Can I pass a variable to the callback url after facebook app authentication

Question

I am using hybridauth to log users into my php site via facebook.

$hybridauth = new Hybrid_Auth( $config );
$facebook = $hybridauth->authenticate( "Facebook" );

$facebook_user_profile = $facebook->getUserProfile();

($config contains the id and secret key for my app)

This is all working well, but I would like to redirect the user when returned to the callback url based on which page they have logged in from, so that I can return them to this location after login.

Is there a way to send custom variables with the authentication (such as a url or even a simple id) so I can read them at the other end of the process and know where the authentication request was initiated.

Is this possible, or am I barking up the wrong tree?

Extra kudos if anyone knows how to do this using hybrid, but any suggestions that put me on the right track are more then welcome.

score 7 · Accepted Answer · answered Feb 27 '13 at 07:59

Whenever a server side or client side login is used, the ultimate landing will happen on FB Login dialog URL.

See the Server-side Login in the FB login architecture to understand the flow.

The login url would look like

https://www.facebook.com/dialog/oauth?
client_id=YOUR_APP_ID&
redirect_uri=YOUR_REDIRECT_URI&
state=SOME_ARBITRARY_BUT_UNIQUE_STRING

Here you can mention any url for the redirect_url param and after the login flow Facebook will try to redirect to the specified URL. The URL you specify must be a URL of with the same Base Domain as specified in your app's settings.

Also if you need to keep any extra data which could used after login, you can use the state param. The value you give for this param will be returned back without any changes.

I hope if you search the HybridAuth code you can able to find out the place where you need to pass these details.

state seems like what I want, I will look through the hybrid docs and see what I can find. — Finglish, Feb 27 '13 at 14:03
Thanks! For my limited need, adding a variable to the redirect_uri was the best way to go as hybrid doesn't support the "state" variable out of the box. — Finglish, Mar 03 '13 at 18:30

score 3 · Answer 2 · answered Feb 25 '13 at 15:04

I can think of two simple options:

GET parameters: Embedding your custom variables as GET parameters in the callback URL. (don't forget to URL encode the data)

Session: Setting the custom variables in the session of the user right before starting the authentication method.

score 1 · Answer 3 · answered Mar 02 '13 at 18:31

Make sure you have passed redirect_url in your $config.

Or you can use php header() at your login() function after set session & cookie. For example:

header("Location: http://www.example.com/some/where/else"); /* Redirect */

Hope it will helps you. Thanks.

score 0 · Answer 4 · answered Jan 07 '17 at 07:18

0

Facebook recommends developers use session variables. The state parameter is reserved/intended for CSRF

https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/#token

answered Jan 07 '17 at 07:18

Harry Bosh

3,611
2
36
34

Can I pass a variable to the callback url after facebook app authentication

4 Answers4