var js, id = 'facebook-jssdk', ref = d.getElementsByTagName('script')[0];
if (d.getElementById(id)) {return;}
js = d.createElement('script'); js.id = id; js.async = true;
js.src = "//connect.facebook.net/de_DE/all.js";
ref.parentNode.insertBefore(js, ref);
}(document));
</script>
I just cant imagine what difference the browser makes for a PHP request to Facebook?
The only thing, of course, can be the parameters.
And in this scenario, it’s most likely the cookies – the cookies, that Facebook sets on successful login and that the browser has to accept and send back to the server, for the PHP SDK to be able to recognize the logged in user.
So, check if your Chrome accepts these cookies when you are testing your app locally.
I think, you need to authenticate via JS SDK in both browsers also, I believe there's some OAuth logic behind JavaScript requests.
However, Chrome nowadays tries to block or simply not execute cross domain js requests. Try looking into net console if anything like that happens to you. If it does
Try checking domain + protocol /http(s)/ of your local environment. I believe you should be using https while calling js api
Consider using channel file, which should solve / prevent these crossbrowser calls issues as described in JavaScript SDK Documentation
If nothing from above helps you, I guess you could develop the app, test it on FFox and then once it's deployed test it with real setting.
Good luck.
I am trying to create a welcome tab for one of my pages, but I would like to be able to access a users likes (permission user_likes).
I can only find documentation on how to do this for a Facebook app or a website integrating Facebook, I can find no documentation on how to do this for an app (tab) inside a facebook page (as a welcome tab).
Is it possible as a page tab to request extra permissions from the user but allow page access without it, or is it a case or me having to make an application as well as a page tab? Could I perhaps have a button that when they click it grants the page extra permissions?
I am currently trying two separate implementations, neither of which I can get to work, PHP and Javascript.
Thanks,
Just using
$loginUrl = $fb->getLoginUrl(
array('canvas' => 1, 'scope' => 'user_likes,user_about_me,user_birthday')
);
echo "<a href='$loginUrl'>Login</a>";
Results in a link, which just redirects the user (within the pages iframe) to a screen with the Facebook logo. I want a permissions dialog!
Using the javascript code
<script>
FB.init({
appId : 'APPID',
status : true, // check login status
cookie : true, // enable cookies to allow the server to access the session
xfbml : true, // parse XFBML
oauth : true // enable OAuth 2.0
});
FB.login(function(response) {
if (response.authResponse) {
console.log('Welcome! Fetching your information.... ');
FB.api('/me', function(response) {
console.log('Good to see you, ' + response.name + '.');
FB.logout(function(response) {
console.log('Logged out.');
});
});
} else {
console.log('User cancelled login or did not fully authorize.');
}
}, {scope: 'email'});
</script>
Results in
Unsafe JavaScript attempt to access frame with URL https://www.facebook.com/dialog/oauth?api_key=158609350887973&app_id=158609350887973&client_id=158609350887973&display=popup&locale=en_US&method=permissions.oauth&origin=1&redirect_uri=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2f7aed38%26origin%3Dhttp%253A%252F%url.com%252Ff3634c5da%26relation%3Dopener%26transport%3Dpostmessage%26frame%3Df9748b77&response_type=token%2Csigned_request&scope=email&sdk=joey from frame with URL http://url.com/gs/index.php. Domains, protocols and ports must match.
The javascript also opens the following error popup box
My app config settings
You're seeing the error in your popup window because the redirect_uri in your authorization URL doesn't match what's listed in your Site URL in app config. To address this, you need to enable the "Website" option in app config. Enable it by clicking on the checkbox next to "Website" and then enter http://Site.com (or whatever your real site url is) in the "Site URL" text box. This URL must match the host url you're providing in redirect_uri. Doing this should solve the popup window error.
In terms of the "Unsafe JavaScript attempt to access frame" error, are you using a webkit browser? Webkit throws these errors but for the most part can be ignored. See this for more info: "Unsafe JavaScript attempt to access frame with URL..." error being continuously generated in Chrome webkit inspector
Use the user id in the response object instead of 'me' when you call FB.api
Both methods point to the fact you don't have your website domain settings correct in the app settings.
We do this exact thing on a lot of our tab apps so it's definitely possible.
It looks like you're using the same value for app_id and api_key. These should be different.
Instead of displaying the link ($loginUrl) try to redirect user, for example using php header function or js location.href.
Yes it is possible.
Read: http://www.masteringapi.com/tutorials/how-to-ask-for-extended-permission-in-your-facebook-application/32/
I am doing some integration with Facebook Open Graph using their oAuth flow and having issues with parsing query string parameters they return.
On my callback URL, they pass back an "access_token" parameter with a hash (#). so the callback would be:
http://mydomain.com/callback.php#access_token=foobar123
where foobar123 is my access token I'm trying to parse out.
However, no matter what I do, my PHP code cannot see if and I've done every debug trick I know (even using phpinfo() to go through everything). The URL is stated only as http://mydomain.com/callback.php. It's as if the rest of the URL isn't really there!
This code returns nothing:
$token = $_REQUEST['access_token'];
Any help would be greatly appreciated... I'm obviously missing something simple.
The url fragment (the part after #) is never passed to the server and so the PHP script would never see it.
The way you can handle it is using javascript on callback page which would take the url's hash part and post it to another page as query string parameter.
callback1.php
<script type="text/javascript">
var h = window.location.hash;
window.location = 'http://example.com/callback2.php?'+h;
</script>
callback2.php
<?php
$access = $_GET['access_token'];
?>
Although I'd suggest you have a look at Facebook Javascript and PHP SDK for what you're trying to do. All the basic oAuth functionality is already built in there.
to have the token passed as a query string to the server, just go to your facebook application settings, and look for the "Authenticated Referrals" section in the "Auth Dialog" tab.
Everything after # character is available only on the client side. You can try use javascript to access this value and store it in cookie or redirect user to the different URL. Some mock-up:
<script type="text/javascript">
var token = 'foo'; // In real, get value by parsing URL
window.location ('http://mydomain.com/callback.php?token=' + token);
</script>