Comments on: Authorizing Iframe Facebook Applications For Graph API http://blog.yoz.sk/2010/06/authorizing-iframe-facebook-applications-for-graph-api/?utm_source=rss&utm_medium=rss&utm_campaign=authorizing-iframe-facebook-applications-for-graph-api My life, my work Thu, 02 Feb 2012 13:37:16 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Jozef Chúťka http://blog.yoz.sk/2010/06/authorizing-iframe-facebook-applications-for-graph-api/comment-page-3/#comment-4657 Jozef Chúťka Mon, 13 Jun 2011 07:56:41 +0000 http://blog.yoz.sk/?p=1732#comment-4657 hi Etienne, glad you made it work. its really interesting that it does not work correctly with ff. it may be due to flash app is not completely prepared. not sure what may case the issue: - missing flashvars? - shared object not ready? - stage and urlloader not ready? hi Etienne,
glad you made it work. its really interesting that it does not work correctly with ff. it may be due to flash app is not completely prepared. not sure what may case the issue:
- missing flashvars?
- shared object not ready?
- stage and urlloader not ready?

]]> By: Etienne http://blog.yoz.sk/2010/06/authorizing-iframe-facebook-applications-for-graph-api/comment-page-3/#comment-4656 Etienne Sat, 11 Jun 2011 08:08:18 +0000 http://blog.yoz.sk/?p=1732#comment-4656 Hi Jozef, I discover something strange... Concerning as3 graph api iframe embeding exemples from facebook-actionscript-api google code (wich are working fine) : On firefox 3.6.12 and previous, the auto init (auto connect) is not working. The app will work outside of FB but not in the canvas. But if you set a setTimeout (even with no delay) before the embed swf function..... it works !! I know that doesn't concern your own embeding solution but the facebook-actionscript-api one. However, perhaps yours have the same kind of issue on on 3.6.12 and previous. Hi Jozef,

I discover something strange…
Concerning as3 graph api iframe embeding exemples from facebook-actionscript-api google code (wich are working fine) :

On firefox 3.6.12 and previous, the auto init (auto connect) is not working. The app will work outside of FB but not in the canvas.
But if you set a setTimeout (even with no delay) before the embed swf function….. it works !!

I know that doesn’t concern your own embeding solution but the facebook-actionscript-api one.

However, perhaps yours have the same kind of issue on on 3.6.12 and previous.

]]> By: Bill Langley http://blog.yoz.sk/2010/06/authorizing-iframe-facebook-applications-for-graph-api/comment-page-3/#comment-4634 Bill Langley Thu, 05 May 2011 18:04:28 +0000 http://blog.yoz.sk/?p=1732#comment-4634 Yikes! Sorry for all the frustration. The root problem was that I hadn't included the www in the site's app url. The client redirects when it is missing. The redirect then caused the POST data to disappear. Thanks for all your help! Yikes! Sorry for all the frustration. The root problem was that I hadn’t included the www in the site’s app url. The client redirects when it is missing. The redirect then caused the POST data to disappear.

Thanks for all your help!

]]> By: Bill Langley http://blog.yoz.sk/2010/06/authorizing-iframe-facebook-applications-for-graph-api/comment-page-3/#comment-4633 Bill Langley Wed, 04 May 2011 23:07:39 +0000 http://blog.yoz.sk/?p=1732#comment-4633 Sorry, guess the PHP got consumed: $app_uri = "http://apps.facebook.com/sambazon_warrior_up/"; $auth_uri = "https://www.facebook.com/dialog/oauth"; $client_id = "[my id]"; $scope = "publish_stream,user_photos,user_photo_video_tags"; $signed_request = $_POST["signed_request"]; list($encoded_sig, $payload) = explode('.', $signed_request, 2); $data = base64_decode(strtr($payload, '-_', '+/')); if(empty($signed_request)){ echo ( "window.top.location = '" . $auth_uri . "?client_id=" . $client_id . "&redirect_uri=" . urlencode($app_uri) . "&scope=" . $scope . "&response_type=token';"); }else{ echo "var signed_request=" . $data . ";"; echo "generateFlash();"; } Sorry, guess the PHP got consumed:

$app_uri = “http://apps.facebook.com/sambazon_warrior_up/”;
$auth_uri = “https://www.facebook.com/dialog/oauth”;
$client_id = “[my id]“;
$scope = “publish_stream,user_photos,user_photo_video_tags”;

$signed_request = $_POST["signed_request"];
list($encoded_sig, $payload) = explode(‘.’, $signed_request, 2);
$data = base64_decode(strtr($payload, ‘-_’, ‘+/’));

if(empty($signed_request)){
echo ( “window.top.location = ‘” . $auth_uri .
“?client_id=” . $client_id .
“&redirect_uri=” . urlencode($app_uri) .
“&scope=” . $scope .
“&response_type=token’;”);
}else{
echo “var signed_request=” . $data . “;”;
echo “generateFlash();”;
}

]]> By: Bill Langley http://blog.yoz.sk/2010/06/authorizing-iframe-facebook-applications-for-graph-api/comment-page-3/#comment-4632 Bill Langley Wed, 04 May 2011 23:06:23 +0000 http://blog.yoz.sk/?p=1732#comment-4632 Now I'm even more perplexed. I can now see the signed_request variable and am able to parse the oauth_token out of it, but I'm still seeing the page constantly refresh itself... even if I remove the generateFlash() function. On Chrome it just repeats. On Firefox it throws up "Object Moved". Here is my PHP: BTW: I am not able to create the signed_request var like your example. The initial var signed_request=; throws up an error in my JS console. Now I’m even more perplexed. I can now see the signed_request variable and am able to parse the oauth_token out of it, but I’m still seeing the page constantly refresh itself… even if I remove the generateFlash() function. On Chrome it just repeats. On Firefox it throws up “Object Moved”. Here is my PHP:

BTW: I am not able to create the signed_request var like your example. The initial var signed_request=; throws up an error in my JS console.

]]> By: Jozef Chúťka http://blog.yoz.sk/2010/06/authorizing-iframe-facebook-applications-for-graph-api/comment-page-3/#comment-4630 Jozef Chúťka Wed, 04 May 2011 18:35:11 +0000 http://blog.yoz.sk/?p=1732#comment-4630 request to http://apps.facebook.com/sambazon_warrior_up : POST /fbapp/ HTTP/1.1 Host: sambazon.com Referer: http://apps.facebook.com/sambazon_warrior_up/ signed_request=N7GgX95r... asi you can see, there surely is post parameter available! request to http://apps.facebook.com/sambazon_warrior_up :

POST /fbapp/ HTTP/1.1
Host: sambazon.com
Referer: http://apps.facebook.com/sambazon_warrior_up/

signed_request=N7GgX95r…

asi you can see, there surely is post parameter available!

]]> By: Bill Langley http://blog.yoz.sk/2010/06/authorizing-iframe-facebook-applications-for-graph-api/comment-page-3/#comment-4629 Bill Langley Wed, 04 May 2011 16:42:29 +0000 http://blog.yoz.sk/?p=1732#comment-4629 Hi Jozef, My client's server accepts _POST vars because when I use FB's technique: <?php $app_id = YOUR_APP_ID; $app_secret = "YOUR_APP_SECRET"; $my_url = "YOUR_URL"; $code = $_REQUEST["code"]; if(empty($code)) { $dialog_url = "http://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url); echo(" top.location.href='" . $dialog_url . "'"); } $token_url = "https://graph.facebook.com/oauth/access_token?client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url) . "&client_secret=" . $app_secret . "&code=" . $code; $access_token = file_get_contents($token_url); $graph_url = "https://graph.facebook.com/me?" . $access_token; $user = json_decode(file_get_contents($graph_url)); echo("Hello " . $user->name); ?> I am able to get $code, but unable to get file_get_contents($token_url); to work because (I'm assuming) the $token_url is secure. However, when I use your technique I am never able to get $signed_request either with $_REQUEST["signed_request"] or $_POST["signed_request"]. So, I'm stuck with a looping app. Also, I don't understand how your post "neverending facebook changes..." applies to this. They seem like 2 different techniques. I greatly appreciate any light you can shed on this. Thx, WL http://apps.facebook.com/sambazon_warrior_up Hi Jozef,

My client’s server accepts _POST vars because when I use FB’s technique:

<?php

$app_id = YOUR_APP_ID;
$app_secret = "YOUR_APP_SECRET";
$my_url = "YOUR_URL";

$code = $_REQUEST["code"];

if(empty($code)) {
$dialog_url = "http://www.facebook.com/dialog/oauth?client_id=&quot;
. $app_id . "&redirect_uri=" . urlencode($my_url);

echo(" top.location.href=’” . $dialog_url . “‘”);
}

$token_url = “https://graph.facebook.com/oauth/access_token?client_id=”
. $app_id . “&redirect_uri=” . urlencode($my_url) . “&client_secret=”
. $app_secret . “&code=” . $code;

$access_token = file_get_contents($token_url);

$graph_url = “https://graph.facebook.com/me?” . $access_token;

$user = json_decode(file_get_contents($graph_url));

echo(“Hello ” . $user->name);

?>

I am able to get $code, but unable to get file_get_contents($token_url); to work because (I’m assuming) the $token_url is secure.

However, when I use your technique I am never able to get $signed_request either with $_REQUEST["signed_request"] or $_POST["signed_request"]. So, I’m stuck with a looping app.

Also, I don’t understand how your post “neverending facebook changes…” applies to this. They seem like 2 different techniques.

I greatly appreciate any light you can shed on this.

Thx,
WL

http://apps.facebook.com/sambazon_warrior_up

]]> By: Jozef Chúťka http://blog.yoz.sk/2010/06/authorizing-iframe-facebook-applications-for-graph-api/comment-page-3/#comment-4627 Jozef Chúťka Wed, 04 May 2011 07:51:07 +0000 http://blog.yoz.sk/?p=1732#comment-4627 hi Bill. - you do not extract nothing from top.location, you pass there url to get authorized - if you have correct facebook setting (see the ones from me) you should get some authorization info in POST variables. make sure yor server support _POST variable hi Bill.
- you do not extract nothing from top.location, you pass there url to get authorized
- if you have correct facebook setting (see the ones from me) you should get some authorization info in POST variables. make sure yor server support _POST variable

]]> By: Bill Langley http://blog.yoz.sk/2010/06/authorizing-iframe-facebook-applications-for-graph-api/comment-page-3/#comment-4625 Bill Langley Tue, 03 May 2011 16:27:02 +0000 http://blog.yoz.sk/?p=1732#comment-4625 I can't get this new auth to work. I don't understand how I'm supposed to extract the top.location access_token hash when the app is inside an iframe. Also, I tried the PHP $signed_request method and it always comes up empty. I have "Oauth 2 for Canvas" and "POST for Canvas" enabled. No matter what I try, I can't get to the access_token. What am I missing here? I can’t get this new auth to work. I don’t understand how I’m supposed to extract the top.location access_token hash when the app is inside an iframe. Also, I tried the PHP $signed_request method and it always comes up empty. I have “Oauth 2 for Canvas” and “POST for Canvas” enabled. No matter what I try, I can’t get to the access_token. What am I missing here?

]]> By: William Everich http://blog.yoz.sk/2010/06/authorizing-iframe-facebook-applications-for-graph-api/comment-page-3/#comment-4616 William Everich Thu, 21 Apr 2011 21:07:28 +0000 http://blog.yoz.sk/?p=1732#comment-4616 Right now this is my favorite page on the internet. Thank you all!! Right now this is my favorite page on the internet. Thank you all!!

]]>