Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge pull request #247 from bigokro/master

Rudimentary support for the Facebook Canvas
  • Loading branch information...
commit 89d4e83a4cbd8f2aa0487998a7c15360df107258 2 parents 1409241 + 7bc2895
Brian Noguchi authored
22 README.md
View
@@ -454,6 +454,28 @@ everyauth.facebook
// rest of configuration
```
+### Facebook Canvas Pages
+For apps that can be embedded in Facebook via the canvas page, you can use the
+facebookCanvas submodule:
+
+```javascript
+everyauth.facebookCanvas
+ .canvasPath('CANVAS URL MINUS HOSTNAME') // Default is '/auth/facebook/canvas'
+ .canvasPage('CANVAS PAGE'); // Generally http://apps.facebook.com/APP-NAME
+```
+
+Note that you must also configure the usual Facebook configurations described
+above in order for this to work.
+
+You can tell if the user logged in via the canvas interface using the following test:
+
+```javascript
+if (everyauth.facebookCanvas) {
+ // Do something different
+}
+```
+
+
## Twitter OAuth
```javascript
BIN  everyauth.tar.gz
View
Binary file not shown
76 lib/modules/facebookCanvas.js
View
@@ -0,0 +1,76 @@
+var facebook = require('./facebook')
+ , crypto = require('crypto');
+
+var fb = module.exports =
+ facebook.submodule("facebookCanvas")
+ .configurable({
+ canvasPage: 'specify the URL configured for your Facebook Canvas Page via https://developers.facebook.com/apps/'
+ })
+ .post('canvasPath',
+ 'the path configured for the Facebook canvas interface ("Canvas URL"), minus the hostname')
+ .step('fetchOAuthUserFromSignedRequest')
+ .description('handles the signed request from Facebook and returns the oauth user')
+ .accepts('req res')
+ .promises('oauthUser accessToken extra')
+ .canBreakTo('authCallbackErrorSteps')
+ .canBreakTo('requestAuthorizationSteps')
+ .step('getSession')
+ .accepts('req')
+ .promises('session')
+ .step('findOrCreateUser')
+ .accepts('session accessToken extra oauthUser')
+ .promises('user')
+ .step('compile')
+ .accepts('accessToken extra oauthUser user')
+ .promises('auth')
+ .step('addToSession')
+ .accepts('session auth')
+ .promises(null)
+ .step('sendResponse')
+ .accepts('res')
+ .promises(null)
+
+ .canvasPath('/auth/facebook/canvas')
+
+ .fetchOAuthUserFromSignedRequest( function (req, res) {
+ var signed_request = req.param('signed_request').split('.');
+ var signature = signed_request[0].replace(/_/g, '/').replace(/-/g, '+');
+ var data = signed_request[1];
+ var decoded = new Buffer(data, 'base64').toString('utf8');
+ var oauthUser = JSON.parse(decoded);
+
+ if (oauthUser.algorithm !== 'HMAC-SHA256') {
+ return this.breakTo('authCallbackErrorSteps', req, res);
+ }
+
+ var calculated = crypto.createHmac('sha256', this._appSecret).update(data).digest('base64');
+ if (calculated != signature+"=") {
+ return this.breakTo('authCallbackErrorSteps', req, res);
+ }
+
+ if (!oauthUser.user_id || oauthUser.user_id === null) {
+ // Need to get authorization first
+ return this.breakTo('requestAuthorizationSteps', req, res);
+ }
+
+ // Dummy values used to satisfy subsequent steps
+ var accessToken = "access_token";
+ var extra = "extra";
+
+ var p = this.Promise();
+ p.fulfill(oauthUser, accessToken, extra);
+ return p;
+ })
+
+ .stepseq('requestAuthorizationSteps')
+ .step('getCanvasAuthUri')
+ .accepts('req res')
+ .promises('authUri')
+ .step('requestAuthUri')
+ .accepts('res authUri')
+ .promises(null)
+
+ .getCanvasAuthUri( function (req, res) {
+ var authUri = "http://www.facebook.com/dialog/oauth?client_id="+ this._appId + "&redirect_uri=" + encodeURI(this._canvasPage);
+ return authUri;
+ });
Please sign in to comment.
Something went wrong with that request. Please try again.