I am currently using this recently written tutorial on authorizing an application with facebook using auth 2.0 and it works. the application authorizes correctly and uses the GraphAPI.
http://kartiklad.com/oauth-2-0-and-graph-api-for-facebook-canvas-applications/
But the problem is using the IFrame with a multi page website and this method of authentication, each time a different page is called, it has to go back to authentication page which will redirect the user page to the application, which makes it impossible to pass variables using $_GET.
So how would anyone else here suggest passing variables from one page to the next in an iframe?
This is probably not needed by the application I am working on is at : http://apps.facebook.com/prtrackevents/
The problem is that your urls are only navigating within the frame. The authentication of facebook is including your session variables inside a ?session=... query tag on your frame so that when you navigate to a url in your iframe you loose the ?session querystring value so then your app has to re authenticate. The fix is that your links must include target="_top" so that they cause the entire page to change positions. For example, your details link should be like this:
Details
Related
There is so much documentation on facebook apps, both through the official docs and through discussions, however I still cannot find a solid answer to this.
I have a facebook tab app that should have 3 pages: a landing page that requires no authorization, an interior page that does require authorization, and a final page that displays the results of what happened on page 2 (also requires authorization).
My plan was to simply POST data between each page and dynamically include files based on a variable. The problem, however, is that I lose my signed_request after POSTing. Should I just use 100% AJAX to load new pages and post back to the server? Thanks.
When user loads your canvas url: https://apps.facebook.com/your_app, in both case you'll get signed_request by authorized user and non-authorized user.
But if user auhtorized signed_request will included user's facebook id and access token to query on graph api.
By using facebook javascript api, you'll get cookies including signed_request.
For the first page load, by signed_request you recognized the user.
For successive calls you use cookie
For your case:
Landing page: you got signed_request "anonymous"
Page 2:
Either you can ask authorization by javascript methods then you got cookies
for successive pages you can do whatever you want
Or you can redirect to authorization page and at the returning you got signed_request including users info and access token, for next page either you pass it by http param or by cookie written by you or by cookie written by facebook javascript sdk
.
Note: sorry for long answer :/
I am trying to put a redirect on the iframe page I am creating for a facebook tab to make sure that those accessing the pages outside of FB will be directed to the application.
Everything I have done so far has caused problems with the meta data not being able to be accessed by FB and so on with the redirect causing a conflict.
Does anyone know how to do this?
The best way to know that you are inside a facebook iframe is to check and see if you have been passed a signed_request (and that it is valid).
Here is a link to another SO question that dealt with the same sort of issue.
How to know if my page is running in a facebook iframe or not
I'm trying to do something similar to the login/registration flow described on this page but via php only.
http://developers.facebook.com/docs/plugins/registration/
What I want to do is display a register link if a user is logged in to facebook but not registered with my site, and a login link if they're not logged in to facebook, however I want to do this all on my side in php, and not using the fb:login-button widget. Is this possible?
I have the login url working, i just want to change the name of the button based on the users status.
You can't do it without loading the javascript lib. If you load nothing from Facebook on the client, then there is no way to do cross domain communication (security). Which means there is no way to tell who the user is, much less if they are logged into Facebook. By loading the javascript API on the client, the javascript code can check for a Facebook cookie and determine who they are and whether they are logged into Facebook or not.
Check through javascript and do a page reload if need be. Better yet, just use css to show/hide what you want.
http://developers.facebook.com/docs/reference/javascript/FB.getLoginStatus/
Yes, it is possible. Here's a tutorial:
Tutorial,
Example tutorial
I've been playing around with the Facebook PHP SDK for a site that I'd like to use Facebook's single sign in for. I've been able to login to my Facebook account from my site and successfully tested a few of the features (posting to /me, an FQL query etc.).
When generating the login URL I have set the cookie parameter to true, however I seem unable to establish a persistent session with Facebook. At the moment the Facebook login window redirects the whole website (I have not yet tested this within the webpage or a popup). The user can authorise and is returned to my site, but the session data is stored in a query string on the return URL. If this string is removed the user must reauthenticate.
Previously I have worked with the JS SDK and this has not been an issue. It's worth noting in this case that I am avoiding using the FBJS (because I believe the PHP SDK is an alternative) and FBML (because it is deprecated) - I also have not implemented a cross domain communication file as this appears to be unnecessary.
I have read about conducting the authentication within an iFrame. I'm unable to find any documentation about this though.
I have considered storing the $_GET querystring in a session on my site and appending it to the website URL, or an iFrame URL, when I need to authenticate. I'm certain that this is the incorrect way to achieve what I'd like though.
Please could someone point me in the direction of some documentation regarding this. Perhaps I am mistaken in thinking I can do this without JS, or maybe I need to manually set up the session cookie? I've searched at length but have been unable to find any documentation that describes this specifically.
Thanks for any help!
Hello I am looking to build a basic API and application/apps system on my social network something like Facebook or other sites have, my site is in php/mysql. Here are some questions.
1)
Basically what I want to do is give a user a API key and secret. After I have these how can I use them in my php app to authenticate a user request which would come from there server?
2)
I can basically build an API to send a request to my server with CURL and get the result back to the page in XML or JSON or whatever, the problem is when sending the request the user would have to know the user ID they want to send to lookup data against, this is fine for an API but I am wanting to have an Apps section where the user's app site would be using the API and would be loaded into my site in the app section with an iframe, the problem is, I need to find a good way to make it where a logged in user on my site can go to the app section and go to an app and there username should be available to that page loaded in the iframe. Facebook and myspace do this somehow and many other sites; I am lost how to get around this hurdle.
Any help on any of this is really appreciated, thank you
Update:
I just had an idea, if I require a cookie to be set when a user visit's my site, then they would have a cookie and it could hold there User ID, then my API script could look for that cookie to exist and grab it's value?
If you plane on using an IFRAME, then no, your API hosted on a separate website (the website inside the IFRAME) would not be able to grab the cookie. The cookie is only visible on the website that it was set for.
I have only used Facebook API with the FBML (not the IFRAME,) but all they do their is basically replace what's in the page with the info that the "tag" is calling. I'm not sure if there is a better way, but you could possibly call a page on the app's server (say the app is hosted at http://example.com/app/, and you called http://example.com/app/?id=28318&name=John%20Maguire,) and have your API code handle it and turn it into a variable?
Maybe you should look into the source code of the Facebook API client.