Trying to work out Authorization within a page tab app. I direct user to the auth dialog which redirects them back to my page tab with "&code=XXXXXXX..." in the url.
However, $code = $_REQUEST["code"];, which always worked on a canvas app, isn't working for me in the page tab app. How do I access my code to proceed with authorization?
Or... Am I unable to access info in the url with PHP?
Apologies if this is a repeat, but in searching all I've found were questions asking how to get the page url for the sake of redirect.
Since its a querystring, try $_GET["code"] or you could try parsing $_SERVER["QUERY_STRING"]
You will not be able to get code passed to URL of your Facebook Page tab this way since only parameter that passed to your Page tab via URL is app_data.
You should use one of:
URL that reside in under your Page Canvas URL to finish auth flow and then redirect user back to Page Tab
Using JS-SDK FB.login method to authorize user.
Related
I developed a facebook fan page app with PHP SDK and am successfully running it. I have a Fan Gate implemented, that is, users have to like the page before they can use the app.
What I could not solve until yet is this: I would like to prevent my app from running outside of the Facebook iframe. As of now my app can run in a new browser tab or window, when a user copies and pastes the URL (of the iframe src). At this point I'd like to give an error message like "This app can only run in a Facebook tab".
I am catching the signed_request but as my app has subpages and routines, I have to store the signed_request in a session variable.
Any advices?
Ok, so what I usually do is provide data in the app_data field of signed_request to know which page to load. When POSTing, I redirect to the tab directly after processing the payload.
So, there are two methods a page, that is actually a facebook tab, may be requested: GET and POST.
GET
When using GET, the tab should always be requested using a facebook URL. For example: The tab's subpage "form" should have a URL like: http://www.facebook.com/pages/xXx/[page_id]?sk=app_[app_id]&app_data=form
In your server-side code you recognize the data in app_data after decoding the signed_request (see 1 and 2).
In your links to the form page, you also have to add the target="parent" attribute.
By this, facebook is reloaded and the tab feels slower than when you directly link the subpages. But you have URLs that identify a subpage, which is what we prefer.
Additionally, you can expect every GET request to have a signed_request. If it doesn't, it is not called via facebook and you can either show an error message or, what I suggest, redirect to you tab (sub-page).
POST
POSTs never have a signed_request. But usually, when surfing, browsers use GET requests. So you can assume, if you receive a POST request, it is either from your own form or a hacking attempt.
In both cases, you check the values of that request for validity.
If they are valid, you save them to your DB and redirect to a "success" page. E.g. if you are up for a contest, you should show a page that assures the user he/she has successfully participated.
If the data is not valid, you save your error messages into the session and redirect back to the form where you show them.
I always suggest you redirect after a POST request, no matter if you are in a facebook tab or not. But in a facebook tab, the redirect must be done using a javascript since it is within an IFRAME and you want the whole page to reload:
<script type="text/javascript">
parent.location.href = 'http://www.facebook.com/pages/xXx/[page_id]?sk=app_[app_id]&app_data=form';
</script>
Post scriptum 1: For me, forms always use POST requests.
Post scriptum 2: If you don't like the idea of the whole facebook "frame" to be reloaded every click, you can think of doing some AJAX magic where the requests are "spiced" with extra data for you to recognize them as "yours".
Well, I'm trying to get a parameter on my Facebook's Page Tab. (This page tab opens an app I've built). So I'm trying to do something like "http://www.facebook.com/mypagename/app_156916377306500?tag=iphone" but nothing happens. Anyone knows how to solve that?
It should be clear from the documentation how to use app_data:
app_data is the ONLY query string parameter in a page tab app's URL which is passed through to your app, it's present in the signed_request which is POSTed to your app's page tab URL, and needs to be decrypted with the app secret (though the SDKs take care of this step for you)
See the Page Tab App documentation and the signed_request documentation for more information
I am currently redirecting to this:
https://graph.facebook.com/oauth/authorize?client_id=305384546164461&redirect_uri=http://www.eeisi.com/bridge/auth.php&type=web_server&display=page&scope=publish_stream,%20user_about_me,%20user_likes,%20email
I have no idea why I am required to redirect to the URL specified in my application settings, for my canvas page. The purpose behind this never seems to be mentioned.
So I redirect there, and it asks for permission to use the app... great...
Then it goes to another dialog page, and asks for additional permissions... fine...
AND THEN... it goes to that redirect URL, and then what am I supposed to do?
Am I supposed to create some sort of landing page that redirects back to the canvas page on facebook?
Like...
http://www.eeisi.com/bridge/auth.php <--- the landing page
Am I then supposed to take the resulting auth code:
http://www.eeisi.com/bridge/auth.php?code=(long-fricking-string)
and pass that back to the canvas app page, like so?
http://aps.facebook.com/eebridge/?code=(long-fricking-string)
???
Is that how the whole thing fits together?
You'll want to exchange the code query parameter for an access token.
See step 4 here:
http://developers.facebook.com/docs/authentication/server-side/
You're redirected back to your app, as your app should know the application secret - which you'll need to exchange the code for an access_token.
I have a scenario where I have a tab application that will be deployed to various fan pages.
I am looking for a way to get build the redirect url from the signed request so I know which fan page to redirect to once the user has authorized the app.
Most of the examples show this as a static url in the tab app, but in my instance I am not sure which fan page is providing the link to the tab.
Hope that is clear.
Rabbit
In your tab app you get Signed request.
So you have two things you need to build your redirectURL.
1) PageId
2) AppId
based on these two values and facebook vanity URL you can create redirectURL as follows:
https://www.facebook.com/profile.php?id=PAGEID_HERE&sk=app_APPID_HERE
replace PAGEID_HERE with pageid and replace APPID_HERE with AppId and you are done.
you can set this URL as ReturnURL property of you app.
app.returnURL= Path generated above.
if(app.autherize) or whatever
I hope this will help.
Regards
Ims
I have created a FB Pages app and am trying to figure out why my tab html is not displaying.
when I go directly to my example.com/tab url that I have set in the facebook app settings I can see the expected HTML. When I go to my app tab on a sample facebook page I can see the request come for example.com/tab on my server as expected but nothing is displayed in the facebook page tab!
all I have is a simple
<div>hello world!</div>
and it doesn't display in the tab. Any idea why this is happening?
It's possible you don't have a valid SSL cert installed on your server. Or facebook may be caching an old URL. Check the URL it's trying to load in the iFrame to ensure Facebook is using the correct one.