CODEWITHSUNDEEP
facebookfacebook-php-sdk
lesssugar
lesssugar

Reputation: 16181

Full Facebook PHP SDK app (no JS SDK). Is it even possible?

In my work we often need to build Facebook apps in the form of Facebook Canvas and Website. These apps are available on Facebook direclty (an iframe) and as mobile versions (outside Facebook, in the browser).

We are working with a code base which mixes Facebook JS SDK (authentication and authorization) with PHP SDK (API calls). I find it rather dirty, and not easy to understand for people freshly working on the projects.

It's inconvinient to make API calls with JS, and making them with PHP forces extending access tokens. Authenticating user with JS SDK involves client-side redirects which are ugly to be honest, as they usually occur moments after the current page starts rendering, and so on...

I googled a lot about separating these two SDKs but did not find a clear answer to my questions:

  1. Is it possible to create Facebook app (Canvas, Website) which bases ONLY on PHP SDK? Check login status, login, permissions, making API calls, etc. Would signed request be enough?
  2. Is JS SDK the only full-proof way to determine user's login status at any time?

This link seems to describe what I'm thinking of, however the docs are rather brief (which seems to be a problem of Facebook documentation in general). Can anyone suggest other sources that might help? Does anyone have experience with builing FB aplications based only on server-side?

Thanks.

EDIT: The link I posted above covers the case of not using ANY SDK, so no, it's not what I'm looking for.

Upvotes: 1

Views: 141

Answers (1)

andyrandy
andyrandy

Reputation: 73984

You can even create an App WITHOUT any SDK - with simple CURL calls, for example. So yeah, it is indeed possible to use the PHP SDK only, but the login process is much better with the JS SDK (no redirection needed) and you can´t auto-refresh a user session like it is possible with FB.getLoginStatus afaik.

In short, i would not recommend it, the JS SDK is the very best way to authorize users and refresh Access Tokens. I would only use the PHP SDK (or simple CURL calls) for stuff that MUST happen on the server, and for stuff that includes using the App Secret, for example.

Upvotes: 1

Related Questions