tags:

views:

74

answers:

2
Q: 

How to make a website that functions as a website and a facebook app?

I have a website based game that has login accounts that I want to integrate into facebook (not facebook connect, I want to use an iframe canvas page).

My question is how can I authenticate a user and how can I check if a user is coming from facebook or directly from the site.

I have been playing around with require_login() using the PHP library. My main fear is how can I authenticate that the GET parameters from facebook are indeed from facebook? If I can do that then I can store their facebook session id and Uid in a session as login credentials.

My other worry is that the GET variable may get passed as a reffer to an external link.

Finally... I find in some browsers that with require_login() that it breaks out of the iframe and gets into an eternal look continually adding additional authtoken's to the URL.

Hope someone can help

A: 

Yes you can create a app that works independently as well as facebook app. For the facebook you will have to use the facebook's iframe method to work under facebook.

Sarfraz  2010-02-01 14:39:08
I realised this... I have already got that far, I am more interested in the authentication side of things, but thanks
Mark  2010-02-01 14:41:25
Sorry I didn't see the link... I'll have a read
Mark  2010-02-01 14:44:10
@Mark: no problem dude, thank you :)
Sarfraz  2010-02-01 14:52:48
I am trying out the code, but I get an issue with $facebook->api_client->users_isAppAdded() ...the wiki says its been depreciated... any ideas?
Mark  2010-02-01 15:06:26
@Mark: no idea man, they keep changing the things fast, it is always hard to keep up to date with fast changing facebook api, so i would suggest you to google about it. thanks
Sarfraz  2010-02-01 18:46:11
A: 

You can verify the request comes from Facebook by verifying the signature in the same way that Facebook checks that API requests come from your application. With the PHP client library you can use the validate_fb_params() method of the Facebook class to do this automatically.

Bear in mind that session key's are temporary so the user will keep needing to authenticate with Facebook through your application otherwise the key expires within the hour. You may also run into a 3rd party cookie issue with Safari if you're hoping to store the session key in a cookie, and you'll need a compact privacy for quite a few other browser/privacy setting combinations as well. Something like:

<?php
header('P3P: CP="CAO PSA OUR"');
?>

in an include would do it.

And yes: the session key may be passed to external sites as in the referrer properties. It's just one of the security flaws that the platform currently has. The only way around that is either to redirect all external clicks through a handler which removes the referrer, or redirect on page load to strip the fb_sig_ss parameter out.

Karl B  2010-02-01 15:38:41
This looks like a good alternative to the third party cookie issuehttp://www.foobots.net/breakouts.html
Mark  2010-02-01 22:04:29

related questions

Does the Facebook REST API allow you to get a friend's phone number?
Hosting a Facebook Application?
My Facebook application's Javascript doesn't work in Google Chrome
Successful sites using Asp.NET and the Facebook API
How do you remove the "box head" in a Facebook application?
Render Self-Closing Tag in ASP.NET custom control derived from Control
What does the new Facebook Connect platform offer over a traditional Facebook App?
I need help creating a modding system in a Facebook Application
New Facebook app - FBML or iFrame?
how much does facebook denormalize their databases to break things up by network and therefore shrink the tables and speed the system?
using a named function as the callback for $.getJSON in jQuery to satisfy Facebook request signing demands
Which Facebook .NET Library is the best to use?
In Facebook app, is there a way to link directly to "join a group"
Facebook Development vs. XNA, Which is Worth Learning?
What's a Good Resource for Learning Facebook Application/Game Development?
Example Facebook Application using TurboGears -- pyFacebook
How to authenticate in a Facebook Flash application?
Facebook RSS application
Using Merb for Facebook Application
How to start facebook app?
Is anyone developing facebook apps on Grails
How do I import facebook friends from another website
Facebook java integration
Developing and Testing a Facebook application
Anyone have a link to a technical discussion of anything akin to the Facebook news feed system?