I'm trying to get into making Facebook apps but I'm having trouble getting authorization working in a redirect scheme inside the canvas.
Using the javascript api, I got it working pretty easily in a popup scheme:
$("#loginButton").click(function(e) {
FB.login(function(response) {
if (response.perms) {
perms();
}
}, {perms : 'publish_stream'});
But the popup should be an unnecessary extra click, because every other application I see requests the authorization before even showing you the landing page. Like this:
i.imgur.com/yBGzL.png
I figure they're simply using a redirect scheme. So I spent the entire day trying the different ways I could find:
header("Location: https://graph.facebook.com/oauth/authorize?client_id=" . $gAppId . "&redirect_uri=" . urlencode($gUrl) . "&perms=publish_stream");
header("Location: http://www.facebook.com/login.php?v=1.0&api_key=" . $gApiKey . "&next=" . urlencode($gUrl) . "&canvas=");
header("Location: http://www.facebook.com/connect/uiserver.php?app_id=" . $gAppId . "&next=" . urlencode($gUrl) . "&return_session=0&fbconnect=0&canvas=1&legacy_return=1&method=permissions.request");
But all of them, instead of showing the authorization request stuff, show a link like this:
Hilariously, if I open the iframe's address in a new tab, I get the authorization request like I wanted. But I want it to display immediately, without an extra click, like every other app.
Here's an example of an app that is doing authorization and requesting permissions all in one go, in redirect form, before even displaying the landing page:
www.facebook.com/send.fortune.cookies
How are they doing it?