I have this facebook application which adds a custom tab to fan pages. You access the tab by an URL like:
http://www.facebook.com/pages/PAGE-NAME-HERE/PAGE-ID?v=APP-ID
I want to be able to add some extra get parameters to that URL, but it seems they don't get passed correctly because facebook is filtering them. Is there a way to pass those parameters? Even not via GET but some other kind of technique.
If you want to pass multiple querystring params though the app_data param, you can urlencode it.
All querystring params that need to propagate through a Facebook tab should be url-encoded in the app_data var.
In other words, the "&" and the "=" need to be url-encoded (especially if passing more than one param).
Examples
GOOD TAB URL (this passes all 3 params):
https://www.facebook.com/pages/yourpagename/56789?sk=app_12345&app_data=var1%3D123456789%26anothervar%3Drawr%26athird%3Dmeow
In the app_data from this signed request, I got this value: var1=123456789&anothervar=rawr&athird=meow
BAD TAB URL (this passes only the first param through the signed_request):
https://www.facebook.com/pages/yourpagename/12345?sk=app_56789&app_data=var1=123456789&anothervar=rawr&athird=meow
In the app_data from this signed request, I ONLY got this value: var1=123456789 (Facebook dropped the rest)
You can even give your media team instructions like this =)
Media team,
Here is an online utility to urlencode the querysting data you want to
embed in the app_data param: http://meyerweb.com/eric/tools/dencoder/
Base Url: https://www.facebook.com/pages/yourpagename/12345?sk=app_56789&app_data=
Steps:
Go to http://meyerweb.com/eric/tools/dencoder/
Type var1=123456789&anothervar=rawr&athird=meow in the box
Hit the Encode button
You’ll get var1%3D123456789%26anothervar%3Drawr%26athird%3Dmeow which becomes your app_data param. Append that to the baseUrl noted above like this:
https://www.facebook.com/pages/yourpagename/12345?sk=app_56789&app_data=var1%3D123456789%26anothervar%3Drawr%26athird%3Dmeow (this is the URL with the tracking params for the [banner ad] [online media] [etc])
p.s. Querystring params in non-tab pages are handled fine (https://apps.facebook.com/yourappname/Canvas.aspx?var1=123456789&anothervar=rawr&athird=meow does not strip out qs params like what happens in the Tab, for example).
You must pass the app_data parameter in the URL:
http://facebook.com/pages/:page_id/:page_name?sk=app_:app_id&app_data=my_data
You will then access it through the signed_request param. For instance with Ruby and RestGraph:
user = RestGraph.new.parse_signed_request(params[:signed_request)
data = user['app_data'] # => "my_data"
Appending app_data worked for me.
http://www.facebook.com/pages/MyPage/11111111111111?sk=app_22222222229&app_data=foo_bar
Then retrieve signed request using PHP SDK (in my case). app_data is then available in the assoc. array returned.
I was wondering the same, in my case I had needed to pass a parameter "from" to identify if user was using mobile form or web form to login. My app use Spring Security. The way I was able to do that was creating my own SocialAuthenticationFilter:
1) Add a (hidden in my case) parameter to your login form ("from" in this example).
2) Get the right SocialAuthenticationFilter.java source (in accordance with your Spring version).
3) Create your MySocialAuthenticationFilter using it.
4) In method:
getRequestedProviderId(HttpServletRequest request) is where you can
grab your parameter:
private String getRequestedProviderId(HttpServletRequest request) {
String f = request.getParameter("from");
if(f!=null) {
final String dbValue = request.getParameter("from");
request.getSession().setAttribute("from", dbValue);
}
...
And thats all. In this way after a successful authentication you will be able to recover from session your parameter.
Be aware this method is called several times during OAuth exchanging, and when it is called from the authentication provider (Facebook for example) the parameter will be null. That is the reason to check the value before save in session in order to avoid delete your right value.
I answer myself by saying this is not possible.
Related
I am using the Insomnia REST client to debug some mobile API. I need to extract part of one value in the response body and put it into a second request.
Request
The request is an Oauth request for an authorization token. This request is normally sent from a mobile app.
Example Response
The backend responds with a redirect_uri that contains the authorization_code. This format is used in oauth when the request (normally in PROD) comes from a mobile app.
{
"redirect_to": "redirect_uri=com.acme://oauth?client_id=abcde&response_type=code&scope=authenticate_user&authorization=H068bFHTXXXXXXXXXXX.....XXXXXXX"
}
How can I extract the value of the authorization parameter from this response in INSOMNIA?
** How can I extract only the part after "&authorization=....."**
I know how to extract the full value of the "redirect_to" JSON attribute. But then how to parse it? For example with a regex?
it is possible to do so, but it is kind of tricky. The most obvious way would be to use some plugin, but here is what I came up with:
Firt of all you need to make a variable which will save your response redirect_uri=com.acme ... =authenticate_user&authorization=H068bFHTXXXXXXXXXXX.....XXXXXXX.
You can do this by pressing:
CTRL + E
This will open your environment variables, you can really make it in any enviroment, but probably the best would be to do in Base Enviroment so it is accessable no matter which environment you are using.
Create a variable like this:
placeholder variable
Then you need to get the redirect_uri by pressing the following keys between the quotation marks:
CTRL+SPACE
This will bring up the quick menu, where you can type Response and choose body attribute. Click on it, and set it like this.
I am pretty sure most people are familiar till this point.
Now you have saved the response to a variable you can use it. Navigate to the request where you want to use it, and you can type (basically in any field) {{ }}.
Inside this variable write the following (with your own variable name).
{{ redirect_uri.match('authorization=([^&]+)')[1] }}
This is basically javascript, using a simple regex to match the url parameter.
If you did everything correctly you will see something like this, and by clicking on it you should see your token.
Note: It might be red, until you get some values into the variable that you made.
I really hope it helps.
How passing of url parameters works in facebook, twitter , youtube or other similar sites .
eg:
facebook http://www.facebook.com/stackoverflowpage
twitter: http://twitter.com/StackOverflow
you tube: http://www.youtube.com/user/BBCWorldwide
where bold ones are parameters( i believe those are parameters)
What i have seen in most websites is like this,
http://www.website.com/index.php?id=stackoverflow
then how those above websties is passing parameters in different method,how they are doing this?. Or whether when a new user is joined in those website a new file is created in their server.
eg:
http://www.facebook.com/stackoverflowpage
http://www.facebook.com/stackoverflowpage.php(or .aspx whatever methods)
This is usually done by URL rewriting on ther server side. For example using .htaccess. A typical situation is: when a request of the form http://server.com/x/y comes in, it is rewritten as http://server.com/index.php?param1=x¶m2=y and then passed on to the request processor (say, PHP).
Ref: http://en.wikipedia.org/wiki/Rewrite_engine
I'm trying to use facebook's oauth.
Basically facebook has to return me a "code" parameter.
But i get nothing, it just return my callback url (to the exact same url).
i'm generating this url with my app.
http://www.facebook.com/dialog/oauth?client_id=76209388873&redirect_uri=http%3A%2F%2Ffb.lous%2Fmain%2Ffacebook_callback&scope=read_stream
I used other parameters and options, just when i set response_type=token
i get parameter list for javascript (with # character instead of ?, its for client side, i'm trying to write some api bot)
So right now i can't get any parameter with someway.
I tried to solve exactly the same thing for several hours. In my case it turned out to be a stupid redirect problem. Facebook correctly redirected back to http://www.mysite.com with the code parameter, then my webapp redirected to http://www.mysite.com/users/login (because the user wasn't logged in yet). On the second redirect I lost the code parameter.
to connect to an app on facebook, the user types in
www.facebook.com/login.php?api=12312312323123123
how can I add an extra get var to this url and pass it to my script on successful login?
Do you add a redirect_url as part of the login call?
If so you can add the GET parameter to that. For instance let us say you are asking Facebook to redirect to http://tld/fbhandler after user logs in. You can change that to http://tld/fbhandler?extra=value.
This URL is specified at the time of making the (OAuth) login call to Facebook and therefore you can change the value as you see fit.
You cannot do this. Facebook will strip custom query values from the url. I have found that there are two ways to do this. The first is that they will let you have a single query value at the end of the url if you encode the ? to %3F. For example:
redirect_url=http://www.example.com%3FmyextraParameter
You could use this approach to do something like base64url encode your values and add them at the end.
The other thing that I have done is to change the parameters to be path variables
redirect_url=http://www.example.com/realUrl/parameter1/parameter2
Neither are great solutions, but I have yet to find a way to send querystring values without them being stripped off.
I have an ASP page that takes two arguments on the querystring. On the page is a form that posts back to itself.
If I do the form post once, and then try to refresh the page, it doesn't repost the form. It loads the page as though it were loading for the first time, missing the querystring values.
Is there a way to ALWAYS force a repost when I refresh a page that is the result of a FORM post?
It sounds like the problem you're having is loss of some essential parameters to your page when posting. In ASP there are two primary methods of passing parameters, in the url string via GET or from a form POST. The former passes you values in the QueryString dictionary while the latter gives them to you in the Form dictionary. Fortunately for you it is possible to accept a parameter that exists in EITHER dictionary by looking to Request object:
Request["a"] will find a regardless of being in Request.QueryString["a"] or Request.Form["a"].
This will help you in your current dilemma because you can simply write your querystring parameters to your Form on initial load of the page as <input type="hidden" fields. On subsequent posts your Request["a"] search for your parameters will find them regardless of being passed in the URL (on initial load) or via post on subsequent calls.
The problem was that I was going into the Firefox address bar and pressing Enter. This caused the URL to reload (and of course it didn't have the querystring after it reposted). So -- lesson is to do a check of the incoming vars and form vars to see if the page has been manually refreshed I suppose...
You could still maintain the submitted values in this situation.
What you would need to do is log the most recent request in either a Cookie, Session or data/file store, and on each request, check to see if the request was handled before you remove the data.
Since what you were after was the querystring it could just be something like this:
Response.Cookies("tempdata")("querystring") = Request.ServerVariables("QUERY_STRING")
Response.Cookies("tempdata")("querystring_handled") = false
then when you are done with that request you can clear the cookie value or set the querystring_handled = true.
There are probably situations where this could cause some conflicts, but just so you know, it is still going to be possible for you to remember the request once it is received by the server.
Which action does the form use: GET or POST? Normally, a form would use the POST action, but in this case, if you refresh the page with the posted form, you will not get anything in query string, because query string only gets passed via the GET action. Assuming that this issue is not caused by page caching, it seems to me like it works as designed (if the form POSTs data). Just make sure that you process the form variables if the query string is missing.