Steven Vachon

Single-File Facebook OAuth 2.0 Example

0 comments

I couldn’t find a simple, straight-forward example of this stuff. Facebook’s documentation isn’t wasn’t extremely clear either.

This code is no longer valid. Facebook has updated its API to be much simpler and accomplishes the goal of this article. It will remain for historic purposes.

Put this following code in an index.php file within your canvas URL‘s root. Optionally, name the file session.php and include it in any files that need it.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
<?php
 
/************
 * Facebook application auth
 *
 * Author:  Steven Vachon (http://www.svachon.com/)
 * Date Created:  September 25, 2011
 ************/
 
 
 
require_once 'facebook-sdk/facebook.php';
 
 
 
session_start();
 
 
 
$app_id = '1234';
$app_secret = '1234';
$app_page = 'https://apps.facebook.com/your-app-name/';
 
 
 
$authorizing_page = parse_url( $_SERVER['REQUEST_URI'] );
$authorizing_page = (!isset($_SERVER['HTTPS']) ? 'http://' : 'https://') . $_SERVER['HTTP_HOST'] . $authorizing_page['path'] . '?authorizing=true';
 
$code = (isset($_REQUEST['code'])) ? $_REQUEST['code'] : '';
 
if ($code == '')
{
	// Connect to Facebook
 
	$facebook = new Facebook(array(
		'appId'		=> $app_id,
		'secret'	=> $app_secret
	));
 
	$user = $facebook->getUser();
 
	if (isset($_SESSION['token']))
	{
		$facebook->setAccessToken( $_SESSION['token'] );
	}
 
	try
	{
		// Logged in and app is authorized
		$facebook->api('/me');
 
		// Continues to any calling scripts
	}
	catch (FacebookApiException $error)
	{
		// CSRF protection
		$state = md5(uniqid(rand(), true));
 
		$login_url = $facebook->getLoginUrl(array('redirect_uri'=>$authorizing_page, 'state'=>$state));
 
		// Go to login and/or authorization request page
		$redirect  = '<style type="text/css">span{font-family:"lucida grande",tahoma,verdana,arial,sans-serif; font-size:11px; color:#333333} a{color:#3b5998; outline-style:none; text-decoration:none; font-weight:bold} a:hover{text-decoration:underline}</style>';
		$redirect .= '<script type="text/javascript"> function lagMessage(){document.getElementById("message").innerHTML="Waiting for authorization&hellip; <a href=\"'.$login_url.'\" target=\"_top\">retry</a>"}';
		$redirect .= 'top.location.href="'.$login_url.'"; document.write("<span id=\"message\"></span>"); setTimeout("lagMessage()",2000); </script>';
		exit($redirect);
	}
}
else
{
	// Respond to authorization request
	$response = file_get_contents('https://graph.facebook.com/oauth/access_token?client_id='.$app_id.'&redirect_uri='.urlencode($authorizing_page).'&client_secret='.$app_secret.'&code='.$code);
 
	parse_str($response, $params);
 
	$_SESSION['token'] = $params['access_token'];
 
	// Go back to app on facebook.com
	header('Location: '.$app_page);
	exit;
}
 
 
 
?>


Comments

Top

Leave a Reply

Comments welcome! Name & email required; email always kept private. Please use basic markup. Wrap code with <code> tags.