Thursday, December 8, 2011

Facebook Auth cookbook page

Facebook Authentication

Overview

Most actions on Facebook require some sort of authentication token. For example, sending a request for information about a user without the relevant auth token returns only their public information: name, user id, and a few other fields. However, a request with the proper token can GET several pages of JSON describing a user who’s authorized the requesting app.

Body

There are several ways to acquire such a token, but we will be focusing on a simple method using the PHP SDK. Complete documentation can be found here.

First, working with the PHP SDK requires initializing an instance of the Facebook object with your App_ID and App_Secret. These values are unique to each app, and can be thought of as you username and password.

The Facebook::getLoginUrl(params) method generates a url that takes the user to a facebook dialouge where the user is asked if they would like to grant your application the permissions specified in params, after which the user is redirected to either a url specified in params or the originating page

From the documentation:
$params = array(
  scope => 'read_stream, friends_likes',
  redirect_uri => 'https://www.myapp.com/post_login_page'
);

$loginUrl = $facebook->getLoginUrl($params);

the scope parameter can be any of these permissions. Remember that requesting unnecessary permissions will make users suspicious.

The auth token obtained is temporary, meaning that this method can only be used when the user is online or shortly after.

There is also a Facebook::getLogoutUrl() method, see the example below for a full example (source)

Example Code

<?
 // Remember to copy files from the SDK's src/ directory to a
 // directory in your application on the server, such as php-sdk/
 require_once('php-sdk/facebook.php');

 $config = array(
   'appId' => 'YOUR_APP_ID',
   'secret' => 'YOUR_APP_SECRET',
 );

 $facebook = new Facebook($config);
 $user_id = $facebook->getUser();
?>
<html>
 <head></head>
 <body>

 <?
   if($user_id) {

     // We have a user ID, so probably a logged in user.
     // If not, we'll get an exception, which we handle below.
     try {

       $user_profile = $facebook->api('/me','GET');
       echo "Name: " . $user_profile['name'];

     } catch(FacebookApiException $e) {
       // If the user is logged out, you can have a
       // user ID even though the access token is invalid.
       // In this case, we'll get an exception, so we'll
       // just ask the user to login again here.
       $login_url = $facebook->getLoginUrl();
       echo 'Please <a href="' . $login_url . '">login.</a>';
       error_log($e->getType());
       error_log($e->getMessage());
     }   
   } else {

     // No user, print a link for the user to login
     $login_url = $facebook->getLoginUrl();
     echo 'Please <a href="' . $login_url . '">login.</a>';

   }

 ?>

 </body>
</html>

No comments:

Post a Comment