Facebook: stay in canvas after oauth callback

Question

I'm working on an app using facebook & oauth. The app lives inside a facebook canvas, and the authentication is done server side. The app is done w/ Ruby on Rails 3.2, using Koala for dealing with the api (and mongodb as backend, for what it's worth), and hosted on heroku.

So, I supply the heroku url as redirect_url for the callback. Which makes the user go out of the canvas after the authentication, and well, I want it to stay inside. I read a few threads about this that suggested I redirect to the canvas url with js once the authentication is done. I did that, but now it seems that my session token is never set, and the user goes through the auth flow every time he tries to see a non-public page (which means he loops on the welcome page, having an "invisible" exchange with facebook each time).

I don't really get what I'm doing wrong here, so any help is welcome. If you need more informations, just ask.

Thanks for your time!

How are you setting your session token? Also, are you passing the access token back during the redirect? — Jonathan LeBlanc, Apr 23 '12 at 16:16

score 0 · Accepted Answer · answered Apr 29 '12 at 15:24

So I found what was my problem : the page my canvas pointed to was a "public" page, and did not handle anything authentication related, meaning it didn't parse the signed_request, or anything else. I ended up setting a special endpoint for the canvas in charge of handling the signed_request logic, and now it works as one would expect.

Facebook: stay in canvas after oauth callback

1 Answers1