We currently use the OAuth dialog via the JavaScript SDK within our page tab application to request permissions, instead of FB.login.
The reason for this is that FB.login() launches a new window, whereas FB.ui({ method : 'oauth' }) displays a nice looking modal dialog. We find the OAuth dialog to be a much friendlier experience for our users.
However, the documentation for the OAuth method says not to use it directly within the JavaScript SDK: http://developers.facebook.com/docs/reference/dialogs/oauth/ "The OAuth Dialog should not be called directly from the JavaScript SDK. Rather, use FB.login for this purpose."
Is there an "accepted" way to request app permissions from within a page tab application via a modal dialog instead of via a popup window?
For the time of this answer Facebook does not allow user permissions to be requested in a frame because it sets 'X-Frame-Options' to 'DENY'. Which makes sense as it could be used for XSS proposes.
Calling either FB.ui
or FB.login
with display: "iframe"
returns the same error:
FB.ui({method: "oauth", display: "iframe"});
FB.login(function(response){}, {display: "iframe"});
Refused to display 'https://www.facebook.com/dialog/oauth?app_id=XXXX&channel=XXXX&sdk=joey' in a frame because it set 'X-Frame-Options' to 'DENY'.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With