tags:

views:

480

answers:

1
Q: 

Facebook friend validation on an external website

I'm interested in using Facebook as a way to validate that someone is my friend on an external site, and based on that, show them special content.

Inside Facebook, consider this scenario:

  1. I post photos and give permission to friends only
  2. Someone tries to view my photos by URL
  3. If that person is my friend, Facebook displays the photos.

I want to mimic this behavior on my own personal website:

  1. User follows a link to "private" content
  2. My site (either by server-side, JS, Ajax, iframe, whatever) asks Facebook if the person is logged into Facebook in their browser.
  3. If not, user is presented with a Facebook popup to log in.
  4. When the user is logged in, my site asks Facebook if they are my friend (ID coded into the site), and if so, presents them with the content

Is this possible without requiring the user to "authorize" my site or application? My only idea (based on http://wiki.developers.facebook.com/index.php/Authorizing%5FApplications) is that I could create an application for my site, and then on the external site, load my Facebook application in a hidden iframe (which would in turn load my site in an iframe) to give my site the Facebook user ID and store it in the session.

What is the best way to accomplish this?

A: 

Yes, this should be possible. You would have to utilize Facebook Connect. The basic flow would be something like you described above:

  1. User on your site follows a link to private content. This content is marked in your database (or otherwise) with the owner's Facebook Id.
  2. Your site uses the Facebook API to check whether the visitor is logged in to Facebook. If not, deny access.
  3. If they are logged in, you can utilize the friends.areFriends API method to compare the visitor's Facebook ID with the content owner's Facebook ID. If they aren't friends, deny access, otherwise you can show it.

Facebook Connect is actually fairly easy to implement, despite the terrible docs that are hard to understand. Once you have it up and running, it basically means that any visitor to your site that is logged in to Facebook will provide you with a session key that you can use to query Facebook for information about them.

zombat  2009-08-27 07:37:52
I'm trying to decide if I can mark this as an accepted answer. I just need to know one more thing - is there any way I can execute the steps you have listed above WITHOUT prompting them with the Facebook Connect authorization popup window? (I.E., something like my IFRAME idea?)
Renesis  2009-09-02 16:06:29
In order to use the Facebook API to get friend information, your web visitor is going to have to log into Facebook at some point. You can't get friend info otherwise. If you were able to query Facebook without an active session it would be a serious privacy problem. Your visitors may arrive at your site already logged in to FB, in which case you don't have to prompt them. Your iframe idea would probably work in some capacity, but instead of prompting them the user would have to add your application and access it through Facebook apps, which is pretty much the same thing.
zombat  2009-09-02 17:35:22
It is the case where the user is already logged into facebook about which I am curious - if they are, how can I get their ID without prompting them (if this is their first visit to my site)?
Renesis  2009-09-03 01:05:08

related questions

Does the Facebook REST API allow you to get a friend's phone number?
Hosting a Facebook Application?
My Facebook application's Javascript doesn't work in Google Chrome
Successful sites using Asp.NET and the Facebook API
How do you remove the "box head" in a Facebook application?
Render Self-Closing Tag in ASP.NET custom control derived from Control
What does the new Facebook Connect platform offer over a traditional Facebook App?
I need help creating a modding system in a Facebook Application
New Facebook app - FBML or iFrame?
how much does facebook denormalize their databases to break things up by network and therefore shrink the tables and speed the system?
using a named function as the callback for $.getJSON in jQuery to satisfy Facebook request signing demands
Which Facebook .NET Library is the best to use?
In Facebook app, is there a way to link directly to "join a group"
Facebook Development vs. XNA, Which is Worth Learning?
What's a Good Resource for Learning Facebook Application/Game Development?
Example Facebook Application using TurboGears -- pyFacebook
How to authenticate in a Facebook Flash application?
Facebook RSS application
Using Merb for Facebook Application
How to start facebook app?
Is anyone developing facebook apps on Grails
How do I import facebook friends from another website
Facebook java integration
Developing and Testing a Facebook application
Anyone have a link to a technical discussion of anything akin to the Facebook news feed system?