Facebook Canvas Application Authentication – OAuth 2.0 protocol

This article only aims towards ‘OAuth 2.0 protocol‘ authorization for ‘Apps on Facebook.com‘  runs as ‘Canvas FBML‘, written in PHP.

Use facebook.php if you really don’t want to put yourself into miseries.
So the first step : (creating the object)

require('facebook.php');

$facebook = new Facebook(array(
	'appId' => APP_ID,
	'secret' => APP_SECRET,
	'cookie' => true
));

Now make the user login to and authorize your app on his first visit.

if($facebook->getSession()) {
	//User is already logged in & authorized your app
	$uid = $facebook->getUser();
} else {
	$params = array(
			'fbconnect' => 0,
			'canvas' => 1,
			'next' => "http://apps.facebook.com/YOUR_APP/"
		);
	$redirect = $facebook->getLoginUrl($params);
	echo '<fb:redirect url="' . $redirect . '">';
}

This will redirect the user to application authorization page. On giving the access user will be sent to the next page.

You need to have the authentication token of the user to make any call.

if ($facebook->getSession()) {
	$uid = $facebook->getUser();
	$access_token = $facebook->getAccessToken();
}

Now if you need to have any extended permissions, check for it & ask for it,

$hasPublishPermission = json_decode(
	file_get_contents(
		'https://api.facebook.com/method/
		users.hasAppPermission?uid='.$uid.'&'.
		'ext_perm=publish_stream&
		format=json&access_token='
		.$access_token));

if(!$hasPublishPermission){
	$params = array(
		'fbconnect' => 0,
		'canvas' => 1,
		'next' => "http://apps.facebook.com/YOUR_APP/",
		'req_perms' => 'publish_stream'
	);
	$redirect = $facebook->getLoginUrl($params);
	echo '<fb:redirect url="' . $redirect . '">';
}

More than one extended permissions can be asked by a single call, just put them separated by commas.

$params = array(
	'fbconnect' => 0,
	'canvas' => 1,
	'next' => "http://apps.facebook.com/YOUR_APP/",
	'req_perms' => 'publish_stream, user_photos'
);

An example of making a call to Facebook. I’ve used Old REST API, but the new Graph API will also work as well.

$album = json_decode(
	file_get_contents(
		'https://api.facebook.com/method/
		photos.createAlbum?name='.urlencode($albumTitle).'
		&'format=json&access_token=' .$access_token));
Advertisements

6 Responses to Facebook Canvas Application Authentication – OAuth 2.0 protocol

  1. Kamal Khan says:

    Good post.

    Needed this echo '';

    Thanks

  2. mag says:

    Nevermind I see,…. tired I guess :D

  3. mag says:

    Thank you for the code!!

    I’ve ran into a bit of struggle trying to request extended permissions, can you shine any light on how to do this?

  4. klutch says:

    Thank you for the article. How different would this be if you used Canvas iframe instead of FBML?

    • dyutiman says:

      I am not sure now… but u have to make the authentication using Cookie.
      let me see if I can get that for u….

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: