Trouble with OAuth 2.0 in my Facebook application

Question

evertything was running fine in my facebook application until I upgraded it to OAuth 2.0, and im not sure if im doing everything right.

The thing is that I already made the OAuth dialog to work and when the user authorizes the app, it renders my app into the iFrame, but I am having trouble with my $_GETs[], let me explain:

Here's my index.php, which I use as the main page, while i just include() some file in a div called content, depending on the $_GET['section']:

    $app_id = "xxx";
$application_secret = 'xxx';
    $canvas_page = "xxx";
    $auth_url = "http://www.facebook.com/dialog/oauth?client_id=".$app_id. "&redirect_uri=".urlencode($canvas_page)."&scope=publish_stream,offline_access";

 //OAuth 2.0

    function parse_signed_request($signed_request, $secret) {

        list($encoded_sig, $payload) = explode('.', $signed_request, 2); 

        // decode the data
        $sig = base64_url_decode($encoded_sig);
        $data = json_decode(base64_url_decode($payload), true);

        if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
            error_log('Unknown algorithm. Expected HMAC-SHA256');
            return null;
        }

        // check sig
        $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
        if ($sig !== $expected_sig) {
            error_log('Bad Signed JSON signature!');
            return null;
        }

        return $data;
    }

    function base64_url_decode($input) {
        return base64_decode(strtr($input, '-_', '+/'));
    }
//
$data = parse_signed_request($_REQUEST["signed_request"],$application_secret);

    if (empty($data["user_id"])) {
          echo("");
    } else {

    $_SESSION['on'] = 1;
    include ('src/facebook.php');

    $files = array();
    $files['RE'] = 'xxx.php';
    $files['RC'] = 'yyy.php';
    $files['DP'] = 'zzz.php';

    $facebook = new Facebook(array(
        'appId'  => $app_id,
        'secret' => $application_secret,
        'cookie' => true, 
        'perms' => 'publish_stream, offline_access',
        ));
    $_SESSION["access_token"] = $data["oauth_token"];
    $me = $facebook->api('/me?oauth_token='.$_SESSION["access_token"]);

and the code for section_restaurantes is:

The thing is that when I click in those divs all my browser is reloaded, the ?code= parameter in the url changes twice and it reloads again on section_restaurantes.php, instead of loading the DP section, I hope I'm clear.

I think because its reloading twice i loose the $_GET['section'] parameter and then it loads the default which is "inc/section_restaurantes.php"

I need help please, I've tried to find solutions on the internet but I found nothing.

ifaour · Accepted Answer

You don't need to parse the signed_request if you are using the PHP-SDK as it'll take care of that for you. You just need to retrieve the user (getUser()) and if no user, redirect to the login url (refer to the example file).

Here is a better code:

 $app_id,
    'secret' => $application_secret
));

$user = $facebook->getUser();
if(!$user) {
    $loginUrl = $facebook->getLoginUrl(array(
        'redirect_uri' => $canvas_page,
        'scope' => 'publish_stream,offline_access'
    ));
    echo("");
    exit;
}

$_SESSION['on'] = 1;
$files = array();
$files['RE'] = 'xxx.php';
$files['RC'] = 'yyy.php';
$files['DP'] = 'zzz.php';
try {
    $me = $facebook->api('/me');
} catch (FacebookApiException $e) {
    error_log($e);
    $user = null;
}
?>

Now for your restaurant section, I would link to the parent document:

Assuming your $canvas_page is the intended destination.

Trouble with OAuth 2.0 in my Facebook application

Answers (1)

Related Questions