问题
I’ve just created a Facebook app, this is my first attempt and I followed Facebook developer's documentation totally, while completing everything as stated I am stucked at this strange situation:
- During authentication my app, the app redirects my browser outside the Facebook to the website page where my website is hosted, instead of redirecting it inside iframe. Am unable to redirect to some other page in my app direct plus also cant use app namespace page
- I am unable to retrieve the user_id from signed request parameter
code for landhere.php
<?php
include ('src/facebook.php');
$app_id = "*******";
$app_secret = "*********";
$redirect_uri = "http://myweb.com/myapp/landhere.php";
//$redirect_uri = "http://appplatform.info/WFBRU/start.php";
//$redirect_uri = "http://apps.facebook.com/wfbrumapp";
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
$id = $data["user_id"];
$authorized_code = $_GET["code"];
$oauth_token = $data["oauth_token"];
$like_status = $data["page"]["liked"];
echo "<br>page id = $id";
echo "<br>page admin = $authorized_code";
echo "<br>like status = $like_status";
echo "<br>country = $oauth_token";
if (empty($authorized_code)) {
echo "string";
$_SESSION['state'] = md5(uniqid(rand(), TRUE));
$dialog_url = "http://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&redirect_uri=" . $redirect_uri . "&state=" . $_SESSION['state'];
echo("<script> top.location.href='" . $dialog_url . "'</script>");
//echo("<script> window.top.location='" . $dialog_url . "'</script>");
} else {
$authenticate_url = "https://graph.facebook.com/oauth/access_token?client_id=" . $app_id . "&redirect_uri=" . $redirect_uri . "&client_secret=" . $app_secret . "&code=" . $authorized_code . "";
$response = @file_get_contents($authenticate_url);
$params = null;
parse_str($response, $params);
$access_token = $params['access_token'];
$userId = $_POST["user_id"];
echo $userId;
if ($like_status) {
echo "<form method=\"post\" action=\"start.php\" id=\"landingForm\">";
echo "<input type=\"text\" name=\"user_id\" value=" . $id . " style=\"display: none\">";
echo "<input type=\"text\" name=\"oauth_token\" value=" . $oauth_token . " style=\"display: none\">";
echo "</form>";
echo "<script>document.forms['landingForm'].submit()</script>";
} else {
echo "<div class=\"likepage\">";
echo("<b class=\"welcome\"></b><br/>");
echo "</div>";
}
}
?>
stuck in infinite loop:
if (!empty($_SESSION['access_token'])) {
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
$id = $data["user_id"];
$authorized_code = $_GET["code"];
$oauth_token = $data["oauth_token"];
$like_status = $data["page"]["liked"];
echo "<br>page id = $id";
echo "<br>page admin = $authorized_code";
echo "<br>like status = $like_status";
echo "<br>country = $oauth_token";
if ($data["page"]["liked"]) {
echo "<form method=\"post\" action=\"start.php\" id=\"landhereForm\">";
echo "<input type=\"text\" name=\"user_id\" value=" . $id . " style=\"display: none\">";
echo "<input type=\"text\" name=\"oauth_token\" value=" . $oauth_token . " style=\"display: none\">";
echo "</form>";
echo "<script>document.forms['landhereForm'].submit()</script>";
} else {
echo "<div class=\"likepage\">";
echo("<b class=\"welcome\"></b><br/>");
echo "</div>";
}
} else if (!empty($_GET["error"])) {
echo "user hasn't authorized your app";
}else if (!empty($_GET["code"])) {
$authorized_code = $_GET["code"];
$authenticate_url = "https://graph.facebook.com/oauth/access_token?client_id=" . $app_id . "&redirect_uri=" . $redirect_uri . "&client_secret=" . $app_secret . "&code=" . $authorized_code . "";
$response = @file_get_contents($authenticate_url);
$params = null;
parse_str($response, $params);
$access_token = $params['access_token'];
$_SESSION['access_token'] = $access_token;
//header('Location: http://apps.facebook.com/myapp');
header('Location: http://www.facebook.com/mypage/app_***********');
} else {
echo "string";
echo "<br>page id = $id";
echo "<br>page admin = $authorized_code";
echo "<br>like status = $like_status";
echo "<br>country = $oauth_token";
$_SESSION['state'] = md5(uniqid(rand(), TRUE));
$dialog_url = "http://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&redirect_uri=" . $redirect_uri . "&state=" . $_SESSION['state'];
echo("<script> top.location.href='" . $dialog_url . "'</script>");
//echo("<script> window.top.location='" . $dialog_url . "'</script>");
}
回答1:
Yeah, you got this wrong a big.
You should follow the Authentication tutorial, it describes all the steps:
If the user is not authenticated you send him to the auth dialog via the js script as you wrote.
Facebook redirects back to your page, not in an iframe, it's a redirection on the main window.
In case the user declined the app you will have "error", "error_reason" and "error_description" in the GET data, remember you are not inside facebook at the time.
If the user granted your app, get redirected to your page (in the main window), you then should exchange the code with an active access token and then redirect the user to your fb app (http(s)://apps.facebook.com/YOUR-APP-NAME).
When facebook loads it will load your app inside an iframe, then you will get the signed request and you can show your canvas page.
Here's a modified version of your php code, some of it is pseudo since I'm not much of a php programmer.
<?php
include ('src/facebook.php');
$app_id = "******";
$app_secret = "******";
if (access_token in session) {
$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
$id = $data["user_id"];
$oauth_token = $data["oauth_token"];
$like_status = $data["page"]["liked"];
echo "<br>page id = $id";
echo "<br>like status = $like_status";
echo "<br>country = $oauth_token";
} else if (error in get_data) {
// user hasn't authorized your app
} else if (code in get_data) {
$authorized_code = $_GET["code"];
$authenticate_url = "https://graph.facebook.com/oauth/access_token?client_id=" . $app_id . "&redirect_uri=" . $redirect_uri . "&client_secret=" . $app_secret . "&code=" . $authorized_code . "";
$response = @file_get_contents($authenticate_url);
$params = null;
parse_str($response, $params);
$access_token = $params['access_token'];
$_SESSION['access_token'] = $access_token;
header('Location: http://apps.facebook.com/APP_NAME');
} else {
$redirect_uri = "http://myweb.com/myapp/landhere.php";
echo "string";
$_SESSION['state'] = md5(uniqid(rand(), TRUE));
$dialog_url = "http://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&redirect_uri=" . $redirect_uri . "&state=" . $_SESSION['state'];
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}
?>
It's not tested or anything, it's just to give you a nudge in the right direction. Hope this helps.
Edit
Modified version of your 2nd piece of code:
list($encoded_sig, $payload) = explode('.', $_REQUEST["signed_request"], 2);
$signed_request = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
$access_token = null;
if (!empty($_SESSION['access_token'])) {
$access_token = $_SESSION['access_token'];
} else if (!empty($signed_request['oauth_token'])) {
$access_token = $signed_request['oauth_token'];
}
if ($access_token != null) {
$id = $access_token["user_id"];
$authorized_code = $_GET["code"];
$oauth_token = $access_token["oauth_token"];
$like_status = $access_token["page"]["liked"];
echo "<br>page id = $id";
echo "<br>page admin = $authorized_code";
echo "<br>like status = $like_status";
echo "<br>country = $oauth_token";
if ($data["page"]["liked"]) {
echo "<form method=\"post\" action=\"start.php\" id=\"landhereForm\">";
echo "<input type=\"text\" name=\"user_id\" value=" . $id . " style=\"display: none\">";
echo "<input type=\"text\" name=\"oauth_token\" value=" . $access_token . " style=\"display: none\">";
echo "</form>";
echo "<script>document.forms['landhereForm'].submit()</script>";
} else {
echo "<div class=\"likepage\">";
echo("<b class=\"welcome\"></b><br/>");
echo "</div>";
}
} else if (!empty($_GET["error"])) {
echo "user hasn't authorized your app";
}else if (!empty($_GET["code"])) {
$authorized_code = $_GET["code"];
$authenticate_url = "https://graph.facebook.com/oauth/access_token?client_id=" . $app_id . "&redirect_uri=" . $redirect_uri . "&client_secret=" . $app_secret . "&code=" . $authorized_code . "";
$response = @file_get_contents($authenticate_url);
$params = null;
parse_str($response, $params);
$access_token = $params['access_token'];
$_SESSION['access_token'] = $access_token;
//header('Location: http://apps.facebook.com/myapp');
header('Location: http://www.facebook.com/mypage/app_***********');
} else {
echo "string";
echo "<br>page id = $id";
echo "<br>page admin = $authorized_code";
echo "<br>like status = $like_status";
echo "<br>country = $oauth_token";
$_SESSION['state'] = md5(uniqid(rand(), TRUE));
$dialog_url = "http://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&redirect_uri=" . $redirect_uri . "&state=" . $_SESSION['state'];
echo("<script> top.location.href='" . $dialog_url . "'</script>");
//echo("<script> window.top.location='" . $dialog_url . "'</script>");
}
回答2:
Two things:
1) $redirect_uri should point to your facebook app, not your website
2) in javascript, you should check to see if "apps.facebook.com" is in the top frame's url, if not then do a redirect
if(top.location.href.indexOf("apps.facebook.com") > 0){
top.location.href = YOUR_FACEBOOK_CANVAS_APP_URL;
}
来源:https://stackoverflow.com/questions/9761854/browser-redirected-outside-facebook-instead-of-redirecting-it-inside-iframe