In my work we often need to build Facebook apps in the form of Facebook Canvas and Website. These apps are available on Facebook direclty (an iframe) and as mobile versions (outside Facebook, in the browser).
We are working with a code base which mixes Facebook JS SDK (authentication and authorization) with PHP SDK (API calls). I find it rather dirty, and not easy to understand for people freshly working on the projects.
It's inconvinient to make API calls with JS, and making them with PHP forces extending access tokens. Authenticating user with JS SDK involves client-side redirects which are ugly to be honest, as they usually occur moments after the current page starts rendering, and so on...
I googled a lot about separating these two SDKs but did not find a clear answer to my questions:
Is it possible to create Facebook app (Canvas, Website) which bases ONLY on PHP SDK? Check login status, login, permissions, making API calls, etc. Would signed request be enough?
Is JS SDK the only full-proof way to determine user's login status at any time?
This link seems to describe what I'm thinking of, however the docs are rather brief (which seems to be a problem of Facebook documentation in general). Can anyone suggest other sources that might help? Does anyone have experience with builing FB aplications based only on server-side?
Thanks.
EDIT:
The link I posted above covers the case of not using ANY SDK, so no, it's not what I'm looking for.
You can even create an App WITHOUT any SDK - with simple CURL calls, for example. So yeah, it is indeed possible to use the PHP SDK only, but the login process is much better with the JS SDK (no redirection needed) and you canĀ“t auto-refresh a user session like it is possible with FB.getLoginStatus afaik.
In short, i would not recommend it, the JS SDK is the very best way to authorize users and refresh Access Tokens. I would only use the PHP SDK (or simple CURL calls) for stuff that MUST happen on the server, and for stuff that includes using the App Secret, for example.
Related
This is a first time I am trying to make a facebook application/game, and I have couple of questions.
Let's say canvas url is http://mysite/first_app/ and facebook app url is https://apps.facebook.com/first_app
I wonder if visited both url-s should a functionality be the same? I mean does facebook give you more tools and freedom if navigated from https://apps.facebook.com/first_app? Or should both url-s look and do the same thing? Is it possible?
I wonder if visited both urls should a functionality be the same
Of course yes. The difference is just that one is deployed at the facebook's app center and the other at your domain.
Yes, you have more tools available in the canvas ("apps.facebook.com.."), as it will send you the user-id without any user consent. Has the user previously used your app, you will also be able to get their accesstoken and fetch more info about them.
It requires some backend code to decode the signed request parameter, which provides you this stuff.
This example is how php handles signed request:
https://developers.facebook.com/docs/facebook-login/using-login-with-games/
If you're using C#, download the Facebook C# (available through NuGet, the package from Outercurve Foundation) and use this example:
How do I parse a signed request in Facebook C# SDK?
I try to handle the user in Facebook context whenever possible. It adds trust and more tools. Although since the Facebook phone/tablet app (App Store/Google Play) doesn't support Facebook apps at all, I often optimize the app for mobile web use also. I read somewhere that over 50% of daily Facebook visists are done using the phone app, so it might be something to think into your app while developing.
UPDATE:
I can see I have misunderstood part of signed request, as commented by Shadowfax and CBroe. In my app, I use the user id from signed request but of course only when the user has already logged on to the app beforehand. My apologies.
I used to develop a few FB apps in the past (using the old rest-ased api), and now I'm considering to make them actually usable again by porting them to the new 3.1 API.
Sounds nice, but for some reason this is way harder than I should be...
So here are few questions:
Is there any example of a canvas app using the 3.1 API? Google did not give me anything useful
Is there still a difference between iframe and FMBL canvas applications? In my app settings, I checked the fmbl-option, but when I'm back at the app overview page, it still says it's an iframe app.
The SDK mentions the getUser() function to get the user-id, but how do I request the necessary permissions for my app? When I do some googling, I find even another solution which calls a specific url and then performs a callback. This solution however doesn't seem to php sdk at all!
Where is the documentation of the php-api? The only usable thing I find is this: https://github.com/facebook/php-sdk which consists only a few lines of code. And I suspect this is for having a fb login-button on your own website, not for a canvas app.
Firstly, good luck, and best wishes - you'll need it. Maintaining Facebook apps is way harder than it should be, because Facebook doesn't believe in legacy support, changes things all the time, and deprecates things quickly and completely. As a (former) Facebook app dev myself, I can tell you there is only one constant: apps will die if you leave them alone. As an app developer, Facebook owes you no favors, and it is vicious when it comes to breaking apps.
As for specifics: as of June 2012, Facebook has deprecated and removed FBML and the REST API, and there is no longer any difference between canvas apps and iFrame apps. This isn't a soft, "you shouldn't use it" deprecation - it's a hard, "your apps are now broken" deprecation. All apps are now iFrame apps, as there is no longer any other way to build them. The docs on how to build a canvas/iFrame app are here, and there's an auth migration guide that may be helpful in conversion. Oh, and you'll need to get your app running on HTTPS too, if you haven't already.
As for the rest of it, it sucks, but the only way you're really going to be able to maintain and get your application working is using the Open Graph API. Using the PHP SDK, you just run $facebook->api('/graph/url/here') - for instance, to get user information, run $facebook->api("/$userid"). You get the URLs off of the Open Graph docs - just grab everything after the graph.facebook.com bit and pass it to api(). It's another learning curve, and (depending on the complexity/modularity of your code) is anywhere from a lot to a nightmarish mountain of changes, and there are no drop-in replacements. Sometimes you can use the old REST api, but I doubt that will last very much longer either. It's painful, but that's how it goes. You're at the mercy of Facebook, because it's their data.
Upgrading apps involves a shift in thinking: apps are now literally just webpages surrounded by the Facebook chrome. There is now no difference between an external website that uses Facebook's api to pull in information and an app that runs inside of Facebook. It's for that reason, personally, that I've shifted to just that for my own app - an external website that just happens to use Facebook for most of its posting/sharing/user info needs.
For authorization, you request permissions via OAuth, using any number of methods. There are docs on how to do that over on Facebook as well. Specifically for the PHP api, you generate a URL using getLoginURL() and then redirect to it. Facebook eventually redirects back to a URL you specify with info about whether they authorized your app and such, after which you can do a getUser(). If you want fancy/slick/user-friendly popup dialogs without a bunch of redirecting, the Javascript SDK is your friend.
I just got this email from Facebook:
Dear Developer,
As part of our continued efforts to migrate all apps to OAuth 2.0, we
opted in all apps using the new JavaScript SDK to OAuth 2.0 this
afternoon at 11am PT and reverted at 1:30pm because we noticed that
your app has not migrated. Please ensure that you have set the oauth
param in FB.init to true and that you are using FB.getAuthResponse to
obtain the access token.
Read more in the OAuth2 migration announcement, updates to the new JS
SDK blog post, or our JS SDK docs.
If your app was affected today, please ensure that you have made these
changes by December 13th, 2012 to avoid any disruption with your
users.
The email doesn't specify which app needs my attention, and I can't make heads or tails of it.
Can anyone tell me what I need to be doing here? I have seven apps:
Four were created solely because I needed an app ID (API key) to install the "Like" button on various sites. Do I need to add "oauth: true" to the FB.init() call on these pages? (None of them actually integrate with Facebook authentication. All they do is render Like/Send buttons, and hook into the Edge.create callback for tracking purposes.)
Two of my apps are just tabs that I've added to Facebook Pages, which pull in static HTML pages (hosted elsewhere) via iframe. There's no JavaScript or server-side code whatsoever. I presume I can leave these alone?
One is an off-the-shelf app from a third-party provider. Looking at their code, I see that their call to FB.init() already includes oauth: true.
Facebook does a really terrible job with developer documentation, explaining changes, and maintaining backward compatibility. I'm a pretty experienced developer, but it seems like you have to learn every nook and cranny of Facebook's (ever-changing and over-complicated) proprietary API suite just to use the simplest features. I'm not a Facebook app developer (and I don't want to become one); I'm just a guy who wants to use a few "Like" buttons and custom page tabs, preferably without having to wade through this nonsense every two months when Facebook decides to change everything around and break backward compatibility again.
Anyway, any guidance would be much appreciated!
If you didn't see any of the blog posts since May - here's a summary: https://developers.facebook.com/docs/oauth2-https-migration/
To answer your specific questions, the 4 apps used only for the social plugins don't really USE oauth - but adding the oauth:true param and making sure they still work shouldn't be a huge issue - it also explicitly indicates to facebook that you're using the new auth mechanisms on those app IDs, so you shouldn't have an email sent about those apps in future
If your other apps aren't actually using any authentication, you probably don't need to do anything - if there was a problem you'd have discovered it yesterday when the oauth migration was flipped on for apps - the non compliant apps would have ceased working correctly
I have read many articles about facebook apps, but I can't find anything what I need. Is it possible to create an App for Facebook with HTML/ CSS / Jquery without to using FBML and load this app from my server? Is it possible to use in this app the facebook functions like share, add app to my account etc? Is there any doku or example apps, where I can take a look?
Thanks
Nik
What delayed my app getting to work was realizing that the canvas URL request is HTTP POST - not HTTP GET as otherwise usual. A simple way to start is looking at example apps that have their source code open. There're examples both for PHP and python at the developer pages. A good example of a simple facebook app that uses google app engine is runwithfriends
FBML is in the process of deprecation in favor of the Graph Api for quite a while now.
Excerpt from http://developers.facebook.com/docs/reference/fbml/:
We are in the process of deprecating FBML. If you are building a new application on Facebook.com, please implement your application using HTML, JavaScript and CSS. You can use our JavaScript SDK and Social Plugins to embedded many of the same social features available in FBML. While there is still functionality that we have not ported over yet, we are no longer adding new features to FBML.
The Graph Api is easily accessible through JavaScript.
For a quick start you can use this page as a start.
First of all, fbml is not supported anymore. so forget about that.
You can write your fb app in many languages, for example you can do it in Ruby on Rails, PHP, or C#/ASP.NET etc, whatever you prefer (although you might want to look if there are some frameworks available for your platform, for using facebook. will make your life easier).
Then, setup your app from facebook developer to match your ip, and you're set to go
I'm writing a sort of visualization desktop (non-web) application, just for fun.
However, ideally I'd want it to be able to pull information from the user's facebook account. (after getting its credentials, of course)
What's the best way to do this? Should I register a new 'facebook app' even though I'm not really making it web-based? I've never written a facebook app before.
I'm using Java as my prog language, btw.
Thanks!
Yes. Facebook supports desktop applications, but they must go through a special authentication mechanism. Essentially, the user will need to be directed to facebook through a web browser window as part of the authentication process.
Here is the documentation on the authentication process: http://wiki.developers.facebook.com/index.php/Login_Desktop_App
There is a relatively polished Java library for facebook here: http://code.google.com/p/facebook-java-api/
If the Java library above does not meets your needs, you can build an implementation on your own. Essentially, you will need to interact with the Facebook REST server, as described at the top of the page here: http://wiki.developers.facebook.com/index.php/API
Edit: After doing some more research I have a few more resources to provide:
Here is a list of some applications written using Java for facebook:
http://wiki.developers.facebook.com/index.php/Facebook_apps_written_in_Java
And there's even a neat desktop application that is open source here:
http://code.google.com/p/fb-photo-uploader/
Good luck!