Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Extract the `code` from the `signed_request` for JS SDK pairing

  • Loading branch information...
commit 9513f08172053150a18e1faadb21afabf6844d6c 1 parent 54acf92
@ptarjan ptarjan authored
Showing with 20 additions and 4 deletions.
  1. +1 −1  readme.md
  2. +19 −3 src/base_facebook.php
View
2  readme.md
@@ -1,4 +1,4 @@
-Facebook PHP SDK (v.3.1.0)
+Facebook PHP SDK (v.3.1.1)
==========================
The [Facebook Platform](http://developers.facebook.com/) is
View
22 src/base_facebook.php
@@ -120,7 +120,7 @@ public function __toString() {
/**
* Version.
*/
- const VERSION = '3.1.0';
+ const VERSION = '3.1.1';
/**
* Default options for curl.
@@ -337,11 +337,23 @@ protected function getUserAccessToken() {
// the access token.
$signed_request = $this->getSignedRequest();
if ($signed_request) {
+ // apps.facebook.com hands the access_token in the signed_request
if (array_key_exists('oauth_token', $signed_request)) {
$access_token = $signed_request['oauth_token'];
$this->setPersistentData('access_token', $access_token);
return $access_token;
}
+
+ // the JS SDK puts a code in with the redirect_uri of ''
+ if (array_key_exists('code', $signed_request)) {
+ $code = $signed_request['code'];
+ $access_token = $this->getAccessTokenFromCode($code, '');
+ if ($access_token) {
+ $this->setPersistentData('code', $code);
+ $this->setPersistentData('access_token', $access_token);
+ return $access_token;
+ }
+ }
// signed request states there's no access token, so anything
// stored should be cleared.
@@ -635,11 +647,15 @@ protected function establishCSRFTokenState() {
* @return mixed An access token exchanged for the authorization code, or
* false if an access token could not be generated.
*/
- protected function getAccessTokenFromCode($code) {
+ protected function getAccessTokenFromCode($code, $redirect_uri = null) {
if (empty($code)) {
return false;
}
+ if ($redirect_uri === null) {
+ $redirect_uri = $this->getCurrentUrl();
+ }
+
try {
// need to circumvent json_decode by calling _oauthRequest
// directly, since response isn't JSON format.
@@ -648,7 +664,7 @@ protected function getAccessTokenFromCode($code) {
$this->getUrl('graph', '/oauth/access_token'),
$params = array('client_id' => $this->getAppId(),
'client_secret' => $this->getApiSecret(),
- 'redirect_uri' => $this->getCurrentUrl(),
+ 'redirect_uri' => $redirect_uri,
'code' => $code));
} catch (FacebookApiException $e) {
// most likely that user very recently revoked authorization.
Please sign in to comment.
Something went wrong with that request. Please try again.