Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Problem with login_url #2

Closed
kurbmedia opened this issue May 16, 2010 · 6 comments
Closed

Problem with login_url #2

kurbmedia opened this issue May 16, 2010 · 6 comments

Comments

@kurbmedia
Copy link

I believe there is a problem with the login_url method. Perhaps its possible that this wasn't meant to be used with canvas/iframe applications?

The login url facebook says to use is apps.facebook.com/login.php?v=1.0&....... The login url is generating api.facebook.com (and without the v=1.0). This causes FB to throw an error when trying to have a user authorize an application.

I know they have the oauth specification, but that seems to use a facebook connect url as its request_uri, which doesn't seem like the correct approach for a canvas/iframe application.

@appoxy
Copy link
Collaborator

appoxy commented May 22, 2010

Looks like the php library is using www.facebook.com/login.php

Is it supposed to be apps or www? Do you have a link to the docs?

@kurbmedia
Copy link
Author

I'm getting the same thing from the docs. From testing though, apps.facebook.com works properly for canvas/iframe applications, whereas api seems to act more like facebook connect. (It shows a greyed out "authorize this app" page inside the iframe. clicking it opens a new window similar to using facebook connect).

Technically mini_fb has it correct, with the exception that for an iframe/canvas app you need a third url (apps.facebook).

It might be worth noting too that this looks like the "old" way to do things, however the FB docs for the new api don't really provide a lot of information regarding authenticating canvas/iframe apps :) Their docs basically suck unless your using php.

I'll keep looking through the docs to see what I come up with. I tried using some examples from your google groups (which mentioned iframe apps), but kept running into this problem.

@appoxy
Copy link
Collaborator

appoxy commented May 22, 2010

So do we need another method like canvas_login_url?

@kurbmedia
Copy link
Author

According to facebook you need the old style url's for canvas/iframe applications for now, which would use the apps.facebook.com path.

From what I'm reading this may change later, but to officially support iframe/canvas urls you would. I'm not sure what the api.facebook.com (since anything outside of facebook should use oAuth) url is used for within the current implementation of login_url, but if the intention was for authentication inside of facebook, for the time being it should point to apps.facebook.com/login.php?v=1.0....

This covers both authorization of the application, as well as requiring users to login to facebook should they navigate directly to your apps.facebook.com/application url.

@kurbmedia
Copy link
Author

Here is some information that may help:

http://wiki.developers.facebook.com/index.php/Authorization_and_Authentication_for_Canvas_Page_Applications_on_Facebook

They mention that you can use oAuth for this, but the oAuth page describes authentication using a connect url, which is setup for websites/applications outside of the facebook iframe/canvas. (I've verified it doesn't work in an iFrame application)

This could also be on Faceboook's end, as they may not have upgraded canvas/iframe apps to properly support oAuth. Their docs are just too scattered to tell :)

@kurbmedia
Copy link
Author

Ok, looks like this is on Facebook after all, so I'm going to close this out.

You CAN use the oauth_url method to authenticate a canvas/iframe application. The issue is you have to basically use a javascript redirect targeting the "parent" window.

Super ghetto and this is something that you guys definitely can't help. You may want to update your docs and example app though :) I was using that as a reference. Using redirect_to oauth_url will fail inside an iframe or canvas.

Once I work the kinks out I will try to post an example if you'd like. Might help other users in the future.

This link may also help as a reference: http://forum.developers.facebook.com/viewtopic.php?pid=225621

This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

0 participants