All geek questions in one place

Facebook Canvas iFrame App - User Authorization with the New OAuth Protocol

I am developing a new Facebook Canvas application in iFrame and am trying to allow users. The new OAuth api recommends redirecting the following steps to authorize the user in my application:

https://graph.facebook.com/oauth/authorize ? client_id = ... & redirect_uri = http://www.example.com/oauth_redirect

However, this creates a strange problem when a full Facebook page requesting permission from the user is displayed inside the iFrame itself (i.e. facebook on Facebook). Does anyone know how to solve this problem with the new OAuth API since I don't want to use the old REST API methods.

+4
source share
6 answers

Even I had the same problem and I posted it on the facebook forum. The moderator informed me that this is a problem for which there is no solution yet. Take a look at this topic - http://forum.developers.facebook.com/viewtopic.php?id=56590

0
source

On the contrary, I found a solution to this problem, which I outlined in my blog post here . Check this.

0
source

There have been problems with this over the past two days and have been found to hack this issue on the Facebook Developer Forum .

0
source

There is another way to do this with oAuth v2, and this is described in facebook docs, but divided into several pages, so they are not easy to understand.

First, you need to activate the "OAuth 2.0 for Canvas" flag in the "advanced options" of your application.

And now, here is a PHP example explaining how to handle it:

function parse_signed_request($signed_request, $secret) { list($encoded_sig, $payload) = explode('.', $signed_request, 2); // decode the data $sig = base64_url_decode($encoded_sig); $data = json_decode(base64_url_decode($payload), true); if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') { error_log('Unknown algorithm. Expected HMAC-SHA256'); return null; } // check sig $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true); if ($sig !== $expected_sig) { error_log('Bad Signed JSON signature!'); return null; } return $data; } function base64_url_decode($input) { return base64_decode(strtr($input, '-_', '+/')); } $data = parse_signed_request($_REQUEST["signed_request"], <your facebook app api secret>); if (empty($data["user_id"]) && !isset($_REQUEST['redir'])) { // The user isn't authenticated $auth_url = "http://www.facebook.com/dialog/oauth?client_id=" . <your facebook app id> . "&redirect_uri=" . urlencode('http://apps.facebook.com/<yourapp>/?redir=1'); echo("<script> top.location.href='" . $auth_url . "'</script>"); die; } // Here the user is authenticated echo ("Welcome User: " . $data["user_id"]); // And now you have the Graph API auth token in $data["oauth_token"], // so you can use any graph api method
0
source

Try this article http://novacoders.blogspot.com/2011/04/facebook-apps-oauth-20-authorization.html

If you are not using any web server, you need to use the Javascript SDK. FB.init () returns all the necessary data, such as access_token.

0
source

You cannot do a simple 302 or 301 redirect inside an iframe canvas, as this will only redirect the content to the iframe. What Facebook recommends is to send a small bit of JavaScript that sets top.location to the / oauth dialog page.

 <script>top.location='https://www.facebook.com/dialog/oauth?client_id={0}&redirect_uri={1}&scope=publish_actions';</script>.

clientid is your AppId and redirect_uri , which is the page that handles redirection from the auth dialog box.

0
source

Source: https://habr.com/ru/post/1308382/

More articles:


All Articles