I am writing an application in Facebook that is meant to be shown through a page tab on my own business page. I need to interact with the viewing user, thus I require extended rights.
I've followed the suggested procedure but have now hit a wall. My application sits in an iFrame and the request for extended rights uses redirection. I can get the page where you need to confirm authorization but when you click allow, Facebook redirects to the page where my application is hosted instead of back to my Facebook page tab. Once the proper rights have been authorized, the rest of the application works fine so I know it's just a problem with redirection but I feel like I've tried everything and not a lot of people seem to have had the same problem. I would love if anyone could point me in the right direction.
Thank you!
Here's my code:
$app_id = "myappid";
$canvas_page = "http://wheremyappishosted/";
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
$user_id = $data["user_id"];
$access_token = $data['oauth_token'];
if (empty($data["user_id"])) {
$auth_url = "https://graph.facebook.com/oauth/authorize?client_id=".$app_id."&redirect_uri=".urlencode($canvas_page)."&scope=user_photos,friends_photos,publish_stream,user_likes";
die("<script> top.location.href='" . $auth_url . "'</script>");
}
$f = json_decode(file_get_contents("https://graph.facebook.com/".$user_id."?access_token=".$access_token."&fields=name,albums,likes"), true);
For those interested, I believe I have found a way to circumvent this. Instead of redirecting the user back to the application, I redirect them to a small script which then redirects back to the page tab. Since the app has already been authorized, everything works and the signed_request gets passed along with the user infos. I don't know if it's really the legit way to go but it works.
Please set redirect variable to your the targeted page :
$redirect = "http://foo.com";
Set redirect_uri to "http[s]://apps.facebook.com/YOUR_APP/" instead of "http[s]://apps.facebook.com/YOUR_APP". Note the trailing slash!
I have figured out that using javascript sdk is much better choice when unsolved redirect issues arise using server scripts, implement this small test and you will figure out that most things happen using lightbox i.e. above your app. which keeps the app page intact.
https://developers.facebook.com/docs/facebook-login/getting-started-web/
Related
I have a problem..
I try wrote program like as facebook page tab app.
I must use session for remember signed_request.
But issue is that Safari do not remember session.
Program is:
$facebook = new Facebook($config);
if (isset($_REQUEST['signed_request'])) {
$encoded_sig = null;
$payload = null;
list($encoded_sig, $payload) = explode('.', $_REQUEST['signed_request'], 2);
$sig = base64_decode(strtr($encoded_sig, '-_', '+/'));
$signed_request = json_decode(base64_decode(strtr($payload, '-_', '+/'), true),true);
$op=True;
}else {
$op=False;
}
if($op)
{
$_SESSION['liked']=$signed_request['page']['liked'];
$_SESSION['admin']=$signed_request['page']['admin'];
}else{
$url="PAGEAPP URL";
echo("<script> top.location.href='" . $url . "'</script>");
exit();
}
Safari does not allow cross domain cookies.
As the main page is of the domain Facebook.com and your iframe domain differs, Safari will not process cookies inside the iFrame.
Although there are workarounds for other browsers, and at one point there was a workaround for Safari, it seems Apple closed this loophole.
http://anantgarg.com/2010/02/18/cross-domain-cookies-in-safari/
Setting cross-domain cookies in Safari
Although I can't see your full code & scenario, I would suggest you avoid using sessions, and always query the Facebook API to check for the 'liked' & 'admin' flags.
If a user's admin privileges were revoked, or a user disliked the page, then your SESSION variables would become out of sync (unless you are constantly updating your SESSION variables).
Check if a user liked the page:
How to check if current facebook user like a page using PHP SDK?
Check if a user is an admin:
How to get if a user is admin of a page (isAdmin) using the Facebook Graph API?
I have spent quite some time now trying to establish how, and then the best practise to push some data from my web server to the facebook page created for this purpose.
I have read and understand the process of using access tokens. I have generated an access token for myself, which can be used to post to the page as me ok. I understand this should be used to generate the access token for the page to post as the page which is a ittle more tricky. However, this process involves me logging in and generating an access token which seem inherently bad / inconvenient for an automated process.
For this reason i followed the guides to create an app. I (think I have) linked the app to the page, and thus attempt to push data via the appid and secret from my php code to the page.
When doing this I am presented with this error
{"error":{"message":"(#210) Subject must be a page.","type":"OAuthException","code":210}}
my testing code is this:
$data['picture'] = "http://www.example.com/image.jpg";
$data['link'] = "http://www.example.com/";
$data['message'] = "Your message";
$data['caption'] = "Caption";
$data['description'] = "Description";
$data['access_token'] = $app_token2;
$post_url = 'https://graph.facebook.com/'.$app_id.'/feed';
$url1 = "https://graph.facebook.com/endpoint?key=value&access_token=".$app_id."|". $app_secret ;
echo "<br>$post_url";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $post_url);
//curl_setopt($ch, CURLOPT_URL, $url1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$return = curl_exec($ch);
curl_close($ch);
echo "$return";
I appreciate using the app for server initiated posting using a permanent (ish) secret is the correct way, but I have found very little documentation on how this process is achieved, hence this question.
Your $post_url is pointing to your $app_id variable, the message says it should point to a page, try getting the id of your page from the /me/accounts endpoint of the graph and putting that in there instead. Though I suspect you will need to use a page access_token (also from the /me/accounts endpoint ) to post to your page
Right, I have worked on this for quite some time and found several errors in my code, but have not answered the question fully.
For starters, you do not post to the appid as mentioned above - its just wrong. The code for posting to userid/feed works when using an access token generated from appid + secret using
$url2 = "https://graph.facebook.com/oauth/access_token?client_id=".$app_id."&client_secret=". $app_secret."&grant_type=client_credentials";
this app access token is valid for as long as your app secret is. Also, if I generate a temporary access code for ME via the graph explorer, parse me/accounts manually and use the page token in
$post_url = 'https://graph.facebook.com/'.$page_id.'/feed';
It posts correctlly as the page.
Secondly, all server side call are required to have appsecret_spoof in them which is generated from
$appsecret_proof= hash_hmac('sha256', $app_token2, $app_secret);
now, according to the facebook docs, a http get call to my userid/accounts should yield page access tokens for all pages the user administers (and also presumably the app).
This can also be called directly by using
$url3 = "https://graph.facebook.com/".$page_id."?fields=access_token";
so when a get is made to this address (including app access token & appsecret_spoof) all i get is 'True' ??
Likewise, when the correct call to
$rob1 = "https://graph.facebook.com/".$user_id."/accounts";
I receive an error
{"error":{"message":"(#10) Application does not have permission for this action","type":"OAuthException","code":10}}
OK permission issue then ! Well the documentation says that only manage_pages is required to retrieve the page token from page_id/accounts, so I trawl through lots of pages and find you can do this by calling this url
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=https://www.facebook.com/connect/login_success.html&response_type=token&scope=read_stream
This throws up via facebook gui an accept / deny page for each scope (i ended up adding manage_pages, publish_stream & read_stream to my app) none of which seem to solve the problem !
Right sorted !! FWIW the code above functions correctly, however the way it is setup on facebook leaves a lot to be desired !!!
I began messing with my app and changed its name, type (was an app linked to the page - now isnt) removed perms and also changed the domain name (removed) and all site url details (also removed). this prompted a different error msg which stated the domains did not match. So, I readded just the app domain & site url, saved and all of a sudden my failed code started working !
Having tidied my code up a little I can now see the page access token just fine as I expected. I just wish the facebook guides would cross reference this setup as it is not at all obvious !!!
my working code ended up as thus ($perm_url is used as one time link to allow perms via gui)
$perm_url = "https://www.facebook.com/dialog/oauth?client_id=".$appid."&redirect_uri=https://www.facebook.com/connect/login_success.html&response_type=token&scope=publish_stream,manage_pages,read_stream,status_update";
echo "<br>Test";
$facebook = new Facebook(array('appId' => $appid , 'secret' => $appsecret ,));
$access_token = $facebook->getAccessToken();
$pageinfo = $facebook->api("/".$page_id."?fields=access_token");
$page_access_token = $pageinfo['access_token'];
echo "<br>Holy Grail = $page_access_token ";
I have an application on facebook that has worked for a month, but now I get the page in the application blank to enter it.
The application using the debugger get the error 803:
"Error":
"Message": "(# 803) Some of the aliases you do not exist Requested: bloggsamigos"
"Type": "OAuthException"
"Code": 803
If acceds directly see the message "the application is blocked because of problems with an external programmer."
What confuses me is that it has worked perfectly and I have not touched anything.
The application shows some pictures coming out of a query to a database hosted on the same domain. It's a blog of images. I have an administrator outside of facebook online application and show these images run from the administrator.
in index.php page, I control the user has the "like" activated to display a page or other. my code is this:
require 'src/facebook.php';
$config = array();
$config['appId'] ="xxxxxxxxxxxxxxx";
$config['secret'] = "xxxxxxxxxxxxxxxxxxxxxxxxxxx";
$facebook = new Facebook($config);
if (isset($_REQUEST['signed_request'])) {
$encoded_sig = null;
$payload = null;
list($encoded_sig, $payload) = explode('.', $_REQUEST['signed_request'], 2);
$sig = base64_decode(strtr($encoded_sig, '-_', '+/'));
$signed_request = json_decode(base64_decode(strtr($payload, '-_', '+/'), true),true);
} else { echo "ERROR"; }
$lied = $signed_request['page']['liked'];
if ($signed_request['page']['liked']) {
include("fan.php");
}
else {
include("nofan.php");
}
configuration data are:
Namespace App --> bloggsamigos
Site URL --> with (http://www) mahesoblogsamigos.com/
Site Domain --> with (http://www) mahesoblogsamigos.com
Work Page --> with (http://) apps.facebook.com/bloggsamigos/
URL of the canvas --> with (https://) ssl15.ovh.net/~mahesobl/
Secure URL Canvas --> with (https://) ssl15.ovh.net/~mahesobl/
Canvas FBML / iframe --> iframe
I'm desperate, I tried many things, I wanted information, I sent emails to facebook, but I can not help. You can help me, please! I'll be very grateful.
Try changing the namespace to something else...
http://graph.facebook.com/bloggsamigos shows: "(#803) Some of the aliases you requested do not exist: bloggsamigos" meaning that facebook is not able to figure out what application that namespace matches with. Chances are something got messed up on Facebook's side.
If you really want that namespace, you may be able to change it to something else and then change it back to that to hopefully get it to record the information correctly.
You can also try filing a bug at http://developers.facebook.com/bugs but don't be surprised if you have to wait for weeks or months for a response.
Going to http://apps.facebook.com/bloggsamigos/ also shows a message saying "The app "Bloggs Amigos" is temporarily unavailable due to an issue with its third-party developer. We are investigating the situation and apologize for any inconvenience." However, that could mean almost anything.
Seems like Facebook changed a lot of things recently. I would like to know how to show a custom page if the user has not liked the Fan page. If the user likes the page I will show them the Fan page wall. How to do this? I searched around but seems like Facebook reinvented itself.
Thanks.
You should be able to change what a visitor sees in your page settings...
manage permissions
- default landing tab ( pick your page here )
also -
I created this php script that shows like and non-like content to users.
Tutorial / Example
http://www.drewdahlman.com/meusLabs/?p=100
GIT Project
https://github.com/DrewDahlman/FBVersion
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
if (empty($data["page"]["liked"])) {
//User is not a fan
}
Source: Determine If The User Likes (Fan Of) Your Facebook Page When Landing On Your Page Tab
I'm upgrading my existing FB apps, and going absolutely bonkers trying to get a simple PHP iframe canvas app to authorize and authenticate (as well as use SSL). Never looked through so many examples...
Here's where I'm stuck: After the user authorizes the app, and the app authenticates the user (I am able to make a graph request with the token OK), the redirect_uri happens, and the whole page refreshes, leaving Facebook and thenjust shows me the contents of my "Canvas URL" page (with my server's domain), rather than iframed on Facebook.
I currently have this as a crude two step process...
Here's what my code looks like on the first page (index.php):
<?php
require('src/facebook.php');
$app_id = '123456789';
$app_secret = '1234secrets1234';
$canvas_page = "https://apps.facebook.com/123456789/";
$canvas_url = "https://myserver.com/apptest/";
$code = $_REQUEST['code'];
if(!$code){
$display= 'page';
$scope= 'manage_pages, offline_access, read_insights, publish_stream, user_about_me, user_likes, email';
$redirect_url = 'https://myserver.com/apptest/step2.php';
$oauth_url = 'https://www.facebook.com/dialog/oauth?canvas=1&client_id='.$app_id.'&display='.$display.'&redirect_uri='.urlencode($redirect_url).'&scope='.$scope;
$config = array('appId' => $app_id,'secret' => $app_secret,'cookie' => true,'domain' => true);
$facebook_client = new Facebook($config);
echo "<script type=\"text/javascript\">top.location.href = \"".$oauth_url."\";</script>";
}
?>
and the second page (step2.php):
<?php
require('src/facebook.php');
$app_id = '123456789';
$app_secret = '1234secrets1234';
$canvas_page = "https://apps.facebook.com/123456789/";
$canvas_url = "https://myserver.com/apptest/";
if($_REQUEST['code']){
$code=$_REQUEST['code'];
$redirect_url = 'https://myserver.com/apptest/step2.php';
$link="https://graph.facebook.com/oauth/access_token?canvas=1&client_id=".$app_id."&redirect_uri=".urlencode($redirect_url)."&client_secret=".$app_secret."&code=".$code;
$string = file_get_contents($link);
$auth_token=substr($string, 13, 150);
$graph_url = "https://graph.facebook.com/me?access_token=".$auth_token;
$user = json_decode(file_get_contents($graph_url));
echo("Hello " . $user->name);
}
Again, once the user has authorized the app, and the app has authenticated the user, the graph call works.
Any ideas?
When navigating to the OAuth dialog the web page (not the frame your app is in) is navigated to the OAuth URL. To get back into the Facebook iframe after authentication you need to set the OAuth redirect URL to the canvas_page URL. The code shown above is navigating to the URL of myserver when redirected so your app takes up the entire page (because you left the Facebook iframe when navigating to the OAuth dialog). Your code at canvas_url needs to determine if it is being entered from authorization (success or failure) or if it is being entered with a valid access token after authentication.
Also your canvas_page URL appears to be comprised of the facebook apps host and your application ID. It should be the facebook apps host and your application name (the redirect URL should be the same as the "Canvas Page" URL on your app's developer page).
Well I did get this working. On the app > settings > basic I hadn't set a namespace, so the URL it gave me for the app on facebook was like this: https://apps.facebook.com/123456789/ and now with the namespace they changed it to: https://apps.facebook.com/myappname. So that may have been it. I tried to carefully follow the simple PHP autorization demo on this page: https://developers.facebook.com/docs/appsonfacebook/tutorial/ and it seems to work ok now.
Thanks for the help!