Facebook Logout not Working with offline_access - facebook

I am trying to implement the Facebook Login and Logout in my website.
I am using the Facebook PHP SDK.
The code i am using is as follows :
Login
$facebook = new Facebook(array('appId' => APP_ID,
'secret' => APP_SECRET
));
$param = array();
$param["scope"] = array("email","offline_access","publish_stream");
$loginUrl = $facebook->getLoginUrl($param);
Logout
$logoutUrl = $facebook->getLogoutUrl();
The problem is logout url is not being able to logout the facebook user.
When i remove the "offline_access" from the scope parameters the logout Url is working fine.
I have also implemented the above scope in the example.php file in the PHP SDK and the result was the same.
Can anyone provide any help.

I found out my problem. After logging in from Facebook I called the function $facebook->destroySession(); and after that, called the function $facebook->getLogoutUrl();.
Because of the destroySession() function the access_token returned from Facebook got lost and my logout URL generated from the getLogoutUrl() function could not log out the user from Facebook.
After removing the destroySession() function my code is working fine.

I think the problem might be that you are not clearing the session cookie after you log the user out of FB.
1) download the latest php sdk.
2) Make sure you specify the 'domain' parameter when you create the $facebook object.
3) Before you redirect the user to FB logout, clear their session with
$facebook->setSession(null); - alternatively, you can use FB.logout() in the javascript SDK.
Update:
as you are specifying appId and key, also give 'domain' as your domain name.
Examples of setSession:
example1

Related

Redirect to facebook app after login from auth dialog

I got some problem with my testing app
$params = array(
'scope' => 'read_stream, publish_stream'
);
$loginUrl = $facebook->getLoginUrl($params);
echo "<script type='text/javascript'>top.location.href = '$loginUrl';</script>";
This is the code I use to send user who has not logged in yet to login
via facebook auth dialog.
The problem is after login using facebook auth dialog
user will be redirected to my site which is not in facebook app.
How can I send user back to facebook app after login using auth dialog ?
Please help
You can use the redirect_uri parameter of getLoginUrl() to tell facebook where you want to send the user after authorization ends (let it be success or failure).
There's a number of restrictions on what you can use there, basically you got three options:
URL under your application's domain.
The canvas path of the application (if it has one): https://apps.facebook.com/YOUR_APP_NAMESPACE
Any page url that has your application installed: https://www.facebook.com/PAGE_USERNAME/app_YOUR_APP_ID
By default, the php sdk takes the current url as redirect_uri. The documentation about these are under the oauth dialog's documentation of the same parameter.
Was google-ing about the same issue and found a solution,so thought might as well answer her.
simply add the following code in the main page.
$config['appBaseUrl'] = "http://apps.facebook.com/your_app_name/";
if(isset($_GET['code']))
{
header("location:" . $config['appBaseUrl']);
exit;
}
$config is the array that i pass while creating the facebook object. In this context,its not necessary to create an array though.

facebook api call from multiple pages

I'm creating a facebook app with facebook php adk 3.0.
I was able to do facebook connect login successfully as per the sample code from github.
the page to which i'm redirecting after facebook login is returning my correct user id using the function
$user = $facebook->getUser();
But if i go to any other page in the app, and if i call $facebook->getUser();, it's returning zero.
Seems like i should save logged in user session some where, anybody know solution for this?
After long search i found solution for this.
From the page to which u'll be redirected after facebook login, store access token in session.
$access_token = $facebook->getAccessToken();
$_SESSION['token'] = $access_token;
Then if you want to call a fb api from any other page, set access token as below before calling the api.
$access_token = $_SESSION['token'];
$facebook->setAccessToken($access_token);
Hope it will help.

Directing users to facebook login page without asking for permissions

I'm trying to redirect users to the facebook login page then back to my app without the Log In to app page displaying. Is this possible?
I've looked into the "next" parameter which is automatically generated by the PHP-SDK but cannot seem to change it.
Is there anyway to do what I'm looking for? I want to make sure users are logged in in order to check to see if they have authed my app but do not want them to if they are not already.
Thanks for any help!
No, i don't think it is possible to modify the next parameter. The only place where i saw the next parameter(in the PHP SDK) is in the getLogoutUrl() function, as seen in the source of the base_facebook.php. And that parameter defines which url to go, after logout.
For getLoginUrl() in the base_facebook.php file, we have
return $this->getUrl(
'www',
'dialog/oauth',
array_merge(array(
'client_id' => $this->getAppId(),
'redirect_uri' => $currentUrl, // possibly overwritten
'state' => $this->state),
$params));
as the last line in the function, which obviously means that the oauth-dialog will be shown, no matter what you try.
If your app is not on Facebook, then you can go for <fb:login-button>Login with Facebook</fb:login-button> in Javascript, and subsequently follow the example from this url. You'll see there that it's not possible to remove that dialog entirely, even if you don't ask for any permissions.
The Javascript SDK's FB.login() method will also bring up the auth dialog.
Hope this helps.
They have to accept permissions for the first time only. Facebook will never let you to get user's data without their knowledge/accept
If you are using php :
// Create our Application instance.
$facebook = new Facebook(array(
'appId' => $fbconfig['appid'],
'secret' => $fbconfig['secret'],
'cookie' => true
));
//Facebook Authentication part
$user = $facebook->getUser();
if (!$user) {
// user is not logged on --> redirect to the login url
} else {
// user is logged on you can do what you want
}

Facebook Graph API problem

I've got some trouble with Facebook authentication. Even when I'm logged, the function getUser() returns 0
Here's my code :
$fb_params = array(
'appId' => APP_ID,
'secret' => SECRET_ID
);
$fb = new Facebook($fb_params);
echo $fb->getUser(); // UID
Someone's got an idea?
PS : 'I can no long access to $fb->api('/me'), it says it requires an access_token, I think it's linked to the authentication issue...'
Thanks
You are currently not authenticating as a user, only as an application. As a result, the Facebook API can't show you the /me page or respond to a getUser() call since it doesn't know what user you are trying to access the API on behalf of (ie. "Who is /me?"). You will also only be able to access publically-accessible information.
You need to get a user to authenticate your application through Oauth2, store the access_token you are returned, and then include it in any future calls (eg. WIRQjCey1.3600.1309525200.0-509450630|eD6SAR">https://graph.facebook.com/me?access_token=2227470867|2.AQB-_WIRQjCey1.3600.1309525200.0-509450630|eD6SAR...).
To do this using the PHP SDK you can do
$loginUrl = $fb->getLoginUrl();
echo "<a href='$loginUrl'>Login with Facebook</a>";
Clicking that link and having the user authenticate will store the access_token to the $_SESSION, and when you hit refresh the "new Facebook( $fb_params );" constructor will pick out the access token from the $_SESSION and use it for all future calls, so then calls like $fb->getUser(); will return correctly.
There's a functioning example in the examples folder of the SDK, here:
https://github.com/facebook/php-sdk.
You can use it to try calls while authenticated as an application (public data access only), and then as a user.

Facebook login immediate mode?

I'm using Facebook OAuth interface but can't get immediate mode parameter working. Do you have any idea how that works with FB or any other url to use instead?!
(I don't/can't use FB JS libraries.)
A great way to make users login into your website with their Facebook account is to use the Facebook PHP SDK (see on github). So you will have something like :
require "facebook.php";
$facebook = new Facebook(array(
'appId' => YOUR_APP_ID,
'secret' => YOUR_APP_SECRET,
));
$user = $facebook->getUser();
If the user is logged in, then $user is his Facebook ID. You then have to check if you have a valid access token by making an API call :
If it does not raise any exception, then you have a valid access token
If it does, then you have to re-authenticate the user.
Here you go :
if ($user) {
try {
$facebook->api('/me');
} catch (FacebookApiException $e) {
$user = null;
}
}
You need then to display the login or logout link :
<?php if ($user): ?>
Logout of Facebook
<?php else: ?>
Login with Facebook
<?php endif ?>
When the user is logged in and you have a valid access token, you can make API calls to get data from Facebook :
$user_profile = $facebook->api('/me');
You may want to check the example page of the Facebook PHP SDK which is well documented.
Hope that helps.
I have extracted following url from FB php-sdk (which Quentin reminds me):
https://www.facebook.com/extern/login_status.php
?api_key=<your app-id or api-key>
&no_user=<callback url>
&no_session=<callback url>
&ok_session=<callback url>
&session_version=3
When you redirects user to above url (or open it as an iframe or popup) Facebook silently/immediately redirects backs user/browser to:
no_user when user has NOT signed in.
no_session when user has signed in but has NOT authorized your app yet.
ok_session when user has signed in and already authorized your app. Additional parameters (user identification and required token) will be appended to this url by FB which you need to validate.
For example:
https://www.facebook.com/extern/login_status.php
?api_key=123456789012345
&no_user=http://example.com/signin/fb/no_user
&no_session=http://example.com/signin/fb/no_session
&ok_session=http://example.com/signin/fb/ok_session
&session_version=3
Put them in one line whit no spaces and don't forget to encode urls if needed.
See OpenID Immediate mode to find out why this is useful.
If you are developing java based application, in that case you can use SoicalAuth library.
http://code.google.com/p/socialauth/