Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Social app json template & redirector

Michael Liao edited this page · 9 revisions
Clone this wiki locally

The social credentials listed below are used by Livefyre to interact with Facebook, Twitter, and LinkedIn on behalf of your users. Provide this data to Livefyre securely as a one-time setup.

For Facebook, the oauth_proxy_redirect endpoint (FB Redirect below) must be hosted by you on the same domain as the "site URL" That is defined in your Facebook application.

The twitter keys app_access_token_key and app_access_token_secret are available in your twitter app dashboard (available via http://twitter.com/apps when logged in as the application owner). To find these values: 1. open https://dev.twitter.com/apps and find your application - click on the title 2. scroll down to "Your access token" and copy the values from "Access token" and "Access token secret" into the format below.

The LinkedIn credentials include an api_key and api_secret.

Social App Creds

Please provide the credentials in the following format:

{'fb': {'client_id': '123456789000',
        'client_secret': 'aaaaaaaaabbbbbbbbbcccccccc111111111',
        'oauth_proxy_redirect': 'http://www.yoursite.com/some_path/facebook-oauth-proxy'},
 'tw': {'app_access_token_key': '1234567890-EFK3934fwefFKWFekf23fwekfjf23fj2k3fjk23',
        'app_access_token_secret': 'EFK3934fwefFKWFekf23fwekfjf23fj2k3fjk2322222',
        'consumer_key': 'EFK3934fwefFKWFekf23f',
        'consumer_secret': 'EFK3934fwefFKWFekf23fEFK3934fwefFKWFekf23f'},
 'li': {'api_key': 'aaaaaaaaabbbbbbbbbcccccccc111111111',
        'api_secret': 'aaaaaaaaabbbbbbbbbcccccccc111111111' }}

As part of your social network integration, consider including tokens in the profile data you send to Livefyre, so that additional oAuth redirects are not required when a user interacts with Livefyre social features.

More info here (see "connections" attribute in profile data sample)

FB Redirect

<?php
/*
    Purpose: Provide a landing page for the last step of successful oAuth that is on the correct (Facebook approved) domain.

    Location: This file should be hosted on the same domain as your Facebook App's "site url".

    Input Parameters: 
        - (GET) lfoauth: This should be a url-safe base64-encoded URL that is the "real" final redirection URL.  Livefyre sets this.
                For testing purposes, this can be set to a url-safe base64-encoded URL of your choosing,
                but the domain name must end in .fyre.co in order to be considered valid.
        - (GET) [all other parameters]: Any other parameters should simply be passed thru on the redirection URL. If
                the decoded URL from "lfoauth" includes querystring parameters, then the additional parameters included
                with the initial request should be appended with "&..."

    Output: The response should indicate that the browser redirect (302) to the "real" URL which is encoded in the
            "lfoauth" parameter.


*/

function base64url_decode($data) {
  return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) + strlen($data) % 4, '=', STR_PAD_RIGHT));
}

if (isset($_GET['lfoauth'])) {
    // warning: If implemented with non-PHP, b64 may fail because we have stripped padding (trailing ='s),
    //          to make Facebook happy.  The decode needs to be non-strict in this sense.
    $rdir = base64url_decode($_GET['lfoauth']);

    // validate the destination to secure this proxy
    preg_match("/^(http:\/\/)?([^\/?]+)/i", $rdir, $domain_only);   
    $host = $domain_only[2];
    if (!strstr($host,'fyre.co')) {
        echo "Error - this redirection is not allowed! ".$host;
        exit;
    }

    // if params were included in the uri already, append with &, otherwise ?
    $sep = strstr($rdir,'?') ? '&' : '?';

    // don't include this in the params we add to the redirect url
    unset($_GET['lfoauth']);

    // assemble a new querystring from the remaining inbound GET params
    $rdir = $rdir.$sep.http_build_query($_GET);

    // this does the actual redirection, PHP's implementation is weird
    header('Location: '.$rdir);
}
?>
Something went wrong with that request. Please try again.