Correct way to redirect to a facebook tab after authentication for an app?

Question

We're hosting a PHP facebook canvas application (http://apps.facebook.com/myapp). One of the pages (http://apps.facebook.com/myapp/foobar) requires authentication from facebook so we can access some information about the user. This is achieved by using the PHP-SDK's $facebook->getLoginUrl() method to generate the url for authentication and works as expected.

We have since added the app to as a Tab (iFrame) to our Page (http://www.facebook.com/MyPage?sk=app_nnnnn). Now when we try to authenticate the user they are redirected to the app's url (http://apps.facebook.com/myapp/foobar) rather than having the /foobar page load in the Tab's iFrame as expected.

Is it possible to set the auth so that it doesn't bounce to the app's url but stays within the Tab using the PHP-SDK? If so, what is the workflow I should follow to achieve this?

Answer 1

The way I have achieved this is to do the following:

• On the /myapp/foobar page I check to see whether the user has been authenticated. If they haven't I set a session value and use the PHP-SDK's $facebook->getLoginUrl() to generate the auth url and send a response back containing just the javascript to redirect window.top.
• Once they've authenticated they're redirected back to the main page. When this page loads it checks for the session value and, if set, removes it and issues a redirect header to /myapp/foobar.

It's a little convoluted but seems to be quite a stable solution.

Answer 2

I would simply add code to http://apps.facebook.com/myapp/foobar to check for authentication, and if it is, echo:

<script type="text/javascript">
    top.location.href = 'http://www.facebook.com/MyPage?sk=whatever';
</script>

That should break out of the iframe and redirect you to where you want to go.