Single-File Facebook OAuth 2.0 Example

Sunday, September 25^th, 2011. 0 comments

I couldn’t find a simple, straight-forward example of this stuff. Facebook’s documentation ~~isn’t~~ wasn’t extremely clear either.

This code is no longer valid. Facebook has updated its API to be much simpler and accomplishes the goal of this article. It will remain for historic purposes.

Put this following code in an index.php file within your canvas URL‘s root. Optionally, name the file session.php and include it in any files that need it.

<?php
 
/************
 * Facebook application auth
 *
 * Author:  Steven Vachon (http://www.svachon.com/)
 * Date Created:  September 25, 2011
 ************/
 
 
 
require_once 'facebook-sdk/facebook.php';
 
 
 
session_start();
 
 
 
$app_id = '1234';
$app_secret = '1234';
$app_page = 'https://apps.facebook.com/your-app-name/';
 
 
 
$authorizing_page = parse_url( $_SERVER['REQUEST_URI'] );
$authorizing_page = (!isset($_SERVER['HTTPS']) ? 'http://' : 'https://') . $_SERVER['HTTP_HOST'] . $authorizing_page['path'] . '?authorizing=true';
 
$code = (isset($_REQUEST['code'])) ? $_REQUEST['code'] : '';
 
if ($code == '')
{
	// Connect to Facebook
 
	$facebook = new Facebook(array(
		'appId'		=> $app_id,
		'secret'	=> $app_secret
	));
 
	$user = $facebook->getUser();
 
	if (isset($_SESSION['token']))
	{
		$facebook->setAccessToken( $_SESSION['token'] );
	}
 
	try
	{
		// Logged in and app is authorized
		$facebook->api('/me');
 
		// Continues to any calling scripts
	}
	catch (FacebookApiException $error)
	{
		// CSRF protection
		$state = md5(uniqid(rand(), true));
 
		$login_url = $facebook->getLoginUrl(array('redirect_uri'=>$authorizing_page, 'state'=>$state));
 
		// Go to login and/or authorization request page
		$redirect  = '<style type="text/css">span{font-family:"lucida grande",tahoma,verdana,arial,sans-serif; font-size:11px; color:#333333} a{color:#3b5998; outline-style:none; text-decoration:none; font-weight:bold} a:hover{text-decoration:underline}</style>';
		$redirect .= '<script type="text/javascript"> function lagMessage(){document.getElementById("message").innerHTML="Waiting for authorization&hellip; <a href=\"'.$login_url.'\" target=\"_top\">retry</a>"}';
		$redirect .= 'top.location.href="'.$login_url.'"; document.write("<span id=\"message\"></span>"); setTimeout("lagMessage()",2000); </script>';
		exit($redirect);
	}
}
else
{
	// Respond to authorization request
	$response = file_get_contents('https://graph.facebook.com/oauth/access_token?client_id='.$app_id.'&redirect_uri='.urlencode($authorizing_page).'&client_secret='.$app_secret.'&code='.$code);
 
	parse_str($response, $params);
 
	$_SESSION['token'] = $params['access_token'];
 
	// Go back to app on facebook.com
	header('Location: '.$app_page);
	exit;
}
 
 
 
?>

<?php /************ * Facebook application auth * * Author: Steven Vachon (http://www.svachon.com/) * Date Created: September 25, 2011 ************/ require_once 'facebook-sdk/facebook.php'; session_start(); $app_id = '1234'; $app_secret = '1234'; $app_page = 'https://apps.facebook.com/your-app-name/'; $authorizing_page = parse_url( $_SERVER['REQUEST_URI'] ); $authorizing_page = (!isset($_SERVER['HTTPS']) ? 'http://' : 'https://') . $_SERVER['HTTP_HOST'] . $authorizing_page['path'] . '?authorizing=true'; $code = (isset($_REQUEST['code'])) ? $_REQUEST['code'] : ''; if ($code == '') { // Connect to Facebook $facebook = new Facebook(array( 'appId' => $app_id, 'secret' => $app_secret )); $user = $facebook->getUser(); if (isset($_SESSION['token'])) { $facebook->setAccessToken( $_SESSION['token'] ); } try { // Logged in and app is authorized $facebook->api('/me'); // Continues to any calling scripts } catch (FacebookApiException $error) { // CSRF protection $state = md5(uniqid(rand(), true)); $login_url = $facebook->getLoginUrl(array('redirect_uri'=>$authorizing_page, 'state'=>$state)); // Go to login and/or authorization request page $redirect = '<style type="text/css">span{font-family:"lucida grande",tahoma,verdana,arial,sans-serif; font-size:11px; color:#333333} a{color:#3b5998; outline-style:none; text-decoration:none; font-weight:bold} a:hover{text-decoration:underline}</style>'; $redirect .= '<script type="text/javascript"> function lagMessage(){document.getElementById("message").innerHTML="Waiting for authorization… <a href=\"'.$login_url.'\" target=\"_top\">retry</a>"}'; $redirect .= 'top.location.href="'.$login_url.'"; document.write("<span id=\"message\"></span>"); setTimeout("lagMessage()",2000); </script>'; exit($redirect); } } else { // Respond to authorization request $response = file_get_contents('https://graph.facebook.com/oauth/access_token?client_id='.$app_id.'&redirect_uri='.urlencode($authorizing_page).'&client_secret='.$app_secret.'&code='.$code); parse_str($response, $params); $_SESSION['token'] = $params['access_token']; // Go back to app on facebook.com header('Location: '.$app_page); exit; } ?>

Comments

Top

Shuffle and Randomize Arrays in ActionScript and JavaScript Benchmark: PHP strlen vs. count (and sizeof)