views:

215

answers:

2

We have a CMS that supports multiple sites, one of our features allows our users (The site admin) to connect to the site facebook account to allow status updates, create events and upload pictures to FB from with in the CMS.

The authentication needs to occur once since each site may have multiple site admins that do not have access to the site FB user name and password. We use iframe and authenticate using $facebook->require_login() which redirects the user to the FB login and authentication pages.

All this works just fine but when the user hits "Allow" the authentication will break as it will only redirect to whatever is in the "Post-Authorize Redirect URL" field making the app obsolete for any other domain except the one in the "Post-Authorize Redirect URL"

I know other API's authentication methods like in Vimeo and YouTube will allow you to specify a NEXT parameter which is the equivalent of the "Post-Authorize Redirect URL" and it can be set at run time.

How can I make this work for multiple domain names?

Any hints on this issue will be of great help

A: 

make a separated domain used only for FB authentication.

zerkms
Thank you for your answer. I was thinking about doing this, although this is unfortunately not the most 'elegant' solution to the problem.
Onema
I don't understand how this would solve the problem?
Paul Biggar
Paul, I have added the solution that I implemented for this question and some example code too.
Onema
+1  A: 

If the call back page is in your domain, that page could acts as a proxy, all you have to do is pass the parameters needed by the proxy page to redirect the user to the proper location. For example I used the URL of the domain I want to redirect and an ID needed for me to know which user I am dealing with.

My code end up looking something like this:

Authorize link:

$authorizeURL = "http://www.facebook.com/authorize.php?api_key=" . $facebookApiKey . "&v=1.0&ext_perm=status_update&domainName=$domainName&path=/path/to/my/next/page.php";

and the "proxy" code would like something like this:



    $path =  $_GET['path'];
    $query = $_GET['query'];
    $domainName = $_GET['domainName'];

    //if you happen to have a query, get the values like this:
    parse_str($query, $queryValues);
    $id = $queryValues['id'];

    // construct the url where your user came from or where you want them to be redirected.
    $url = "http://$domainName/$path?$query";

    header("Location: " . $url);
    exit;


This is not the whole code, but it will give you an idea on how to do it.

Onema