Extract the code from the signed_request for JS SDK pairing

genesis19 · Aug 9, 2011 · 9513f08 · 9513f08
1 parent 54acf92
commit 9513f08
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 4 deletions.
diff --git a/readme.md b/readme.md
@@ -1,4 +1,4 @@
-Facebook PHP SDK (v.3.1.0)
+Facebook PHP SDK (v.3.1.1)
 ==========================
 
 The [Facebook Platform](http://developers.facebook.com/) is

diff --git a/src/base_facebook.php b/src/base_facebook.php
@@ -120,7 +120,7 @@ abstract class BaseFacebook
   /**
    * Version.
    */
-  const VERSION = '3.1.0';
+  const VERSION = '3.1.1';
 
   /**
    * Default options for curl.
@@ -337,11 +337,23 @@ protected function getUserAccessToken() {
     // the access token.
     $signed_request = $this->getSignedRequest();
     if ($signed_request) {
+      // apps.facebook.com hands the access_token in the signed_request
       if (array_key_exists('oauth_token', $signed_request)) {
         $access_token = $signed_request['oauth_token'];
         $this->setPersistentData('access_token', $access_token);
         return $access_token;
       }
+
+      // the JS SDK puts a code in with the redirect_uri of ''
+      if (array_key_exists('code', $signed_request)) {
+        $code = $signed_request['code'];
+        $access_token = $this->getAccessTokenFromCode($code, '');
+        if ($access_token) {
+          $this->setPersistentData('code', $code);
+          $this->setPersistentData('access_token', $access_token);
+          return $access_token;
+        }
+      }
 
       // signed request states there's no access token, so anything
       // stored should be cleared.
@@ -635,11 +647,15 @@ protected function establishCSRFTokenState() {
    * @return mixed An access token exchanged for the authorization code, or
    *               false if an access token could not be generated.
    */
-  protected function getAccessTokenFromCode($code) {
+  protected function getAccessTokenFromCode($code, $redirect_uri = null) {
     if (empty($code)) {
       return false;
     }
 
+    if ($redirect_uri === null) {
+      $redirect_uri = $this->getCurrentUrl();
+    }
+
     try {
       // need to circumvent json_decode by calling _oauthRequest
       // directly, since response isn't JSON format.
@@ -648,7 +664,7 @@ protected function getAccessTokenFromCode($code) {
           $this->getUrl('graph', '/oauth/access_token'),
           $params = array('client_id' => $this->getAppId(),
                           'client_secret' => $this->getApiSecret(),
-                          'redirect_uri' => $this->getCurrentUrl(),
+                          'redirect_uri' => $redirect_uri,
                           'code' => $code));
     } catch (FacebookApiException $e) {
       // most likely that user very recently revoked authorization.