My website uses asual address plugin for implementing hash based URLs.
I want to implement follwoing feature which facebook and twitter have successfully implemented.
Say I am not logged into twitter and click on the below link
http://twitter.com/#favorites
It will take me to login page(note the /favorites in querystring)
http://twitter.com/login?redirect_after_login=/favorites
and after I login it will now load the page
http://twitter.com/#favorites
How to implement this?
Since the URL segment following the hash is not sent to the server. So how they are able to get it in the redirected login URL
http://twitter.com/login?redirect_after_login=/favorites
Well... after a lot of research the answer is "You can't".
Instead I am using JavaScript to
* detect any hash
* form the corresponding non hash URL and redirect to it.
Related
I hope I am not duplicating a question. I am banging my head against a wall for several days now. I am adding the Dailymotion PHP SDK to our site, I am using the Dailymotion::GRANT_TYPE_AUTHORIZATION, I am able to authenticate using a static call back url in my API on Dailymotion.
I want to be able to use this from several different scripts on the site. The first will be to call a link up page, so we can capture that a person has linked to Dailymotion. The second will be to upload video's through our system to Dailymotion, to that users account, not mine. I know I could do this with the authentication type of password, but I want to use the API and not have to have the visitor sign in or enter their credentials every time.
Back to the question, I see that the API can have a dynamic url, but I can not figure out how to make this work. If I someone could send me an example of how to enter this in the API section I would appreciate it. This does not work:
http://example.com/dailymotion/[dailymotion_checklogin.php]
nor does something like this:
http://example.com/callback/[dailymotion_upload.php][dailymotion_checklogin.php]
I would appreciate any help.
Thanks
Mrpepik
Replace the [dynamic] part with your dynamic part.
If your redirect URI on your API key is http://example.com/dailymotion/[dynamic], then your real redirect URI could be http://example.com/dailymotion/dailymotion_checklogin.php
I have a facebook page tab iframe and would like to access the browser url in order to get the current facebook page url.
I know it's not possible to use a javascript that interacts with the parent frame because of browser security issues.
An approach that didn't work for all browsers was to read the HTTP_REFERER header from the request.
Is there a better way?
I hope this is impossible at all. Otherwise it will be a security issue, likely to be closed.
You should not write code depending on compromising other users.
It is not possible to get URL of a parent Frame due to cross-domain policy. And there is no way to get the information about page your application running on in client-side.
But on the server-side you can reconstruct the Page URL using details passed in signed_request. For Page Tab Applications it contains page:
A JSON object containing the page id string, the liked boolean (set to true if the user has liked the page, false if not) and the admin boolean (set to true if the user is an admin of the page, false if they're not).
Using that page id you can build the Page URL:
http://www.facebook.com/pages/-/PAGE_ID
If you want the link to your Page Tab with your application use:
http://www.facebook.com/pages/-/PAGE_ID?v=app_APPLICATION_ID
Beware, HTTP_REFERRER is provided by client and cannot be trusted, and it's may be cut by plugin/proxy/etc...
Notes:
Pages may have different URL in real life, but using this technique user will be landing the correct Page since Facebook will issue redirect to correct URL of a Page.
Sample URLs use HTTP scheme, feel free to use HTTPS if you need it.
In PHP for example you can detect the current scheme like this:
$scheme = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']!=="off") ||
(isset($_SERVER['HTTP_X_FORWARDED_PROTO']) &&
$_SERVER['HTTP_X_FORWARDED_PROTO']=="https")
) ? 'https' : 'http';
HTTP_REFERRER might not work as expected in my experience. If the tab app is designed for a specific page (which I suppose it kind of should), have you tried recreating it?
https://www.facebook.com/MYPAGENAME/app_MYAPPID
Where MYPAGENAME is your page name and MYAPPID is the app id, of course.
If the tab is applied to multiple pages though, I'm quite sure you'll get the relevant data to apply the above from https://graph.facebook.com/PAGEID, where PAGEID is the ID of the page which you get from the signed request.
As per the Authentication Documentation, I'm directing my user's to the following URL to initiate the authentication flow:
https://www.facebook.com/dialog/oauth?client_id=251747341532139&redirect_uri=https://www.facebook.com/connect/login_success.html
However, instead of the login page looking like:
... (i.e. like it does in the documentation and in other Apps I've created and used), it looks like this...
Does anyone know why?
I've tracked the redirects that the page makes, and it's as follows:
https://www.facebook.com/dialog/oauth?client_id=251747341532139&redirect_uri=https://www.facebook.com/connect/login_success.html
https://www.facebook.com/connect/uiserver.php?app_id=251747341532139&method=permissions.request&display=page&next=https://www.facebook.com/connect/login_success.html&response_type=code&fbconnect=1
https://www.facebook.com/login.php?api_key=251747341532139&skip_api_login=1&display=page&cancel_url=https://www.facebook.com/connect/login_success.html?error_reason=user_denied&error=access_denied&error_description=The+user+denied+your+request.&fbconnect=1&next=https://www.facebook.com/connect/uiserver.php?method=permissions.request&app_id=251747341532139&display=page&redirect_uri=https%253A%252F%252Fwww.facebook.com%252Fconnect%252Flogin_success.html&response_type=code&fbconnect=1&from_login=1&rcount=1
Application type is set to Native/Desktop, and I've set the App Integration to "Website".
If the language I'm using makes any difference, I'm using C#, and setting the Url of System.Windows.Form.WebBrowser.
As per the above comments, you can use the display parameter in the URL to control which kind of dialog to show, as you would normally do with the JS SDK.
Your URL becomes:
https://www.facebook.com/dialog/oauth?client_id=xx&redirect_uri=yy&display=popup
We're hosting a PHP facebook canvas application (http://apps.facebook.com/myapp). One of the pages (http://apps.facebook.com/myapp/foobar) requires authentication from facebook so we can access some information about the user. This is achieved by using the PHP-SDK's $facebook->getLoginUrl() method to generate the url for authentication and works as expected.
We have since added the app to as a Tab (iFrame) to our Page (http://www.facebook.com/MyPage?sk=app_nnnnn). Now when we try to authenticate the user they are redirected to the app's url (http://apps.facebook.com/myapp/foobar) rather than having the /foobar page load in the Tab's iFrame as expected.
Is it possible to set the auth so that it doesn't bounce to the app's url but stays within the Tab using the PHP-SDK? If so, what is the workflow I should follow to achieve this?
I would simply add code to http://apps.facebook.com/myapp/foobar to check for authentication, and if it is, echo:
<script type="text/javascript">
top.location.href = 'http://www.facebook.com/MyPage?sk=whatever';
</script>
That should break out of the iframe and redirect you to where you want to go.
The way I have achieved this is to do the following:
On the /myapp/foobar page I check to see whether the user has been authenticated. If they haven't I set a session value and use the PHP-SDK's $facebook->getLoginUrl() to generate the auth url and send a response back containing just the javascript to redirect window.top.
Once they've authenticated they're redirected back to the main page. When this page loads it checks for the session value and, if set, removes it and issues a redirect header to /myapp/foobar.
It's a little convoluted but seems to be quite a stable solution.
I'm using the Facebook connect login API for desktop apps presented here:
http://wiki.developers.facebook.com/index.php/Authorization_and_Authentication_for_Desktop_Applications
I'm finding that the parameters I pass arent working correctly. Here's an example of the URL I use for the site:
http://www.facebook.com/login.php?api_key=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX&connect_display=popup&v=1.0&next=http://www.facebook.com/connect/login_success.html&cancel_url=http://www.facebook.com&fbconnect=true&return_session=true&req_perms=publish_stream
If the user logs in correctly, they are redirected to
http://www.facebook.com/
instead of the value in the next parameter. This is particularly frustrating since the url of the site they were redirected to is supposed to contain login information.
Amazingly, the cancel_ url parameter works fine and sends the user to the correct target (I tried multiple cancel_url values inside of the facebook.com domain and they worked). Anybody dealt with this?
Is the API Key valid? Is your callback url set correctly in the application ? the next parameter is seeming to be ignored on non Internet Explorer Browsers.
Actually the next parameter was messing up the code in IE, so i removed the next parameter. What I did is storing the redirect back url in session and used a file to handle all facebook logins in all my domains.
http://digitalpbk.blogspot.com/2009/08/facebook-auth-next-parameter-ie.html