I am trying to display a Facebook UI dialog inside my iframe app, so that I can get an extended permission that we don't presently have. This was easily achieved using the old SDK. However, using the new library, I get a Facebook iframe dialog that appears modally, but never stops loading. Changing the method to "page" means I get a popup browser window that simply says "An error has occured". My code follows:
var attachment = {
display: 'iframe',
method: 'oauth',
scope: perms,
access_token: '<?php echo $this->accessToken; ?>' // this is definitely valid access token
};
FB.ui(attachment, function(response){
pr(response);
});
I'm hoping this is possible using the new SDK, the docs certainly state that iframe is a valid display param.
Thanks in advance.
G
iframe is not a valid display param for oauth dialog because of the risk of clickjacking. Also I'd suggest to use FB.login to get an extended permission:
https://developers.facebook.com/docs/reference/javascript/FB.login/
hope this helps
This has been broken for a while. (Take a look at the bugtracker with "FB.ui permission" as search words.) A work-around is to use FB.login instead of FB.ui. This means getting a pop-up instead of an iframe, of course.
Related
Im trying to put the facebook permissions dialog within an iframe, however not making much progress because of lack of Facebook documentation, and the undocumented hacks around web are not working any more.
news.yahoo.com does something that i would like to emulate.
When you click on a news article it says login with facebook. After the initial oauth dialog to authenticate the user ( which does not ask for permissions), yahoo pop's another dialog from a yahoo URL which included the Permissions dialog within as an IFrame.
Does anybody know what API's can be used to accomplish this?
The fiddler trace indicates that the yahoo URL is calling:
the uiserver.php endpoint with the permissions.request method.
https://www.facebook.com/connect/uiserver.php?method=permissions.request&app_id=194699337231859&display=iframe&redirect_uri=https%3A%2F%2Fopen.login.yahoo.com%2Fopenid%2Fyrp%2Fsc_check&cancel_url=https%3A%2F%2Fopen.login.yahoo.com%2Fopenid%2Fyrp%2Fsc_check&perms=user_birthday%2Cuser_likes%2Cemail%2Cpublish_actions&response_type=code&locale=en_US
When i try to do this using FB's javascript SDK:
FB.ui({
method: 'permissions_request',
perms: 'read_stream,publish_stream,user_photos',
display: 'iframe'
},
function(response){
alert("badfood");
alert(response);
});
It goes to a different endpoint: facebook.com/dialog/permissions_request? ...
And I get a 500 server error from facebook without useful debug info.
Thanks
some things.
1) first add the parameter show_error=true. This will tell you more about what's really causing the error.
2) Facebook has multiple ways it can display any dialog. In the fiddler request, note the display=iframe parameter. This is used for canvas applications mainly but can be useful for regular iFrame displays as well. It opens the auth dialog in a lightbox.
3) Try loading the SDK synchronously. Remove the Async references that Facebook tells you to include at the top of the page after the body tag and use the secondary method. Include the all.js and fb-root div tag and load FB.init just before your FB.ui call.
4) Check out the echo tool.
This tool can print out your GET params or your . It can also decode
the signed_request parameter as used in Canvas applications with the
OAuth 2.0 Beta migration enabled. This is very useful in debugging
Canvas Authentication.
http://developers.facebook.com/docs/reference/dialogs/
Loading the auth/permissions dialogs inside iframes are not permitted nor possible due to the risk of clickjacking. Sites where you see this being done have special agreements with Facebook that allows them to do this.
i am trying to add the stream.publish functionality to my web app, but i'm having a problem with the 'feed' dialog.
My code is the following:
var obj = {
method: 'feed',
display: 'iframe',
name: data.name,
link: data.link,
picture: data.picture,
caption: data.name,
description: data.description,
message: data.message,
actions: [{
name: data.actions.name,
link: data.actions.link
}],
user_message_prompt: ''
}
var resp = FB.ui(obj, function(response) {
alert("DONE");
});
I can make it work if i use 'popup' instead of 'iframe' but that's not what i want.
Any ideas why the feed is just not appearing in my screen???
Thanks!
As described in Dialogs documentation
If you specify iframe, you must have a valid access_token. To get a valid access_token, please see the Authentication guide
Update:
Seems there is couple of other statements that may lead to this behaviour:
iframe: Display the dialog in a lightbox iframe on the current page. Because of the risk of clickjacking, this is only allowed for some certain dialogs, and requires you to pass a valid access_token.
And this one.
On Facebook canvas pages, Dialogs are supported only for iframe applications
There is also open BUG #246637628719849 about "Send Dialog" not working with as iframe in Page Tabs (which may, or may not be related).
Update2:
Actually in all my applications I've user FB.ui without specifying display since at the time of implementation of Dialogs iframe wasn't working well in most cases, and without it Facebook JS-SDK trying to use most appropriate display mode...
Update3:
OP had fb-root within other DOM element which was hidden, causing Dialog to be invisible (as he stated in comment)
I am trying to show a 'Post to Your Wall' feed dialog with the following code in a facebook iframe app:
<div id="fb-root"></div>
<script src="http://connect.facebook.net/en_US/all.js">
</script>
<script>
FB.init({
appId:'249725835046216', cookie:true,
status:true, xfbml:true
});
FB.ui({ method: 'feed',
message: 'Facebook for Websites is super-cool',
name: 'Facebook Dialogs',
link: 'http://developers.facebook.com/docs/reference/dialogs/',
picture: 'http://fbrell.com/f8.jpg',
caption: 'Reference Documentation',
description: 'Dialogs provide a simple, consistent interface for applications to interface with users.'
});
</script>
The problem is that it is appearing in a new popup window like this:
Instead of appearing as like this without appearing in a popup window:
I don't want the feed dialog to appear in a new popup windows because in most modern web browsers where popups are blocked. I don't know why this is happening. Please help.
I'm pretty sure that you get a popup if the user has not authorized your application. Facebook made it work that way for security reasons. If you prompt for authorization first, then you should get the inline dialog.
Note that the request for authorization will itself be a popup, but you only have to have that happen once. I have things working this way, the way you want, in the someecards Facebook app. Feel free to grab the javascript code, it's not specific to the app.
Try this, put FB.ui inside FB.getLoginStatus:
FB.getLoginStatus(function(response) {
if (response.authResponse) {
FB.ui({
method: 'feed',
...
display: 'dialog'
});
}
});
in my case the problem seems to have been solved by seting display to async
display: 'async',
i think this is default for page tabs and canvas, but from time to time, instead of appearing within the main window it would load a new popup..
after setting it though (page tab in my case) i haven't noticed any pop up coming up since then..
I know this is a bit old, but I stumbled across this page when trying to solve this problem for myself and none of the answers here worked for me.
For the benefit of anyone else who has this problem, this was happening for me because I was trying to call the dialog on page load. Moving it to a user triggered event (such as a click) resolved it for me.
I have the same UI issue and I don't like the pop up window too.
I just found a link.
It helps us to redirect the page in same window. But it does not solve our problem perfectly.
There's a "URL Redirection" section in the docs for the Feed Dialog:
https://www.facebook.com/dialog/feed?
app_id=145634995501895
&display=popup&caption=An%20example%20caption
&link=https%3A%2F%2Fdevelopers.facebook.com%2Fdocs%2F
&redirect_uri=https://developers.facebook.com/tools/explorer
So you can do window.location=(this url) in Javascript, setting the redirect_url correctly, and this should work without a popup.
Note that the Feed Dialog is now deprecated in v2.0, so check out the Share Dialog instead:
To share a link:
https://www.facebook.com/dialog/share?
app_id=145634995501895
&display=popup
&href=https%3A%2F%2Fdevelopers.facebook.com%2Fdocs%2F
&redirect_uri=https%3A%2F%2Fdevelopers.facebook.com%2Ftools%2Fexplorer
To share an Open Graph story:
https://www.facebook.com/dialog/share_open_graph?
app_id=145634995501895
&display=popup
&action_type=og.likes
&action_properties=%7B%22object%22%3A%22https%3A%2F%2Fdevelopers.facebook.com%2Fdocs%2F%22%7D
&redirect_uri=https%3A%2F%2Fdevelopers.facebook.com%2Ftools%2Fexplorer
The 'display=popup' bit affects how the share screen looks, it doesn't open a new window. Possible values for display are:
async, iframe, page, popup, touch, wap
i am trying to open facebook authentication page in IFRAME that i have created on my page
but the problem is once the page get loaded into iframe and i click on an iframe the facebook authentication page acquires the whole page in a full screen and iframe get vanish.
https://graph.facebook.com/oauth/authorize?client_id=<id>&type=user_agent&redirect_uri=http://localhost:3662/test.web/pages/z.aspx&display=popup
here is my url that i am setting in iframe src attribute
I just ran into this myself. The solution I used?
Javascript Authentication
And the rough steps
// trigger this any way you want
window.open(
'https://graph.facebook.com/oauth/authorize?client_id=CLIENT_ID&display=popup&scope=PERM_LIST&redirect_url=http://example.com/oauth_redirect'
, 'authorize'
, 'width=600,height=350'
);
This displays the authentication window in a popup. Now, the next bit what you do with the redirect url (in my example, http://example.com/oauth_redirect)
The access_token parameter in the URL holds the OAuth token - so retrieve that and do whatever you need to with it (store in a cookie, whatever). And then use JS to control what happens to the popup and opener
<script type="text/javascript">
// Perhaps load the next page?
window.opener.location = 'http://example.com/canvas'
// close the popup
window.close();
</script>
See this relevant forum thread as well.
Not sure about that, but I think the "popup" form factor is for real popups, you should try the "page" form factor here
This is a security mechanism; the user has little way to tell whether your IFRAME is really Facebook, or you presenting something that looks like Facebook. With a full URL at the top, this becomes much more transparent (yes, they should implement SSL with a valid cert to truly prove this, but hey).
Login in iframe is not allowed for security reasons. Use a popup instead. You can do what Peter suggested with window.open or use the JS SDK, for example: http://fbrell.com/auth/all-in-one.
I am in the conversion process of facebook app from fbml to iframe.
Now i am testing using few iframe pages.
$user = $facebook->require_login();
It gives the current user logged in. Once it get the variable from the facebook.com it saves in cookie by the PHP API provided by facebook).
I logged out using another tab of facebook and i tryed using my app without refreshing the whole site (by just using the links inside my app). It still gives the $user variable.
It indicates that user has logged in instead of user logged out.
Please help me out. I want my app secured.
It looks my iframe app accessible when we select "open this frame in new window".
I need a solution for this too.
Thanks in advance.
You are logged in as far as you are logged in facebook. You will have to create custom PHP's session handling. However, if you want to remove the user from application's cookies, you can do this:
//this will clear cookies for your application and redirect them to a login prompt
$facebook->set_user(null, null);
$facebook->redirect($appcallbackurl);
You can use the JavaScript SDK to subscribe to the logout event via FB.Event.subscribe and reload the page if that happens:
FB.Event.subscribe('auth.logout', function(response) {
setTimeout('window.location.reload()', 0);
});
(Wrapping in setTimeout() is required as a work-around for Firefox.)
To prevent users from using "open this frame in new window," you can check if the page is loaded in an iframe with if(window == window.top) or if the signed_request is available. If not, redirect to the tab URL.