How do correctly authorise a Facebook App

Question

I am creating a basic Facebook app, and when a user without permission visits the app, they are redirected to the authorisation page. However, the page doesn't display, and I see the following error.

This content cannot be displayed in a frame

Opening it in a new window then shows the authorisation page for my app. Clicking 'Go to App' then takes me to the App, but in it's own window, away from Facebook. Going back to FB and reloding the App page now works.

Stranger yet, when I am logged out and go to my app page, I get a Facebook 404 page (4oh4.php).

I'm guessing that I am doing this wrong somehow, so can anyone see anything obvious wrong with my script? Thanks.

To see what is happening - http://apps.facebook.com/dyne_drewett_news/

<?php
require 'fb/facebook.php';

$fbconfig['appUrl'] = 'my-app-url';    // Create An instance of our Facebook Application.
$facebook = new Facebook(array(
    'appId'  => 'my-app-ID', // Entered correctly in actual script
    'secret' => 'me-app-secret', // Entered correctly in actual script
    'cookies' => 'true',
));

// Get the app User ID
$user = $facebook->getUser();

if($user) :
    try{       // If the user has been authenticated then proceed
        $user_profile = $facebook->api('/me');
    } catch (FacebookApiException $e){
        error_log($e);     
        $user = null;
    }
endif;

// If the user is authenticated then generate the variable for the logout URL
if($user) :
    $logoutUrl = $facebook->getLogoutUrl();
?>

<!-- My HTML goes here -->

<?php
else :
    $loginUrl = $facebook->getLoginUrl();
    header('Location: '.$loginUrl);
endif;
?>

score 1 · Accepted Answer · answered Aug 30 '12 at 10:39

1

Because you are working in an iframe, you'll have to execute JavaScript redirects. Only that way will you be able to redirect the top most frame -

echo "<script language=javascript>";
echo "top.location.href ='".$url."';";
echo "</script>";
exit();

This is the only way to do complete redirects within a Facebook application. Any other redirect (with PHP for example) will only redirect the user within the iframe...

answered Aug 30 '12 at 10:39

Lix

47,311
12
103
131

Thanks. So that now forwards correctly to the App auth page, but when you click on 'Go to App', it still opens the App in the top window, and not in the frame as it should. I am also still getting a 404 error for non logged-in FB users trying to go directly to the APP. – David Gard Aug 30 '12 at 10:56
The 404 could be because your application is in sandbox mode. Where exactly is the "Go to App" button located? – Lix Aug 30 '12 at 10:58
Thanks again, the 404 was indeed sandbox mode, so that is that one sorted. The 'Go to App' button is on the standard FB app authorisation box. If you go to the link in my original box, you should hopefully see what I maen - there is an app there, although it's just dummy data at the moment. – David Gard Aug 30 '12 at 11:14
I'm getting an SSL error there... opening a new window might be equivalent of opening a new tab... which could be expected... – Lix Aug 30 '12 at 11:17
Are you running FB with security mode enabled? Apparently if the app hasn't got an SSL (don't have that yet), then it will not display for users running security mode in FB. And I see what you mean about opening a new window, although it makes no sense that FB forces you to use a frame for the app, yet wont display the app aothorisation box in that frame... – David Gard Aug 30 '12 at 11:21
1

Ok, so I replace the line `$loginUrl = ...` (near bottom of script) with `$loginUrl = $facebook->getLoginUrl(array('redirect_uri' => $fbconfig['appUrl']));', and now I am being directed back to the Canvas Page as I would expect. I do have issues to sort, but everything that was raised here appears to be fixed, so thank you for your help. – David Gard Aug 30 '12 at 11:47

How do correctly authorise a Facebook App

1 Answers1