I'm developing a facebook page tab app. When I set page tab URL in app settings to something like localhost/fbapp, it doesn't work since the page tab is not simply iframe. Is there any workaround to resolve this?
EDIT
I'm building facebook page tab with ASP.NET MVC-3.0 with fb C# SDK.
What I've tried so far is to modify hosts file to point the URL I have on app settings to localhost(127.0.0.1). I've been testing facebook app in this way always but it doesn't work in facebook page tab.
In Application setting in page tab url set
http://localhost/yourpagetabdir/
I am using this setting for my page application test frmlocalhost its works fine from my ASP.Net Development server if you are using IIS server make sure your IIS server allow page in iframe.
after this if u want to get page-signed request
Facebook.FacebookConfigurationSection s = new FacebookConfigurationSection();
s.AppId = "AppID";
s.AppSecret = "Secret";
FacebookWebContext wc = new FacebookWebContext(s);
dynamic da = wc.SignedRequest.Data;
dynamic page = da.page;
string curpageid = page.id;
bool isLiked = page.liked;
bool isAdmin = page.admin;
Try editing your hosts file so that when you go to http://example.com it links to your http://localhost/yourapp
Here's how to do it:
Windows: http://www.trailheadinteractive.com/creating_multiple_virtual_sites_a_single_apache_install_windows_xp (your localhost URL should have a valid website format: 127.0.0.1 dummydomainname.tld)
MacOS: http://danilo.ariadoss.com/how-to-setup-virtual-hosts-mamp-environment/ (again, make sure you have a valid website format)
Linux: You probably know how to do this already :)
This should work as then the iframe would point to a valid URL, which on your local machine would point to your content. Note that this won't work if you access the tab from other computers since for them the URL would point to something else (or nothing, depending on what domain name you choose).
Using FB PHP SDK for example, you can post the signed_request and parse it with a few lines:-
require_once ("facebook.php"); // this file comes from the SDK
$config = array();
$config['appId'] = 'get_appID_from_app_menu';
$config['secret'] = 'get_secret_below_appID';
$facebook = new Facebook($config);
$signed_request = $facebook->getSignedRequest();
print_r($signed_request);
Avoid that lenghty example given in FB's blog. Good luck coding :)
I figured out the issue with facebook page tab. It seems that they don't accept http on page tab even I have sandbox mode enabled. All I have to do is set up IIS to work with https and run the app over the ssl. It is now working perfectly. Thank you guys for all help
Related
I am using the OAuth Facebook controller add-on for ATK4.
It works as expected when authenticating with Facebook from a regular desktop browser.
It works when authenticating using a mobile browser that is telling face book that it's a desktop browser.
It does not work when Facebook detects a mobile browser and redirects to m.facebook.com/dialog/oath.
What's more, is that it works fine for signups from mobile browsers (ie, when Facebook asks the user to give permission to the app).
The login flow stops with an Error 500 at:
https://m.facebook.com/dialog/oauth?redirect_uri={my_url_encoded_landing_page_where_the_OAuth_controller_lives}&scope=email&client_id={fb_app_id}
What the hell is going on here? There isn't some difference between the Facebook mobile service and the regular one that the addon isn't taking care of, or is there?
It must be something I'm doing wrong. In init() on the page that handles the FB, I am doing the following:
function init(){
parent::init();
$f = $this->add("oauth/Controller_OAuth_Facebook", array('sign_method'=>'PLAINTEXT'));
if ($fbtoken = $f->check()) {
$f->setSignatureInfo();
$f->setAuthToken($fbtoken["access_token"], $fbtoken["expires"]);
$s = $this->add("sni/Controller_SNI_Facebook");
$s->setOAuth($f);
// ...
// grab profile from SNI, database lookup, session stuff, etc
// ...
}
}
I've tried all three sign_methods, and tried leaving it alone, but that doesn't make much difference because the user is not making it back to the controller with an access token to use anyway.
I tried creating a new app with Facebook and I get the same issues with a basically vanilla configuration on that. I've only marked and specified the "Website with Facebook Login" site URL integration.
The image below was captured from Chrome after overriding the user agent to a mobile device to trigger the forward to facebook's mobile servers:
Screen shot of request
Facebook closed my bug report with them stating that it's not an issue since no one else is reporting the bug. I am removing the ATK4 tag, as I get the same issue using the example PHP code provided by Facebook on GIT.
Created dedicated example here:
http://demo.ambienttech.lv/d.html?ns=d3
Example is downloadable and includes instructions of setting up facebook app as well. See if that helps.
Try This:
<?php
class page_fb extends Page {
function init(){
parent::init();
$f = $this->add("oauth/Controller_OAuth_Facebook");
$fbtoken = $this->api->recall("fbtoken");
if ($m = $_GET["error_msg"]){
$v=$this->add("View_Error");
$v->add("Text")->setHTML("You can't connect to the application.");
$v->add("Button")->setHTML("Try again")->js("click", $this->js()->univ()->location("fb"));
return;
}
if (!$fbtoken){
if ($fbtoken = $f->check("email")){
$this->api->memorize("fbtoken", $fbtoken);
$this->api->redirect($this->api->url("/index"));
}
} else {
$f->setSignatureInfo();
$f->setAuthToken($fbtoken["access_token"], $fbtoken["expires"]);
$c = $this->add("sni/Controller_SNI_Facebook");
$c->setOAuth($f);
if (!$this->api->recall("fbuserinfo")){
$this->api->memorize("fbuserinfo", $c->getUserProfile());
}
$info = $this->api->recall("fbuserinfo");
$username = $info->username;
$img = $c->customRequest("/" . $username . "/picture?type=large");
$this->api->memorize("userimg", $img);
$this->api->memorize("userinfo", $info);
if (!$this->api->auth->isLoggedIn()){
$this->api->auth->login($info->email);
}
$this->api->redirect($this->api->url("/index"));
}
}
}
I've got the same problem, but using PHP: just using a mobile web browser is not working, giving '500 internal server error'.
I'm just asking myself if exists a parameter for the method getLoginUrl to force return a non-mobile version of the authentication page...
I reported this issue here: https://github.com/atk4/atk4-addons/issues/35
Please stay tuned and if you can, you can always make changes yourself and pull request.
I can't test and fix this because strangely I still don't have smart phone :(
Something changed in FB's mobile OAuth service that is causing the error. I ran a test with my code base on a shorter URL (ie; http://domain.net/fb/ rather than http://development.project.domain.net/fb) and it works fine. I am not entirely sure of what exactly is causing the problem as Facebook refuses to acknowledge the issue as being on their server, but I have a few possible culprits that may be triggering the error on their side, but since they don't care, I don't either, and I am providing my results for anyone else who encounters this bs.
The environment I am developing in uses semi-complex (apparently) naming scheme. The development server has its own hostname under a subdomain. The issue may be caused by the fact that there are multiple components to the host portion of the URL or simply too many characters.
The name servers for the development environment are provided by DynDNS. Facebook's mobile OAuth service may be choking on the idea of a development site being hosted on a non-permanent IP address.
I'm not going to do anymore testing on this because it really is a problem with Facebook, not my code or servers, and it will work in production.
In the welcome_view.php I can’t view my name even though I’m already logged in Facebook.
this is my setup:
config/fb_ignited.php
$config['fb_appid'] = 'myid';
$config['fb_secret'] = 'mysecret';
$config['fb_canvas'] = 'dean_test';
$config['fb_apptype'] = 'connect';
$config['fb_auth'] = '';
now on my dev.facebook setup
App Display Name:Dean Mobile Application
App Namespace:dean_test
Website
Site URL: mydomain.com/dean_test/
Supposedly when Im currently logged in it should show: Welcome Dean, to Facebook Ignited but it show me: Welcome, to Facebook Ignited
in my fb_canvas I wrote the Site URL, try:
$config['fb_canvas'] = 'http://mydomain.com/dean_test/'
As according to the updated config file within my project at the Facebook Ignited GitHub you will find a new comment there that shows examples for the iframe and connect as below:
/**
* --- fb_canvas examples ---
* iframe your-facebook-namespace
* connect www.your-connect-domain.com/subfolder/
*/
You only need the namespace if you are using an iframe app. If you are using connect you will just need everything after http(s):// from the address.
Is there a way to deny direct access to the application server for a facebook application?
Facebook loads the application via an iFrame src=http://app-domain/, but you can clearly view the page source and find out that domain and copy paste the URL into a browser and view the application directly.
There is this signed_request and oauth_token in the API, I was wondering how to use that or if I can use that to limit direct access to the application.
So if a user inputs in the browser your application's URL he gets redirected to Facebook.
Thank you.
EDIT:
I found a way that also works with form submission.
// Signed request
$signed_request = $facebook->getSignedRequest();
if(!$signed_request) header("Location: " . $settings['appBaseUrl']);
This redirects the browser while accessing the application directly and not through facebook.
It will not work if javascript is disabled.
<script type="text/javascript">
var isInIFrame = (window.location != window.parent.location) ? true : false;
if(!isInIFrame){
window.location = 'link-of-application-page';
}
</script>
You'll need some Javascript to detect whether you're in Facebook's frame and if you're not, redirect to it.
I found a way that also works with form submission. (Works for me, it might not work for you. Test it first.)
// Signed request
$signed_request = $facebook->getSignedRequest();
if(!$signed_request) header("Location: " . $settings['appBaseUrl']);
This redirects the browser while accessing the application directly and not through facebook.
I'm trying to integrate my project with Facebook. I'm taking baby steps at first and just trying to login, get a Facebook session, and get some user data. I'm developing it locally so my Facebook application settings are:
site URL: http://127.0.0.1:8888/mySite/
The canvas URL is the same as above. I haven't specified a site domain.
However, when I click on the login button, I get an error:
API Error Code: 191
API Error Description: The specified URL is not owned by the application
Error Message: redirect_uri is not owned by the application.
At the moment I haven't written any server-side code to deal with redirects, etc. All I've done is add the JavaScript SDK based on the tutorial in Facebook for Websites.
What have I done wrong? It's obviously something to do with my Facebook application settings, but I can't see what!
UPDATE:
To answer the API Error Code: 191
The redirect_uri should be equal (or relative) to the Site URL.
Tip: Use base URLs instead of full URLs pointing to specific pages.
NOT RECOMMENDED: For example, if you use www.mydomain.com/fb/test.html as your Site URL and having www.mydomain.com/fb/secondPage.html as redirect_uri this will give you the 191 error.
RECOMMENDED: So instead have your Site URL set to a base URL like: www.mydomain.com/ OR www.mydomain.com/fb/.
I went through the Facebook Python sample application today, and I was shocked it was stating clearly that you can use http://localhost:8080/ as Site URL if you are developing locally:
Configure the Site URL, and point it
to your Web Server. If you're
developing locally, you can use
http://localhost:8080/
While I was sure you can't do that, based on my own experience (very old test though) it seems that you actually CAN test your Facebook application locally!
So I picked up an old application of mine and edited its name, Site URL and Canvas URL:
Site URL: http://localhost:80/fblocal/
I downloaded the latest Facebook PHP-SDK and threw it in my xampp/htdocs/fblocal/ folder.
But I got the same error as yours! I noticed that XAMPP is doing an automatic redirection to http://localhost/fblocal/ so I changed the setting to simply http://localhost/fblocal/ and the error was gone BUT I had to remove the application (from privacy settings) and re-install my application and here are the results:
After that, asked for the publish_stream permission, and I was able to publish to my profile (using the PHP-SDK):
$user = $facebook->getUser();
if ($user) {
try {
$post = $facebook->api('/me/feed', 'post', array('message'=>'Hello World, from localhost!'));
} catch (FacebookApiException $e) {
error_log($e);
$user = null;
}
}
Results:
For me, it was a missing app domain. Go into the app, and make sure that you have the root of your site set up as an app domain. See screenshot.
This is just because of a URL mistake.
Whatever website URL is specified should be correct.
I mentioned website URL as http://localhost:3000/
and domain as localhost, but in my browser I was running http://0.0.0.0:3000/.
When I ran server as localhost:3000 it solved the problem.
As I mentioned, the site URL as localhost Facebook will redirect to the same, if we are running
0.0.0.0:3000, it will rise error that "Given URL is not allowed by the Application configuration".
I was also facing the same problem when I am using the facebook authentication method.
But I rectify that issue with following changes in Facebook api (Apps >> My App >> Basic).
I removed the url which i have given in
===> App on Facebook (Canvas URLs)
I gave site url only in
===> Website with Facebook Login option
Then i gave that AppId and App Secret in my webpage.
So by clicking on login button, It ask for access permissions then it redirect it to give url (Website with Facebook Login ).
I fixed this by passing the redirect url to the FacebookRedirectLoginHelper::getAccessToken() in my callback function:
Changing from
try {
$accessToken = $helper->getAccessToken();
}
...
to
try {
$accessToken = $helper->getAccessToken($fbRedirectUrl);
}
...
I am developing on a vagrant box, and it seems FacebookRedirectLoginHelper::getCurrentUrl() had issues generating a valid url.
Had the same problem:
$params = array('redirect_uri' => 'facebook.com/pages/foobar-dev');
$facebook->getLoginUrl($params);
When I changed the redirect_uri from the devloper page to the live page, 191 Error came up.
So I deleted the $params:
$facebook->getLoginUrl();
After the app-request now FB redirects to the app url itself f.e.: my.domain.com
What I do now is checking in index.php of my app if I'm inside FB iframe or not. If not I redirect to the live FB page f.e.:
$app = 'facebook.com/pages/foobar-live';
$rd = (isset($_SERVER['HTTP_REFERER'])) ? parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) : false;
if ($rd == 'apps.facebook.com' || (!isset($_REQUEST['signed_request']))) {
echo '<script>window.parent.location = "'.$app.'";</script>';
die();
}
I have noticed also that even if you specify your website under secion - Website With Facebook Login -> Site url as e.g. http://example.com, but if your App Domains section is empty, and you open website as www.example.com you will get this error, too. To avoid it in "App Domains" section write example.com, that will allow subdomains, like www.example.com, something.example.com etc
in the facebook App Page, goto the basic tab. find "Website with Facebook Login" Option.
you will find Site URL: input there put the full URL ( for example http://Mywebsite.com/MyLogin.aspx ). this is the URL you can use with the call like If the APP ID is 123456789
https://graph.facebook.com/oauth/authorize?client_id=123456789&redirect_uri=http://Mywebsite/MyLogin.aspx&scope=publish_actions
Something I'd like to add, since this is error 191 first question on google:
When redirecting to facebook instead of your own site for a signed request, you might experience this error if the user has secure browsing on and your app does redirect to facebook without SSL.
Working locally...
I couldn't get the feeds api to work, but the share api worked pretty much straight away with no problems.
For me it's the Valid OAuth Redirect URIs in Facebook Login Settings. The 191 error is gone once I updated the correct redirect URI.
I'm trying to make a canvas facebook app using rails 3 and oauth2.
It kind of works fine following the steps here https://github.com/intridea/oauth2
So when I go to the app in FB, it triggers the methods set by oauth2 BUT, it asks the user to give the permissions OUTSIDE of the canvas, it goes out of FB. Then when the user gives permission it goes where it is supposed to go in the application but again everything OUTSIDE FB.
After giving the permissions if I go to the app inside FB then it shows the app within the canvas.
Anyone familiar with this?
Cheers.
As I know, the page, where you give permissions to app should be outside of app page.
And if you want for than be redirected to your FB app page, you should use
access_token = client.web_server.get_access_token(params[:code], :redirect_uri => redirect_uri)
def redirect_uri
uri = URI.parse(request.url)
uri.path = '/fbcanvas'
uri.query = nil
uri.to_s
end
redirect_uri method is specially used here, so when you are redirected from your fb app page, you'll return there, and if you are redirected from your site itself, you'll return to your site.
I actually changed gems.
What I'm using now is devise_oauth2_canvas_facebook gem.
https://github.com/ninajansen/devise_oauth2_canvas_facebook
It works together with devise and fbgraph and it worked pretty much out of the box, so I recommend that for canvas fb apps.
And everything stays inside the fb canvas :-)
Regards.
I had the same problem and answered my own question. You need to add the code below to application_contoller as per the OmniAuth Overview wiki page. But take care to use request.env["HTTP_REFERER"] rather than request.full_path.
def authenticate_user!
if !current_user
# This should work, but session is lost. See https://github.com/plataformatec/devise/issues/1357
# session[:return_to] = request.fullpath
redirect_to user_omniauth_authorize_path(:google_apps, :origin => request.env["HTTP_REFERER"])
end
end
def after_sign_in_path_for(resource)
# This should work, but session is lost. See https://github.com/plataformatec/devise/issues/1357
# return_to = session[:return_to]
# session[:return_to] = nil
return_to = request.env['omniauth.origin']
stored_location_for(resource) || return_to || root_path
end