Auth problems with OAuth (Facebook App), session is not available?

Question

I want to read all birthdays of the friends from current user. I use the new Graph API of facebook. I request the authorization of the permissions (read_friendslist and friends_birthday) based on Facebooks insights example and php-sdk example. For reading the friendslist and the user details I used the Graph API with Facebook PHP SDK.

The upcoming code snippets are a short self contained correct example of my approach. If I try to use my app it requests login, then asks for permissions and then fails in printing all my friends due to the fact that no session is available. What's wrong here?

First is the birthday.php which is used by the following index.php, I removed some boilerplate code or code I think it's not causing this problem (identified by [...]). You can find the complete code on the end of this question.

<?php
function get_birthday_of_friends() {

    $fbconfig['appid' ]  = "MY_APP_ID";
    $fbconfig['secret']  = "MY_APP_SECRET";

    try{
            include_once "facebook/src/facebook.php";
    }
    catch(Exception $o){
             // [...] log error
    }
    // Create our Application instance.
    $facebook = new Facebook(array(
      'appId'  => $fbconfig['appid'],
      'secret' => $fbconfig['secret'],
      'cookie' => true,
    ));

    $session = $facebook->getSession();

    $fbme = null;
    // Session based graph API call.
    if ($session) {
               // [...] return birthdays
    } else {
        echo "No session found";
    }
}
?>

The required lib.php is identically with the insights example.

<?php

    // [...] Include and define app-id etc.

function get_access_token($base_url) {
  if (isset($_REQUEST['access_token'])) {
    return $_REQUEST['access_token'];
  }
  $params = array();
  $params['client_id'] = APP_ID;
  $params['redirect_uri'] = $base_url;
  if (!isset($_REQUEST['code'])) {
    $params['scope'] = 'read_friendlists, friends_birthday';
    $url = FacebookMethods::getGraphApiUrl('oauth/authorize', $params);
    throw new RedirectionException($url);
  } else {
    $params['client_secret'] = APP_SECRET;
    $params['code'] = $_REQUEST['code'];
    $url = FacebookMethods::getGraphApiUrl('oauth/access_token');
    $response = FacebookMethods::fetchUrl($url, $params);
    $response = strstr($response, 'access_token=');
    $result = substr($response, 13);
    $pos = strpos($result, '&');
    if ($pos !== false) {
      $result = substr($result, 0, $pos);
    }
    return $result;
    }
}

    // [...] Call get_access_token() and get_birthday_of_friends()!
?>

Can you help me with that? I added the whole source code on pastebin.com if this helps you to identify my problem. Source code on pastebin.com for "index.php" and "birthday.php".

Thank you in advance!

Answer 1

If no session is available, I had to redirect to the login page and require the extended permissions with the parameters. This did the trick to me, thanks to manuelpedrera for helping me out.

$facebook->getLoginUrl(array('req_perms' => 'read_friendlists, [...]'));

Answer 2

I am not sure if the method that you are using is deprecated or not, but I know it's the old way and you should try with the new one in order to get the auth token.

Take a look at this link: http://developers.facebook.com/docs/authentication/signed_request/

In a glance, you have to:

• Get the signed_request parameter from $_REQUEST.
• Use the sample function provided in the link to decode it Once you decode it, you will have an array in which there is a parameter called oauth_token.
• With this parameter, you can start making calls to the Graph by appending it to the URL e.g.
  *https://graph.facebook.com/PROFILE_ID/pictures/?access_token=OAUTH_TOKEN*

Make sure that you have Oauth 2.0 for Canvas enabled into the Configuration settings of your app (Advanced tab).

Answer 3

I think in some browsers there's a prblem with third party cookies. Are you testing in Safari? And also, try to add permissions to the loginUrl - it's a bit more simple than adding and requesting the permissions with oauth.