I am trying to get users' permission for 'offline_access' in an iFrame Facebook application coded with the Facebook Java API. I understand that I need to obtain an 'indefinite session key' after the users approves my application. Currently, I can accomplish what I want, but in a very awkward way that is probably not correct. There must be a better way to do this. Any thoughts/ideas would be appreciated!!
What I've done
In a servlet of my app, I check to see if the user currently has 'offline_access' permission. If they do, I get the url by Permission.authorizeUrl(Permission.OFFLINE_ACCESS). I then call response.redirect to get to the permissions page. Two problems I'm having are:
- The redirected permissions page is displayed within the iFrame. Hence, the Facebook book home menu bar etc. are displayed twice. i.e. looking like an app is embedded in another app.
- The user will be 'stuck' on the permission page once redirected there. I won't be able to obtain the 'indefinite session key' (by calling
client.getCacheSessionKey) unless the user goes back to a page in my app manually.
Possible Work-arounds??
- Is there a way to open/redirect to the permissions page in a new window? That way maybe I can have a thread in my servlet to keep checking whether the permission is set after the redirection. And then I can get the 'indefinite session key' once I have it and store it somewhere?
- Is there a way to set an URL for Facebook to go to after permission is set? (much like the pre-auth and post-auth URL settings?) Or somehow take control after the permission page is hit?
- Any other ways to setup my app maybe?? Being a newbie, I might've totally gotten the idea wrong...