douzhanshen0657 2011-10-24 19:38
浏览 105
已采纳

Facebook Oauth 2.0使用PHP 3.1.1和Javascript SDK登录

I am trying to migrate to the new Facebook API for websites, and just can't get it to work smoothly. I would like to use the Javascript and PHP SDKs together, but am having problems. I can authenticate, but the page doesn't refresh automatically.

I have searched throughout SO and the Facebook documentation, but still can't get this to work correctly. I have read through http://developers.facebook.com/blog/post/534/, dowloaded the latest PHP SDK (3.1.1), and basically copied the example on the aforementioned post from facebook. I have made what I think are the correct settings in my app 'Migration' settings, but this could be where the problem lies. I can't post an image, so here are the setting:

  • Remove Deprecated API's: Enabled
  • Forces use of login secret: Enabled
  • Encrypted Access token: Enabled
  • Enhanced Auth Dialog: Enabled
  • (Everything else is disabled)

Here is the code:

<?php

require 'php-sdk/src/facebook.php';

$facebook = new Facebook(array(
  'appId'  => 'YOUR_APP_ID',
  'secret' => 'YOUR_APP_SECRET',
));

// See if there is a user from a cookie
$user = $facebook->getUser();

if ($user) {
  try {
  // Proceed knowing you have a logged in user who's authenticated.
  $user_profile = $facebook->api('/me');
} catch (FacebookApiException $e) {
  echo '<pre>'.htmlspecialchars(print_r($e, true)).'</pre>';
  $user = null;
  }
}

?>
<!DOCTYPE html>
<html xmlns:fb="http://www.facebook.com/2008/fbml">
  <body>
    <?php if ($user_profile) { ?>
      Your user profile is 
      <pre>            
         <?php print htmlspecialchars(print_r($user_profile, true)) ?>
      </pre> 
    <?php } else { ?>
      <fb:login-button></fb:login-button>
    <?php } ?>
    <div id="fb-root"></div>
    <script>               
      window.fbAsyncInit = function() {
         FB.init({
           appId: '<?php echo $facebook->getAppID() ?>', 
           cookie: true, 
           xfbml: true,
           oauth: true
         });
        FB.Event.subscribe('auth.login', function(response) {
          window.location.reload();
        });
        FB.Event.subscribe('auth.logout', function(response) {
          window.location.reload();
        });
       };
      (function() {
        var e = document.createElement('script'); e.async = true;
        e.src = document.location.protocol +
          '//connect.facebook.net/en_US/all.js';
          document.getElementById('fb-root').appendChild(e);
      }());
    </script>
  </body>
</html>
  • 写回答

1条回答 默认 最新

  • duanju8308 2011-10-24 20:00
    关注

    I was going to write this as a comment but it got a bit long... :)

    A couple of pointers using the PHP SDK:

    $facebook->getUser(); 
    

    This will work regardless of authentication. getUser() pulls publicly available data that does not require an access token, HOWEVER if you do have an access token and the user has provided email permissions for example, this method will also contain their email address.

    A better test for an authenticated user:

    $code = $_REQUEST['code'] ? true : false;
    if (!$code) {
        echo ("<script>window.top.location=\"...\"</script>");
    }
    

    will check if a user has authorised your app.

    $access = $facebook->getAccessToken();
    

    Make sure that you always request the Access Token (priority!) You will only ever recieve a signed request when you have been redirected from a facebook dialogue to your app. (i.e.) oAUTH dialogue. This method of the SDK will also save your Access Token to a session variable. You can call the getAccessToken() method on any subsequent app page where a PHP session is active EVEN WHEN no signed request has been issued.

    Now that you have your valid access token for the logged in user, you can proceed with:

    $user = $facebook->api('/me');
    

    or, simpler still:

    $user = $facebook->getUser();
    

    I tend to reserve API calls for more complex requests such as posting to a users feed / friends feed.

    So to recap:

    -> check for $code -> get signed request on first page after oAuth dialogue. -> If browser cookies are disabled (likely in ie) don't forget to pass your session to the next page with the SID constant. If you don't, you will loose your stored access token (not good!).

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 如何让企业微信机器人实现消息汇总整合
  • ¥50 关于#ui#的问题:做yolov8的ui界面出现的问题
  • ¥15 如何用Python爬取各高校教师公开的教育和工作经历
  • ¥15 TLE9879QXA40 电机驱动
  • ¥20 对于工程问题的非线性数学模型进行线性化
  • ¥15 Mirare PLUS 进行密钥认证?(详解)
  • ¥15 物体双站RCS和其组成阵列后的双站RCS关系验证
  • ¥20 想用ollama做一个自己的AI数据库
  • ¥15 关于qualoth编辑及缝合服装领子的问题解决方案探寻
  • ¥15 请问怎么才能复现这样的图呀