one time authentication for weblink with facebook app

Question

i want to authenticate my facebook profile with my website so i can pull infor from the page. i was suggested to one time authenticate with the facebook api through a temp page. somewhat like:

<fb:login-button params="some permission" />

i am new to coding facebook apps. but this seems like fbml. how can i use it to authenticate my website with my own profile. i dont need users to log into my website. i just need to pull info from my page.

the facebook documentation is sparse and fragmented. all i got for the Login was this code fragment. I dont understand how i can authenticate a weblink through this method.

FB.login(function(response) {
  if (response.session) {
    // user successfully logged in
  } else {
    // user cancelled login
  }
});

can anyone throw some light??

Answer 1

Let's start from the beggining:

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xml:lang="en" lang="en">

It's required for fbml to work. Next:

<fb:login-button autologoutlink="true"></fb:login-button>
<div id="fb-root"></div>  

These two lines create the "facebook login button", you should place them in your html where you want the button to appear.

Right before your closing body tag add:

<script type="text/javascript" src="https://connect.facebook.net/en_US/all.js"></script>
<script>
    window.fbAsyncInit = function() {
        FB.init({appId: 'YOUR APP ID HERE', status: true, cookie: true, xfbml: true});

        FB.Event.subscribe("auth.login", function(response) {

            if(response.session) {                      
                      // this is where you handle facebook's response 
            }

        });

    };

</script>

What you are doing here is first initializing the connection to facebook, with your app id (you need to create an application), and register an "auth.login" event. The auth.login event is triggered every time you click the facebook login button and successfully login to facebook, or facebook auto logins you based on their cookie.

You can find an explanation of the auth.login and other events here, look at the sidebar at the left, all events are listed.

The response is JSON formatted and it contains your basic session information:

{
    status: 'connected',
    session: {
        access_token: '...',
        expires:'...',
        secret:'...',
        session_key:'...',
        sig:'...',
        uid:'...'
    }
}

You can read more about it here. If your status is indeed "connected" the next most important bit of information is the uid, this is your unique facebook identifier, a public id with which you can send further requests to facebook. What you do with the response is up to you. An obvious choice would be to send it via ajax to a script that logs you in your application.

To get more info from facebook you need to download the php sdk. To use the sdk:

<?php

include_once "facebook-sdk-3.0.0/src/facebook.php";

$appID     = "YOUR APP ID";
$appSecret = "YOUR APP SECRET";

$cookie = "fbs_{$appID}";
$cookie = isset($_COOKIE[$cookie]) ? trim($_COOKIE[$cookie], '"') : "";

if(empty($cookie)) {
    echo "no facebook cookie";
    die();
}

parse_str($cookie, $data);

$facebook = new Facebook(array(
  "appId"  => $appID,
  "secret" => $appSecret,
  "cookie" => true           
));        

$facebook->setAccessToken($data["access_token"]);

$user = $facebook->getUser();

$profile = $facebook->api("/me");

?>  

So at first you parse facebook's cookie which is named "fbs_YOUR_APP_ID" and contains your session information (url encoded). What you actually need is the access_token (a unique identifier of the authenticated session), which was also returned to you in the JSON response object before. Then via the Facebook object you can do and api requests you want.

Now to have a full authentication mechanism you should create a similar connect script that instead of getting the session information from the cookie it should take them from the response object that is returned when auth.login occurs (possibly via ajax).

You should read the Authentication workflow document to better understand how facebook connect works.

Answer 2

A good and easy way to deal with Facebook authentication is to implement the server side flow with the Facebook PHP SDK (see on github). So you will have something like :

require "facebook.php";
$facebook = new Facebook(array(
    'appId'  => YOUR_APP_ID,
    'secret' => YOUR_APP_SECRET,
));

$user = $facebook->getUser();

If the user is logged in, then $user is his Facebook ID. You then have to check if you have a valid access token by making an API call :

• If it does not raise any exception, then you have a valid access token

• If it does, then you have to re-authenticate the user.

Here :

if ($user) {
  try {
    $facebook->api('/me');
  } catch (FacebookApiException $e) {
    $user = null;
  }
}

You need then to display the login or logout link :

<?php if ($user): ?>
    <a href="<?php echo $facebook->getLogoutUrl() ?>">Logout of Facebook</a>
<?php else: ?>
    <a href="<?php echo $facebook->getLoginUrl() ?>">Login with Facebook</a>
<?php endif ?>

When the user is logged in and you have a valid access token, you can make API calls to get data from Facebook :

$user_profile = $facebook->api('/me');

You may want to check the example page of the Facebook PHP SDK which is well documented.

Hope that helps.