I want to request permissions when the user first clicks my iFrame Facebook application. The problem is the examples I have seen force the user to click a button to load the http://www.facebook.com/authorize.php URL.
Is there a way to iframe the authorize.php page in my application? I've seen it done before but can't find out how.
If I currently try it, it shows the "go to facebook box". The method I seen changes the href or something on the browser.
Any ideas?
I do something like this in one of my iframe applications (I've simplified the actual code for this example)
$fbSession = $facebook->getSession();
if ( $fbSession )
{
$url = $facebook->getLoginUrl( array(
'canvas' => 1
, 'fbconnect' => 0
, 'req_perms' => 'list,of,perms'
, 'display' => 'page'
) );
include( 'redirect.php' );
exit;
}
Then, redirect.php
<script type="text/javascript">
top.location.href = '<?php echo $url; ?>';
</script>
<p>
Not being redirected? Click Here.
</p>
no need to complicate: target="_top" is the answer!
Best!
m
Related
I got the sample code from Facebook to post a message. At first it worked fine. The next day I tried to clean up the code and it stopped working. I brought back the sample code from Facebook, to take out all my changes, and it still did not work.
I put in print statements to follow the code.
$user_id is false, so it displayes a login in. The login in no longer goes to a login in screen. It calls my return url, which then sees $user_id as being false and diplays the login in again.
I did notice when my call back was being called, I had the following values:
v?state=452c9492a3d51962909f5e000bcb0965
and code
code=AQDucDgsdc3lZFVN2MC3Oj2oB0n1LT4FjOrG3MbgwL4uhh--LS-mRdtjU-6oSUZxsR6UhTKuUDVn3hrasJAe5r1I6ksIDJz1nnTo1mjCqEInJKvQ2qK5A-N3_Nt5buGLqsirb8ccg21N4nWVWkk_iRePwX9f68qK1j-2O6E_USpKvRJeNP3bcwLBiTBJpDVu7aA#=
I was wondering maybe when I was trying to clean up the code and kept running it, Facebook flagged my app as spamming? I posted 26 posts to my wall - is that too many? And how would I check if my app has been flagged as a spammy app?
This is the sample code I used
<?
// Remember to copy files from the SDK's src/ directory to a
// directory in your application on the server, such as php-sdk/
require_once('facebook.php');
$config = array(
'appId' => 'myappid',
'secret' => 'mysecret',
);
$facebook = new Facebook($config);
$user_id = $facebook->getUser();
?>
<html>
<head></head>
<body>
<?
if($user_id) {
print ("tryinmg to do a poast");
// We have a user ID, so probably a logged in user.
// If not, we'll get an exception, which we handle below.
try {
$ret_obj = $facebook->api('/me/feed', 'POST',
array(
'link' => 'www.example.com',
'message' => 'Posting with the PHP SDK!'
));
echo '<pre>Post ID: ' . $ret_obj['id'] . '</pre>';
} catch(FacebookApiException $e) {
// If the user is logged out, you can have a
// user ID even though the access token is invalid.
// In this case, we'll get an exception, so we'll
// just ask the user to login again here.
print ("face book exception log in");
$login_url = $facebook->getLoginUrl( array(
'scope' => 'publish_stream'
));
echo 'Please login.';
error_log($e->getType());
error_log($e->getMessage());
}
// Give the user a logout link
echo '<br />logout';
} else {
print ("no user login in do login");
// No user, so print a link for the user to login
// To post to a user's wall, we need publish_stream permission
// We'll use the current URL as the redirect_uri, so we don't
// need to specify it here
$login_url = $facebook->getLoginUrl( array( 'scope' => 'publish_stream' ) );
echo 'Please login.';
}
?>
</body>
</html>
Naturally, Facebook has a limit for the number of post per day your app can make to a user wall. And FB have policy for user to report spammy apps as well.
The exact maximum number of posts depends on your application FB ranking. In my experience, 26 posts on a user wall is near the limit for new application.
If that is the case, you should receive the error message from Facebook, which says something like "you have reached limit of posts..."
P/s: It seems you need time to refactoring your question, though. If I have not met this situation before, I won't understand your question.
Building an app with the Facebook JavaScript API that will embedded into a page using the new iframe method.
I want to detect if they have liked the current page. Usually I would use print_r($_REQUEST) in PHP but that doesn't seem to work when using an iframe.
There is also this option: http://developers.facebook.com/docs/reference/fbml/visible-to-connection/ but it says its deprecated and I have never liked this method as its fairly hacky.
What is the way t do it now? Prefer to use XFBML + JavaScript API but can use PHP if required.
We've done this several times, and it seems to work pretty well. It uses XFBML to generate a Like Button widget and the JS SDK to render XFBML and subscribe to Facebook events. Code sample below:
edit: Since you're looking to detect if the user is a fan when the page loads, and FB deprecated the feature to let you get it directly from them when the canvas is loaded by passing fb_page_id to the address query string, you'll need an application install for the user to test their fan-dom of your page. It certainly adds a lot of friction to your application, but it is what it is for now - I guess.
<?php
require 'facebook.php';
// Create our Application instance (replace this with your appId and secret).
$facebook = new Facebook(array(
'appId' => 'YOUR APP ID',
'secret' => 'YOUR APP SECRET',
'cookie' => false,
));
try
{
$session = $facebook->getSession();
if (empty($session['uid']))
{
throw new Exception("User not connected to application.");
}
$is_fan = $facebook->api(array(
'method' => 'fql.query',
'query' => "SELECT uid, page_id FROM page_fan WHERE uid = {$session['uid']}"
));
if (false == $is_fan || count($is_fan) == 0) // 0 results will be returned if the user is not a fan
{
$is_fan = false;
}
else
{
$is_fan = true;
}
}
catch (FacebookApiException $e)
{
/**
* you don't have an active user session or required permissions
* for this user, so rdr to facebook to login.
**/
$loginUrl = $facebook->getLoginUrl(array(
'req_perms' => 'user_likes'
));
header('Location: ' . $loginUrl);
exit;
}
?>
<html>
<head>
</head>
<body>
<? if (empty($is_fan)): //user is not a fan. ?>
<fb:like href="http://www.facebook.com/your-facebook-page"
show_faces="true"
width="400">
</fb:like>
<? else: ?>
Yay! You're a fan!
<? endif; >?
<div id="fb-root"></div>
<script src="http://connect.facebook.net/en_US/all.js" type="text/javascript">
</script>
<script type="text/javascript">
FB.init({
appId: '<?= FB_APP_ID; ?>',
cookie: true,
status: true,
xfbml: true
});
// Subscribe to the edge creation event, from Facebook
FB.Event.subscribe('edge.create', function(response)
{
alert("Congratulations! We are so excited that you are a fan now! woot!")
});
</script>
</body>
</html>
okay, finally got got everything formatted with straight markdown. that wasn't painful at all.. (sike) :|
What I am having problem is that when a user first time login to this facebook iframe app then he is sent to a blank page with a facebook logo. Followin is screen shot.
Following is my code, I am using new PHP Sdk:
$facebook = new Facebook(array(
'appId' => 'xxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
'cookie' => true,
));
$this->facebook=$facebook;
$this->session = $facebook->getSession();
$this->me = null;
// Session based API call.
if(!$this->session){
if (!$this->session) {
//echo $loginUrl = $facebook->getLoginUrl($par);
$loginUrl = $facebook->getLoginUrl(
array(
'canvas' => 1,
'fbconnect' => 0,
'display' => 'page',
'req_perms' => 'email,publish_stream,status_update,user_birthday,user_location,user_work_history'
));
$this->request->redirect($loginUrl);
}
}
if ($this->session) {
try {
$this->uid = $facebook->getUser();
$this->user = $facebook->api('/me');
} catch (FacebookApiException $e) {
error_log($e);
}
}
don't redirect to the loginUrl, what you are essentially doing is making your iframe goto a facebook page resulting in facebook in an iframe of facebook. and facebook does not display inside an iframe. so the auth page is not shown.
you need to do a top level redirect. basically redirecting the entire page, not just your iframe. one way to do top level redirect from inside an iframe is to show the following javascript:
<html><head>
<script type="text/javascript">
window.top.location.href = "<your redirect url here>";
</script>
<noscript>
<meta http-equiv="refresh" content="0;url=<your redirect url here>" />
<meta http-equiv="window-target" content="_top" />
</noscript>
</head></html>
I want to display the "Request for Permission" box directly when the user enters http://apps.facebook.com/myfancyapp. The Facebook Authentication documentation is pretty clear on how the URL have to look like
https://graph.facebook.com/oauth/authorize?client_id=[APPID]&redirect_uri=http://www.myfancyapp.com/&scope=user_photos,user_videos,publish_stream
Pasting this URL directly into the browser works like it should. What I want is to redirect the user via JavaScript (or something else) from the application URL
http://apps.facebook.com/myfancyapp
to the authentication box URL above.
I thought something like this would work:
<script type="text/javascript">
<!--
window.location = "https://graph.facebook.com/oauth/authorize?client_id=[APPID]&redirect_uri=http://www.myfancyapp.com/&scope=user_photos,user_videos,publish_stream"
//-->
</script>
This redirects me to a page with a body that looks like this
Clicking on the image/test then redirects to the authentication box.
How can I directly redirect to the "Request for Permission" box. I know it works somehow as other developers (Zynga for example) already do it.
I'm doing the same thing as the asker, only instead of window.location, use top.location.href = "https://graph....."
Like:
<script type="text/javascript">
top.location.href = "https://graph.facebook.com/oauth/authorize?client_id=[APPID]&scope=email&redirect_uri=http://apps.facebook.com/myfancyapp/";
</script>
Prompts for login if needed, and then permissions. Then redirects to the app.
Doing this with PHP is a cinch.
On the backend
$facebook = new Facebook( array(
'appId' => '<FB_APP_ID>'
, 'secret' => '<FB_APP_SECRET>'
, 'cookie' => true
));
$fbSession = $facebook->getSession();
if ( !$fbSession )
{
$url = $facebook->getLoginUrl( array(
'canvas' => 1
, 'fbconnect' => 0
, 'display' => 'page'
, 'cancel_url' => null
, 'req_perms' => 'user_photos,user_videos,publish_stream'
) );
}
And then, on the frontend
<script type="text/javascript">
top.location.href = '<?php echo $url; ?>';
</script>
<p>
Not being redirected? Click Here.
</p>
I'm trying to get into making Facebook apps but I'm having trouble getting authorization working in a redirect scheme inside the canvas.
Using the javascript api, I got it working pretty easily in a popup scheme:
$("#loginButton").click(function(e) {
FB.login(function(response) {
if (response.perms) {
perms();
}
}, {perms : 'publish_stream'});
But the popup should be an unnecessary extra click, because every other application I see requests the authorization before even showing you the landing page. Like this:
http://i.imgur.com/yBGzL.png
I figure they're simply using a redirect scheme. So I spent the entire day trying the different ways I could find:
header("Location: https://graph.facebook.com/oauth/authorize?client_id=" . $gAppId . "&redirect_uri=" . urlencode($gUrl) . "&perms=publish_stream");
header("Location: http://www.facebook.com/login.php?v=1.0&api_key=" . $gApiKey . "&next=" . urlencode($gUrl) . "&canvas=");
header("Location: http://www.facebook.com/connect/uiserver.php?app_id=" . $gAppId . "&next=" . urlencode($gUrl) . "&return_session=0&fbconnect=0&canvas=1&legacy_return=1&method=permissions.request");
But all of them, instead of showing the authorization request stuff, show a link like this:
http://i.imgur.com/bLwPQ.png
Hilariously, if I open the iframe's address in a new tab, I get the authorization request like I wanted. But I want it to display immediately, without an extra click, like every other app.
Here's an example of an app that is doing authorization and requesting permissions all in one go, in redirect form, before even displaying the landing page:
www.facebook.com/send.fortune.cookies
How are they doing it?
I know that this is months old now... but this is what you should do to add permission checking to your canvas.
if ($session) {
try {
$uid = $facebook->getUser();
$me = $facebook->api('/me');
$accesstoken=$session['access_token'];
} catch (FacebookApiException $e) {
error_log($e);
}
}
if($me)
{
// do what you have to do
}else {
$loginUrl = $facebook->getLoginUrl(
array(
'canvas' => 1,
'fbconnect' => 0,
'req_perms' => 'publish_stream'
)
);
echo '<script>top.location="'.$loginUrl.'";</script>';
//echo '<fb:redirect url="' . $loginUrl . '" />';
//header('Location: '.$loginUrl);
}
The problem is that server side redirection is only redirecting your inner app frame instead of redirecting the whole page, and Facebook doesn't like displaying their system dialogs inside frames.
You would need some client side redirection, probably something along those lines:
<script>
<?php
if($doRedirect) {
echo 'top.location="http://redirect_url";';
}
?>
</script>
Using FB Javascript SDK, it can be done something like --
FB.getLoginStatus(function(response) {
if (response.status === 'connected') {
loggedIn(response);
} else {
top.location = encodeURI("https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_APP_URI&response_type=token");
}
Maybe this helps :
if(!$facebook->api_client->users_isAppUser())
{
?>
<fb:redirect url="http://www.facebook.com/login.php?v=1.0&api_key=111111111111&next=http%3A%2F%2Fapps.facebook.com%2Fapp_name%2F&canvas=&req_perms=publish_stream"/>
<?php
}