Reputation: 475
facebook iframe app authentication flow question
I'm not quite sure if I'm doing the auth correctly, so I'm asking here to verify my process.
Check if user is authenticated, if not proceed to next step.
Redirect the user to: https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL
On the redirect, I take the $_REQUEST['code'] and I re-issue it to https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&client_secret=YOUR_APP_SECRET&code=THE_CODE_FROM_ABOVE to get access token.
I get the access token, save it to my session, user is now authenticated and I redirect them back to my application's landing page.
Everything works fine but it seems it's just my app has all these too many redirects happening. Other apps seem to just take you straight to their app without going through step 1 (those that already added the app).
I'm wondering if others are using the "offline_access" permission and using this as a way to bypass getting the "code" to get the "access_token" routine.
Upvotes: 0
Views: 449
Answers (1)
Reputation: 1055
Correct. With offline_access, you can save the access_token indefinitely and avoid having to go through that flow again. If you try to use it and get an OAuthException, you should discard of the saved access token. This is how many applications skip those authentication steps for account verification. One major down side to requesting offline_access is that it may look bad to a user.
Upvotes: 1
Related Questions
- FB PHP authentication
- Facebook PHP API/App: iFrame
- Facebook Authentication using PHP-SDK
- Show Facebook Login Dialog within iFrame
- Facebook Authorization for an iFrame App in PHP
- Can't authenticate on Facebook in an iFrame
- Facebook application authentication issue
- Facebook require_login() in iFrame App
- Facebook Iframe application authentication?
- Facebook Authentication, IFrame and Variable Passing Help