views:

1562

answers:

2

I have a mobile application that I'm using with Facebook connect. I'm having trouble getting an offline_access session key after a user has granted extended permissions.

Here's the user flow:

  1. User goes to my site for the first time
  2. I send them to m.facebook.com/tos.php? and pass my api key and secret
  3. The user logs in using Facebook connect
  4. Facebook returns them to a page in my site, mysite/login-success.php with an auth_token in the query string
  5. On mysite/login-success.php I instantiate the FB api client and check to see if I already have an offline_access session key for them:
    $facebook = new Facebook($appapikey, $appsecret);
  6. If they haven't already provided offline_access FB gives me a temporary session key I need to get offline_access permission from the user so I forward them on to www.facebook.com/connect/prompt_permissions.php? and pass offline_access in the querystring.
  7. The user authorizes offline_access and get forwarded to mysite/permissions-success.php

The problem I'm having is that after instantiating the API client on permissions-success.php the session key I have is still the temporary session key, not a new offline_access session key.

The only way I've found to get the offline_access key is to delete all cookies for the user and then have them login again using Facebook connect. A fairly poor user experience.

Can anyone shed some light on how to use the Facebook api to generate a new session key even if one already exists (in my case a temporary session key)?

+1  A: 

Hi

I am using Java FB API for my FB Connect APP. I think the trick is the same for PHP.

The trick is force Facebook to automatically login your user again once their granted your the permission, so that you able to capture a offline-access session key, and store in your database for future use.

Steps : 1. Once user sign in your via FB Connect, display welcome message 2. Ask user to grant all require permissions for you app with URL format as below http://m.facebook.com/tos.php?api_key=YOUAPIKEY&v=1&cancel=CancelURL"> Grant permissions

  1. FB will do a call back to your a new auth-token, which you able to get the valid offline assess key..

Hope this help

Cheers James

James Khoo
A: 

I didn't really find a good solution to this problem. In my case I just wait until the session times out, when it does the user has to log in a second time and I can capture the offline_access key.

Richard

related questions