I'm using Struts2 and Java to create an iFrame Facebook-application utilizing the Facebook-Java-Api in version 2.1.0. Unfortunately, and not surprisingly, I have encountered some issues regarding the authentication.
Every request to the application is intercepted by a filter. My plan is to take care of the authentication part in the filter before proceeding to the relevant action/page. This works to some degree, but I don't really understand what's happening and why.
Problem 1: No parameters
The first request is always empty. None of the expected fb sig parameters is contained in the request. This isn't only for the first request to the application in this "session", but for every request for a new page within the iFrame as a user utilizes the application. After trying to fetch the parameters (which isn't there) I use the FacebookWebAppHelper-class to check if we are "in frame" utilizing the inFrame() boolean (from FacebookWebAppHelper). This always end up as true for the first request even though we, as far as my own eyes can tell me, actually are inside the Facebook iFrame. When this is true the application redirects the request to ... the same page I'm currently at. The filter intercepts it again, and this time the parameters are there. I can succesfully fetch them, and create a FacebookJsonRestClient and do whatever I'd like.
If the user clicks a link the process is done all over again. No parameters in the first request, redirection to the same page.
NOTE: If I don't use redirectFrame() I never get the parameters I need.
Problem 2: Auth_token shown in URL
The auth_token from the parameters is shown in the URL/URI (in the address bar of the browser). This may not be a severe problem, but it bothers me that it's a new token every time. I suspect that this is some what connected to "Problem 1".
Please speak up if you'd like to see some code.