I have a page tab application. Sometimes when a logged in user clicks the tab name from the Facebook page, the form post "signed_request" data is being passed in is empty.
Any ideas as to how this can happen? It is sporadic and doesn't seem to be locked to one specific user account. I have oauth2 set to true in the settings, so according to Facebook's api documentation, I should always be passed signed_request in the form post data.
Had a similar problem, was helped by:
Cannot access Facebook signed_request with an iframe tab
In my case the site hosting the app was doing a 301 redirect because the app url I gave Facebook contained capital letters. The redirect changed POST to GET and lost the signed_request.
Here's the work-around I've figured out.
*If there is no signed_request form post parameter, then I display an error screen to the user and ask the user to refresh the page. This usually fixes the issue on the second request, and the page is sent a proper signed_request form post.*
Lack of Facebook support and involvement in the facebook stackoverflow section is very disconcerting. It wouldn't be that bad, if it wasn't that Facebook had mandated use of this forum for the entirety of their API support. :(
Related
I am attempting to implement a simple Facebook login flow for a web application using HTTP redirects, as detailed at https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/v2.2.
For the purposes of making this question generic, let's say the application URL is www.example.com/app.php. On the application page, there is a link which directs users to Facebook's OAuth endpoint, where ideally:
they log in to Facebook (if not already logged in) and approve my application permission to access their public profile
they are then redirected back to my application's URL along with some extra parameters appended (e.g. www.example.com/app.php?code=...&access_token=... if the login was successful, or www.example.com/app.php?error_reason=...&error=...&error_description=... if login/app approval was unsuccessful)
The Facebook OAuth endpoint is:
www.facebook.com/dialog/oauth?client_id=12345&redirect_uri=www.xyz.com/app.php
where I have filled in the client_id and redirect_uri parameters with my application's ID and my application's URL respectively.
What actually happens whenever I access the link is that it immediately redirects back to my application's homepage - without ever showing a login dialog of any kind. This happens with Firefox and with Chrome - both when I am logged in to Facebook and when I am not, in normal sessions and in incognito sessions with no plugins enabled. From the browser inspector, I can see that the Facebook OAuth page is definitely requested but is straight away 302 redirecting to my application page with just a code parameter appended.
www.example.com/app.php?code=...
This also happens when the Facebook OAuth link is accessed from pages other than my application's URL (e.g. if I click the link from www.example.com/other_page.htm).
I am unsure what I am doing wrong here; the application URL (www.example.com/app.php) is approved on my app dashboard in as many places as I could find, and changing the request_uri parameter to any other URL results in an error page. I have also tried urlencode()ing my application URL before passing it in the request_uri parameter, but the result remains the same. I don't know what to try next as as far as I can tell I have followed Facebook's manual login guide as closely as possible.
This is my application on facebook page.
https://www.facebook.com/SlcChallenge/app_439780382750381
Here my problem is that. Facebook sends signed_request for some user and does't returns
from some user. So when facebook doesn't send signed request my page gets error.
my page tab url is https://tippll.com/pagetab.php/
Please help me to find the solution.
Thanks in advance
Krishna Karki
If on canvas load you receive a code instead of a signed_request, this means that Facebook could not authenticate the user (and retrieve an access_token, and has fallen back to sending a code for you to exchange for an access_token.
Double-check your canvas URL settings in your facebook application. This can sometimes happen if you have URL rewriting non-SSL requests through to SSL domains (or even just url rewrites in general).
Sessions are used in my website, but then when I open an facebook app which redirect to my website, I found out that old sessions are clear.
I assumed that after getting the signed_request, facebook clear my old sessions. Am i right for this assumption ?
The problem is that I want to keep my old session even if i have request a signed_request.
This could be happening because the facebook app doesn’t send a csrf token.
You can fix this by adding removing the protect_from_forgery callback on the facebook app’s action.
Add skip_before_filter :verify_authenticity_token to the controller that facebook apps request or remove protect_from_forgery from application_controller.rb
I have also posted this on my blog here http://wowcode.wordpress.com/
I just want to ask a question about Facebook "signed_request" thing.
I'm using Zend Framework for my app.
The thing is; when user first authorizes my app OR enters the app from apps.facebook.com/my_app/ URL, I'm successfully retrieving signed_request.
Actually, I'm retrieving it from apps.facebook.com/my_app/index.php (Thanks to this question)
OK, app has been started, I received signed request, stored it in user session. However, when user clicks anywhere in my app, $facebook object is created again but this time, it has no signed_request.
According to this topic on Codeplex, I can expect that signed_request will come in this second request of user:
Instead of using the cookie you should use the signed request value
that Facebook POSTS to your page on each request.
On the other hand, Facebook documentation says:
A signed_request is passed to Apps on Facebook.com when they are
loaded into the Facebook environment
Now, does Facebook sends this request on each call or is there a technical problem on my app? Could it be an IFrame issue? When user click "categories", page is loading in same iframe and URL on address bar does not change.
I think it's basically a difference of definition on what "each request" means. Facebook will POST signed_request to your page only when the containing iframe is first constructed, i.e. when the user goes directly to apps.facebook.com/your_app/somepage.php as their browser location. If the user then follows a "normal" link on your page that results in only a reload of the iframe and not the entire page, no signed_request will be sent. If it helps to think of it this way, signed_request is sent when the user first loads your app, but not on each subsequent request. The reason there is some confusion about this is that many coders have taken a hackish shortcut by making all their links use target=_top and pointing them at apps.facebook.com/your_app/yourpage.php rather than www.yourdomain.com/yourpage.php. Since that results in the entire page being re-constructed each time, it does indeed have the effect of sending signed_request with each page fetch. But in normal (and recommended) operation, you'll need to count on signed_request only being sent once.
With the changes for Facebook Apps coming on October 1st, I am having trouble confirming that our Canvas/Tab app will/will not work as expected.
When a user first loads the tab with the app, I'm expecting facebook to send me parameters of "fb_sig_profile_id" (which I believe should be the ID of the Page) and "fb_sig_app_id" (the ID of the APP).
I DO NOT need/want to authenticate users or access UserData/Graph etc. I am simply displaying content on my end based on these parameters.
If this is no longer the case and Facebook is not going to be sending me these parameters, can someone point me in the direction of how I can get this data.
Thanks
When building Apps On Facebook kind of apps, Facebook will send a signed_request which will contain the data you need:
When a user navigates to the Facebook Page, they will see your Page
Tab added in the next available tab position. Broadly, a Page Tab is
loaded in exactly the same way as a Canvas Page. Read more about this
in the Canvas Tutorial. When a user selects your Page Tab, you will
receive the signed_request parameter with one additional parameter,
page. This parameter contains a JSON object with an id (the page id of
the current page), admin (if the user is a admin of the page), and
liked (if the user has liked the page). As with a Canvas Page, you
will not receive all the user information accessible to your app in
the signed_request until the user authorizes your app.
Reference.