All geek questions in one place

Facebook App Iframe OAuth Login / Permissions Error - Can I Avoid It?

I have the same problem as here, here Facebook OAuth login for iframe canvas applications displays the logo image and Facebook header on Facebook.com instead of logging in - I was able to use the workaround provided in the accepted answer to make sure that users correctly see the permission window when you first use the application.

However, my problem is that this form of redirection after the initial "installation" of the application is very destructive for the user - they are explicitly deleted from the Facebook site before being redirected. This really disrupts the user. If I use the standard login method provided by the CodeIgniter library that I use ( http://www.haughin.com/code/facebook/ ), then logging in / downloading the application is seamless - but I have the above problem when using the application for the first time.

Is there a way to determine if the user has the application installed, so I can use the main login method for each instance except the install application?

+4
source share
1 answer

In your canram iframe application, if the user has already allowed your application, signed_request will contain user_id and oauth_token, so there is no need to redirect the user to the authorization page. Here are some examples of what the signed_request character may contain:

The user does not have an authorized application:

signed_request = { "algorithm":"HMAC-SHA256", "issued_at":1299083443, "user":{"country":"ca","locale":"en_US","age":{"min":21} }

User has already allowed the application:

 signed_request = { "algorithm":"HMAC-SHA256", "expires":1299092400, "issued_at":1299085507, "oauth_token":access_token, "user":{"country":"ca","locale":"en_US","age":{"min":21}}, "user_id":user_id }

If you do not see user_id and oauth_token, you can use the window.top.location.href JavaScript technique. If you see user_id and oauth_token, then there is no need to ask the user for authentication of your application, since he / she has already performed. So, in other words, if the user authorized your application on January 1, and then returned on January 10, then signed_request will already contain user_id and oauth_token during the visit on January 10.

This is the technique that I use. Hope this helps.

UPDATED on March 7, 2011 in response to BrynJ's comment below.

To get signed_request, you need to make sure that the “OAuth 2.0 for canvas” option is enabled in your application’s settings (which can be found on the “Advanced” tab when you edit your settings here http://www.facebook.com/developers/apps .php ). This is enabled by default for all new applications, but if you have an old one, you need to enable it yourself. Also pay attention to the "POST for Canvas" setting on the same "Advanced" tab. If enabled, the signed_request character is passed in the POST body (for example, signed_request = 12345). If it is disabled, then the signed_request sign is passed in the query string.

After you have signed_request, you will need to check and decode it to get user_id and oauth_token. Facebook has a really good example:

http://developers.facebook.com/docs/authentication/signed_request/

By the way, you will want to enable "POST for Canvas", as Facebook will switch all iframe applications to this on March 12th. Additional information here: <a2>

+2
source

Source: https://habr.com/ru/post/1342528/

More articles:


All Articles