1

I'm getting a bit pissed off with Facebook's platform constantly changing, fragile structure, and lack of decent and up-to-date documentation.

Currently, I'm migrating an app from FBML now that it's deprecated to an iFrame app, and having issues authenticating. Currently, I have a global bootstrap script that is loaded upon each page view that contains the following pertaining to authentication:

// attempt to authenticate against Facebook platform
require dirname(__FILE__) . '/facebook.php';

$facebook = new Facebook(array(
    'appId'  => APP_ID,
    'secret' => SECRET,
    'cookie' => true
));

$session = $facebook->getSession();

$user = null;
if ($session) {
    try {
        $uid = $facebook->getUser();
        $user = $facebook->api('/me');
    }
    catch (FacebookApiException $e) {
        error_log($e);
    }
}

if (!$user) {
    $loginUrl = $facebook->getLoginUrl(array(
        'req_perms' => 'email,user_likes',
        'next' => CANVAS_URL.'/'
    ));
    echo '<script>top.location.href="'.$loginUrl.'";</script>';
    exit;
}

This was put together based on examples in the official Facebook PHP SDK and developer's documentation, but when first loading the app is just goes around in a nasty redirect circle and I have no idea where to start debugging as I've nothing to refer to from Facebook.

Has any one got a working sample of authenticating a Facebook iFrame app, or can see something inherently wrong with the code snippet I have above?

Thanks in advance.

EDIT: Forgot to mention that it goes in a redirect loop with the above code, but if I remove the parameters array from $facebook->getLoginUrl() call then it eventually breaks out of the loop and out of Facebook itself, instead going to my canvas URL outside of Facebook's iFrame container. For example, the URL becomes http://www.woohoobingo.com/facebookv2/?session={...} instead of http://apps.facebook.com/woohoobingo/.

Martin Bean
  • 38,379
  • 25
  • 128
  • 201
  • Did you try placing some statements on different lines so it gives you an idea from where the code is redirecting you. – Inam Abbas May 09 '11 at 15:18
  • I've tried echoing the value of `$loginUrl`, yes. Does redirecting to the same page that's invoking the authentication request break things though? I would have thought the SDK would pick up the token from the auth. request? – Martin Bean May 09 '11 at 15:21
  • Which browser you are using? IE 8 and safari do not allow to store cookies from iframe. try using firefox first then if the problem solve let me know I can give you the solution for IE cookie storing problem. – Inam Abbas May 09 '11 at 15:28
  • Ah. I'm using Google Chrome, which uses WebKit. Would this be the issue? – Martin Bean May 09 '11 at 15:30
  • header ('P3P: CP = "IDC DSP COR ADM DEVI TAII PSA PSD OUR Ivai IVDi CONI HIS IND CNT"'); Try to add this line at the top of the page. hope it works – Inam Abbas May 09 '11 at 15:31
  • It's patched it in Google Chrome, but Safari is still having a fit over it. – Martin Bean May 09 '11 at 15:38
  • possible duplicate of [internal links in facebook app - doesn't work in IE](http://stackoverflow.com/questions/5851869/internal-links-in-facebook-app-doesnt-work-in-ie) – ifaour May 09 '11 at 18:36

2 Answers2

2

Cracked it. Used the following HTTP header at the top of my index.php file:

header('P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"');
Martin Bean
  • 38,379
  • 25
  • 128
  • 201
  • This is awesome :) I checked it at my end too works perfect. Thought the line I have given works for me but not works for my friends and the line you have provided me works for both of us :) Let me edit my answer too so the person who see this question will not confuse. – Inam Abbas May 09 '11 at 16:40
0

This line works for me

header('P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"');

But as you said it is not working in safari because it do not patch it to store cookies then you can use an alternative That turn off cookies 

$facebook = new Facebook(array(
    'appId'  => APP_ID,
    'secret' => SECRET,
    'cookie' => false
));

and try to use the access token after authentication @access_token is the oauth access_token that gets passed to your canvas page in the initial POST request.

$facebook->api('/me?access_token='.$access_token);

Hope it works

Inam Abbas
  • 1,480
  • 14
  • 28