[cvs] [Wiki] changed: Doc/Dev/Horde_Service_Facebook

Michael Rubinsky mrubinsk at horde.org
Sat Feb 28 23:54:08 UTC 2009


mrubinsk  Sat, 28 Feb 2009 18:54:08 -0500

Modified page: http://wiki.horde.org/Doc/Dev/Horde_Service_Facebook
New Revision:  1.2
Change log:  More docs...

@@ -22,5 +22,69 @@
  $facebook = new Horde_Service_Facebook($key, $secret, $context);
  </code>

  ++ Authentication
-Authenticating a Facebook application from another web application is  
not a simple task.  The user needs to first be logged into Facebook,  
then authorize your application to interact with the user's Facebook  
profile. In addition, in order to allow the application to interact  
with Facebook without having to redirect the user to a login for each  
new session, you will need an infinite session. There are also  
multiple other 'extended permissions' that Facebook requires to be  
approved **individually**. It is up to the client application to deal  
with these requirements. Here is some sample code demonstrating the  
authentication process.
+Authenticating a Facebook application from another web application is  
not a simple task.  The user needs to first be logged into Facebook,  
then authorize your application to interact with the user's Facebook  
profile. In addition, in order to allow the application to interact  
with Facebook without having to redirect the user to a login for each  
new session, you will need an infinite session. There are also  
multiple other 'extended permissions' that Facebook requires to be  
approved **individually**. It is up to the client application to deal  
with these requirements. Here is some sample code demonstrating  
various authentication processes.
+
+First, let's assume that the user has not done anything with your  
application yet. To check this we could do something like this:
+<code type="php">
+
+// See if we have a session (probably from a cookie)
+$haveSession = $facebook->auth->validateSession();
+if ($haveSession) {
+    $uid = $facebook->auth->getUser();
+    $sid = $facebook->auth->getSessionKey();
+}
+
+// You can always verify the session is good by calling
+// this returns the userid that belongs to the current session.
+$facebook->users->getLoggedInUser();
+</code>
+
+If you do not have a valid session you will have to ask the user to  
log into Facebook:
+
+<code type="php">
+$url = $facebook->get_login_url('http://yourcallbackurl');
+echo '<a href="' . $url . '">Login to Facebook</a>';
+</code>
+
+This link will take the user to a page that will first ask them to  
login, and then requests permission for you application to interface  
with their Facebook profile. Once that happens, Facebook will redirect  
back to your callbackurl. Once back on your callback page, you will  
need to capture the values that Facebook has sent back to you. The  
same validateSession() method takes care of that.
+
+<code type="php">
+
+// The true parameter here is telling the library to ignore any
+// seemingly valid sessions obtained from a cookie. This is to prevent
+// an existing cookie (perhaps by another user on a shared computer) from
+// interfering with this process.
+$facebook->auth->validateSession(true);
+
+// After we call this method, if it's successful we will have
+// values for user and session.
+$uid = $facebook->auth->getUser();
+$sid = $facebook->auth->getSessionKey();
+
+// You can also check that any user has accepted your application
+$isAppUser = $facebook->users->isAppUser($uid);
+</code>
+
+At this point you could store the uid and sid locally, and use them  
to manually set up the session instead of making a call to Facebook.
+
+<code type="php">
+
+// Get user and session from storage
+$uid = 'xxx';
+$sid = 'xxx';
+
+// Tell facebook client about it.
+$facebook->auth->setUser($uid, $sid);
+
+// Verify the session is still good by calling a method that requires  
a valid session
+$haveSession = $facebook->users->getLoggedInUser();
+</code>
+
+
+The session key returned by Facebook at this point would only be good  
until the user logs out.  Your user would have to login again to  
Facebook for each new session. To overcome this, you have to have the  
user authorize an extended permission called offline_access. Each and  
every extended permission must be authorized separately.
+
+<code type="php">
+
+</code>
+



More information about the cvs mailing list