I'm trying to redirect users to the facebook login page then back to my app without the Log In to app page displaying. Is this possible?
I've looked into the "next" parameter which is automatically generated by the PHP-SDK but cannot seem to change it.
Is there anyway to do what I'm looking for? I want to make sure users are logged in in order to check to see if they have authed my app but do not want them to if they are not already.
Thanks for any help!
No, i don't think it is possible to modify the next parameter. The only place where i saw the next parameter(in the PHP SDK) is in the getLogoutUrl() function, as seen in the source of the base_facebook.php. And that parameter defines which url to go, after logout.
For getLoginUrl() in the base_facebook.php file, we have
return $this->getUrl(
'www',
'dialog/oauth',
array_merge(array(
'client_id' => $this->getAppId(),
'redirect_uri' => $currentUrl, // possibly overwritten
'state' => $this->state),
$params));
as the last line in the function, which obviously means that the oauth-dialog will be shown, no matter what you try.
If your app is not on Facebook, then you can go for <fb:login-button>Login with Facebook</fb:login-button> in Javascript, and subsequently follow the example from this url. You'll see there that it's not possible to remove that dialog entirely, even if you don't ask for any permissions.
The Javascript SDK's FB.login() method will also bring up the auth dialog.
Hope this helps.
They have to accept permissions for the first time only. Facebook will never let you to get user's data without their knowledge/accept
If you are using php :
// Create our Application instance.
$facebook = new Facebook(array(
'appId' => $fbconfig['appid'],
'secret' => $fbconfig['secret'],
'cookie' => true
));
//Facebook Authentication part
$user = $facebook->getUser();
if (!$user) {
// user is not logged on --> redirect to the login url
} else {
// user is logged on you can do what you want
}
Related
I'm using Kohana and I'm trying to make facebook login.
Where should I place appId in my project?
I put it in facebookauth/config/facebook file but it's still showing me previous AppId that I have used. Is there another place that I have to change it?
My code in config file is something like this:
return array(
'appId' => 'digits',
'secret' => 'ahgtdhdjsd',
'cookie' => true,
'redirect_uri' => URL::site(Request::current()->uri(), true)
And path to facebook login is :
https://www.facebook.com/dialog/oauth?client_id=OldAppId&redirect_uri=mysite.com&state=2df46b19d8c71f1976b3722d7e61a&scope=email&display=page
Đ•dited:
I found another file to change it-/config/facebook.
I placed the same code - appId, secred and cookie but now link is:
mysite.com/fbLogin?code=AQAfKFVji6aI0Xx1CtcW4JqKmj2LIY6Yx13BrHRfmUDIF2vpmBlNwSouBUAsCflXI9vImTc6gwurBmDKF9uub_MTmd3gRQmFP6LdiyVMJbJ0a9CSJKKcJR1BFftYajjK
What's wrong with it? It should be the same as the above link but only appId to be changed?
Can anybody help me?
Now that you have updated the other config file the code is working as expected. The URL you're seeing looks like you have already authorized your App with your personal Facebook account and were redirected by Facebook or are already logged in and don't need to be redirected by Facebook. Try clearing all your cookies or using another browser or incognito session to see what the flow looks like when you're not already logged in.
I am working on a site and i need to post page links from that site to a special user wall or page if something is published on it which means i only need one user to post that question.
the problem which i am facing is access token since i am not trying to show facebook login page in front of website traffic. its not like sharing on user wall we are basically trying to post status on a page automatically so any help for this problem will be appreciated.
i am using the following code which seems to work fine as long as the access token for the page is valid but i need to make something permanent so that i can add all the info in the php code hardcoded and it work for some weeks at-least without changing the api key or token
$appid = 'code';
$appsecret = 'code';
$wall= $pageId = 'code';
$token='page token';
$facebook = new Facebook(array('appId' => $appid, 'secret' => $appsecret, 'cookie' => true));
$params=array( 'message' => $msg,'name' => $title, 'caption' => $title, 'link' =>$uri,'description' => $desc, 'picture' => $pic, 'access_token' => $token,'actions' => json_encode(array('name' => $action_name,'link' => $action_link)) );
$result = $facebook->api($wall.'/feed/','post',$params);
if i make token from the graph api debug page then it works fine but after some time i got the message "OAuthException: An active access token must be used to query information about the current user."
i am really desperate to find something solid for it.
thank you
You can write a backend script (maybe a cron job using the FB PHP-SDK) that runs as the special user and makes the desired FB api calls. For this, you will want to use a long-lived access token, which needs to be renewed every 60 days. You might also try your FB api calls using an App Access Token, which do not expire but also do not support all FB publishing and other operations.
To post to someones wall (or perform any action with the open graph) you must be authenticated with facebook as somebody in their graph or an application that they have granted permission to.
You should look at the permissions that can be set using the oauth scope attribute...
https://developers.facebook.com/docs/reference/dialogs/oauth/
To me it looks like they will need to grant your application publish_stream if you want to write to their friends walls as well as the user that you are authenticated as.
https://developers.facebook.com/docs/reference/login/extended-permissions/
I am trying to implement the Facebook Login and Logout in my website.
I am using the Facebook PHP SDK.
The code i am using is as follows :
Login
$facebook = new Facebook(array('appId' => APP_ID,
'secret' => APP_SECRET
));
$param = array();
$param["scope"] = array("email","offline_access","publish_stream");
$loginUrl = $facebook->getLoginUrl($param);
Logout
$logoutUrl = $facebook->getLogoutUrl();
The problem is logout url is not being able to logout the facebook user.
When i remove the "offline_access" from the scope parameters the logout Url is working fine.
I have also implemented the above scope in the example.php file in the PHP SDK and the result was the same.
Can anyone provide any help.
I found out my problem. After logging in from Facebook I called the function $facebook->destroySession(); and after that, called the function $facebook->getLogoutUrl();.
Because of the destroySession() function the access_token returned from Facebook got lost and my logout URL generated from the getLogoutUrl() function could not log out the user from Facebook.
After removing the destroySession() function my code is working fine.
I think the problem might be that you are not clearing the session cookie after you log the user out of FB.
1) download the latest php sdk.
2) Make sure you specify the 'domain' parameter when you create the $facebook object.
3) Before you redirect the user to FB logout, clear their session with
$facebook->setSession(null); - alternatively, you can use FB.logout() in the javascript SDK.
Update:
as you are specifying appId and key, also give 'domain' as your domain name.
Examples of setSession:
example1
Hopefully this should be quick and easy.
session_start();
include("facebook.php");
$facebook = new Facebook(array(
'appId'=>'xxxxx50274xxxxx',
'secret'=>'xxxxxb932d62fbc6287feb18e5exxxxx',
'cookie'=>true
));
$fbuser = $facebook->getUser();
if (empty($fbuser)){
$fbloginurl=$facebook->getLoginURL();
echo "<html><body><a href='$fbloginurl'>Click</a></body></html>
} else {
die("Authenticated");
}
In this example, the first time I click the link to give permissions to the app to access my FB account, everything works fine. I can keep refreshing the page, and I get the "Authenticated" confirmation.
However, every time I restart the browser (starting a new session), it doesn't authenticate the app automatically and I have to click the link again. Of course as soon as I click the link I am immediately redirected back to the source page and presented with the "Authenticated" confirmation.
Is there any way of not having to click the authentication link during new browser sessions and have it authenticate automatically? I need to do this without a PHP Header directive, as I want the first time the user gives permissions to the app to be triggered by a manual click.
My FB login is persistent ("stay logged in" option is checked).
Thanks a lot for any help.
If I am understanding your scenario correctly (this is not an iframe app, correct?), this is all down to losing the website session cookie when the browser is closed. Once that cookie is gone, there is nothing to identify the user to your server-side code and so no way to know if the user has previously authorized your app.
You need to find a way to persistently identify the user, or at least identify that he has already given permissions. The simplest way would probably be to set your own (permanent) cookie once the user has first authenticated. Then whenever the session cookie is lost, check the presence of the permanent cookie and if it's there, do a PHP redirect to Facebook (which will be invisible to the user). If there is no cookie, present the HTML link to the user like you are doing now.
Comparing it to my code, the only difference I see is that I check to see if $fbuser is valid - if it isn't send me to the login screen. I'm also using top.location.href.
// Login or logout url will be needed depending on current user state.
if ($fbuser) {
$logoutUrl = $facebook->getLogoutUrl();
}
else {
$loginUrl = $facebook->getLoginUrl(array('scope' => 'publish_actions', 'canvas' => 1, 'fbconnect' => 0, 'redirect_uri'=>config_item('facebook_url').$pf));
echo "<html><body><script> top.location.href='" . $loginUrl . "'</script></body></html>";
exit(0);
}
Hope that helps.
Maybe I searched completely in the wrong way, and the facebook documentation pretty much sucks in my opinion.
I was wondering, I'm connecting to facebook with the settings below and that works (I'm able to retrieve the profile information of the logged in user allows my application to access his profile.) Are there other options I can set, like the callback url and the expiration (which I want to set to never, so I can save the token in my db and re-use it)?
This is the config now:
$facebook = new Facebook(array(
'appId' => 'xxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxx',
'cookie' => true
));
I'm also connection to twitter and there I'm able to this:
$this->configTwitter = array(
'callbackUrl' => 'xxxxxxxxxxxx',
'siteUrl' => 'http://twitter.com/oauth',
'consumerKey' => 'xxxxxxxxxxxx',
'consumerSecret' => 'xxxxxxxxxxxx'
);
Thanks in advance!
Facebook should take a look at Twitter
After trying a few days, spitting the documentation of the Graph OAuth 2.0 (which doesn't work as good as expected and searching the internet I found a solution which I used to create the following script:
// Config
$this->redirectUrl = 'http://www.mywebsite.com/facebook'
$this->clientId = 'APPLICATION_ID';
$this->permissions = 'publish_stream,offline_access';
// Check if a sessions is present
if(!$_GET['session'])
{
// Authorize application
header('Location: http://www.facebook.com/connect/uiserver.php?app_id='.$this->clientId.'&next='.$this->redirectUrl.'&perms='.$this->permissions.'&return_session=1&session_version=3&fbconnect=0&canvas=1&legacy_return=1&method=permissions.request');
}
else
{
$token = json_decode($_GET['session']);
echo $token->access_token; // This is the access_token you'll need!
// Insert token in the database or whatever you want
}
This piece of code works great and performs the following actions:
Log in if the user isn't logged in to facebook
Asks if the user wants to add the application and grants the requested permissions (in my case: publish_stream and offline_access) in one dialog
returns to the page you specified under redirectUrl with an access_token (and because we requested for offline access this one doesn't expire)
I then store the token in the database so I won't have to request it again
Now you can, if you wish use the facebook code, or you're own code to get the users data, or other information from facebook (be sure you requested the right permissions)
Don't now if this is facebook-valid code, but it works great and I can easily define the 'config' like I wanted....
There are many settings you can set at the point of authenticating. Extended permissions let you set the offline_access so that you can authenticate and store your session in a db. More info on extended permissions are at developers.facebook.com/docs/authentication/permissions and you can read my blog post for more info on how to use them at http://www.joeyrivera.com/2010/facebook-graph-api-app-easy-w-php-sdk/