I get the user permission using FB.login JS call. Now when user goes to another page
I'm trying to fetch his fbuid assuming that he does not need to give the permissions again
i.e.
require 'facebook.php';
$facebook = new Facebook(array(
'appId' => YOUR_APP_ID,
'secret' => 'YOUR APP SECRET',
));
$userId = $facebook->getUser();
But I always get 0 instead, What exactly I'm doing wrong?
P.S
I don't want to redirect user to the permission dialog using JS redirect that's why I used JS FB.login
The sessions for JS and PHP must be in the same go. When JS finishes logging in, a cookie is set with the signed request, as long as the same session is reloaded the PHP SDK should be able to recognize it and return a valid user for the getUser() call.
Related
I've been working on a way to determine if a user likes a particular page so a tab on that page can be fangated or not. I didn't want to prompt the user for authorization for user_likes, so I avoided the JS SDK and used the PHP SDK:
<?php
require 'src/facebook.php';
$app_id = "...";
$app_secret = "...";
$facebook = new Facebook(array('appId' => $app_id, 'secret' => $app_secret, 'cookie' => true));
$signed_request = $facebook->getSignedRequest();
$like_status = $signed_request["page"]["liked"];
/* testing response */
if ($like_status) {
/* liked content */
} else {
/* not liked content */
}
?>
My problem is signed_request is passed only when the code is on the FB tab--if I hit the PHP page outside of FB, I get nothing. I wondered if there's a way to get this user info outside of Facebook.com.
You can try saving the signed_request in a session or cookie so you can use it until it expires. After which, the user will have to come through the tab again to renew it. Naturally, if you are planning to use cookies, you should keep the signed_request decoded so no one can find and use the access_token from the cookie.
Sounds like this isn't really feasible outside of the Facebook tab. We've begun deploying our tabs in PHP in order to pull this data without an action on the user's part.
Thanks!
I am trying to implement the Facebook Login and Logout in my website.
I am using the Facebook PHP SDK.
The code i am using is as follows :
Login
$facebook = new Facebook(array('appId' => APP_ID,
'secret' => APP_SECRET
));
$param = array();
$param["scope"] = array("email","offline_access","publish_stream");
$loginUrl = $facebook->getLoginUrl($param);
Logout
$logoutUrl = $facebook->getLogoutUrl();
The problem is logout url is not being able to logout the facebook user.
When i remove the "offline_access" from the scope parameters the logout Url is working fine.
I have also implemented the above scope in the example.php file in the PHP SDK and the result was the same.
Can anyone provide any help.
I found out my problem. After logging in from Facebook I called the function $facebook->destroySession(); and after that, called the function $facebook->getLogoutUrl();.
Because of the destroySession() function the access_token returned from Facebook got lost and my logout URL generated from the getLogoutUrl() function could not log out the user from Facebook.
After removing the destroySession() function my code is working fine.
I think the problem might be that you are not clearing the session cookie after you log the user out of FB.
1) download the latest php sdk.
2) Make sure you specify the 'domain' parameter when you create the $facebook object.
3) Before you redirect the user to FB logout, clear their session with
$facebook->setSession(null); - alternatively, you can use FB.logout() in the javascript SDK.
Update:
as you are specifying appId and key, also give 'domain' as your domain name.
Examples of setSession:
example1
I'm trying to redirect users to the facebook login page then back to my app without the Log In to app page displaying. Is this possible?
I've looked into the "next" parameter which is automatically generated by the PHP-SDK but cannot seem to change it.
Is there anyway to do what I'm looking for? I want to make sure users are logged in in order to check to see if they have authed my app but do not want them to if they are not already.
Thanks for any help!
No, i don't think it is possible to modify the next parameter. The only place where i saw the next parameter(in the PHP SDK) is in the getLogoutUrl() function, as seen in the source of the base_facebook.php. And that parameter defines which url to go, after logout.
For getLoginUrl() in the base_facebook.php file, we have
return $this->getUrl(
'www',
'dialog/oauth',
array_merge(array(
'client_id' => $this->getAppId(),
'redirect_uri' => $currentUrl, // possibly overwritten
'state' => $this->state),
$params));
as the last line in the function, which obviously means that the oauth-dialog will be shown, no matter what you try.
If your app is not on Facebook, then you can go for <fb:login-button>Login with Facebook</fb:login-button> in Javascript, and subsequently follow the example from this url. You'll see there that it's not possible to remove that dialog entirely, even if you don't ask for any permissions.
The Javascript SDK's FB.login() method will also bring up the auth dialog.
Hope this helps.
They have to accept permissions for the first time only. Facebook will never let you to get user's data without their knowledge/accept
If you are using php :
// Create our Application instance.
$facebook = new Facebook(array(
'appId' => $fbconfig['appid'],
'secret' => $fbconfig['secret'],
'cookie' => true
));
//Facebook Authentication part
$user = $facebook->getUser();
if (!$user) {
// user is not logged on --> redirect to the login url
} else {
// user is logged on you can do what you want
}
I've got some trouble with Facebook authentication. Even when I'm logged, the function getUser() returns 0
Here's my code :
$fb_params = array(
'appId' => APP_ID,
'secret' => SECRET_ID
);
$fb = new Facebook($fb_params);
echo $fb->getUser(); // UID
Someone's got an idea?
PS : 'I can no long access to $fb->api('/me'), it says it requires an access_token, I think it's linked to the authentication issue...'
Thanks
You are currently not authenticating as a user, only as an application. As a result, the Facebook API can't show you the /me page or respond to a getUser() call since it doesn't know what user you are trying to access the API on behalf of (ie. "Who is /me?"). You will also only be able to access publically-accessible information.
You need to get a user to authenticate your application through Oauth2, store the access_token you are returned, and then include it in any future calls (eg. WIRQjCey1.3600.1309525200.0-509450630|eD6SAR">https://graph.facebook.com/me?access_token=2227470867|2.AQB-_WIRQjCey1.3600.1309525200.0-509450630|eD6SAR...).
To do this using the PHP SDK you can do
$loginUrl = $fb->getLoginUrl();
echo "<a href='$loginUrl'>Login with Facebook</a>";
Clicking that link and having the user authenticate will store the access_token to the $_SESSION, and when you hit refresh the "new Facebook( $fb_params );" constructor will pick out the access token from the $_SESSION and use it for all future calls, so then calls like $fb->getUser(); will return correctly.
There's a functioning example in the examples folder of the SDK, here:
https://github.com/facebook/php-sdk.
You can use it to try calls while authenticated as an application (public data access only), and then as a user.
When a user visits my site which contains a facebook app the first time, it requires him to allow it and he gets promted to do that, then I get the code which I can convert to an access_token. So far so good.
But how do I get the token once the user has already visited the site?
As long as this token form the first time is active everything is fine. But how do I get another token when the user had already allowed the app a week ago and is only visiting my page again?
Now that Facebook is migrating to Oauth2, the cookie created by the Javascript is different. I got it to work for me and added it to a fork of the FGraph plugin for Rails - https://github.com/imme5150/fgraph
One of the tricks is that when you request the access_token from the "code" parameter stored in the cookie, you have to pass in "redirect_uri", but you want it to be blank.
On the client-side flow, you can redirect the user to the OAuth dialog with the permissions in the scope parameter. If the user already accepted your App and permissions he will be redirected to your "redirect_uri" with the access_token in the URI fragment, otherwise the needed permissions will be prompt.
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=email,read_stream&response_type=token
On the server-side flow you should have the "code" so you can redeem it for an access_token on the OAuth endpoint:
https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&redirect_uri=YOUR_URLclient_secret=YOUR_APP_SECRET&code=THE_CODE_FROM_ABOVE
Documentation: https://developers.facebook.com/docs/authentication/
I use the cookie method to store the access_token on the user's computer.
FB.init({appId: 'your app id', status: true, cookie: true, xfbml: true});
In your facebook.php file you need to set cookieSupport to true then:
private $cookieSupport = true;
Or use the get_facebook_cookie function found here: Single sign-on with the JavaScript SDK
The access_token is then stored in a cookie called "fbs_APPID" (with expire). If you want the cookie to last more then a couple of hours you need to ask the extended permission 'offline_access':
Enables your application to perform authorized requests on behalf of the user at any time. By default, most access tokens expire after a short time period to ensure applications only make requests on behalf of the user when the are actively using the application. This permission makes the access token returned by our OAuth endpoint long-lived.
you can also use this:
$access_token = $facebook->getAccessToken();
https://developers.facebook.com/docs/reference/php/facebook-getAccessToken/
using php
session_start();
// Create our Application instance.
$facebook = new Facebook(array(
'appId' => FACEBOOK_APP_ID,
'secret' => FACEBOOK_APP_SECRET,
'cookie' => true,
'domain' => 'example.com'
));
$session = $facebook->getSession();
$me = null;
// Session based API call.
if ($session) {
try {
$uid = $facebook->getUser();
$me = $facebook->api('/me');
$_SESSION['me'] = $me;
$_SESSION['uid'] = $uid;
$_SESSION['session'] = $session;
} catch (FacebookApiException $e) {
error_log($e);
}
}
you can reference the access_token via $_SESSION['session']['access_token'] within your app,, for more theres tutorials over at fbdevtutorials.com