How to handle callback urls for developing and debugging with Facebook authentication?

Question

I'm building a site that uses Facebook authentication. The thing is, I can have only one callback url at a time, so when I'm working locally I use my localhost url as callback url, and when I want to test it on Heroku, I switch it to the real URL.

This is OK for now since I haven't released this to public, and I can switch around from localhost to the real url without worrying about users being locked out.

However I am wondering how I can do this once I release this and there are actually people using the service. I would appreciate your advice. (I'm sure this is a total newbie question but, hey you gotta start somewhere)

Answer 1

You can specify the call-back URL on a per-request basis. Whatever you specify in the request will override the default callback URL that you've configured in your application settings. You do this by passing the "redirect_uri" parameter in your initial O-auth authentication request.

Here is a snippet of some PHP code that I use in one of my projects:

    public function authenticate(array $params) {
      $scope = empty($params['scope']) ? 'email,publish_stream,offline_access' : $params['scope'];

      $fb= FB::get_fb_api(); //singleton to get Facebook API object

      $login_url = $fb->getLoginUrl(array(
          'redirect_uri' => $GLOBALS['CONFIG']->base_url . '/fbOauth/signin_callback',
          'scope' => $scope,
          'display' => 'popup'
       ));


      header("Location: $login_url");

    }

As you can see, I set the base_url dynamically - so, my development environment will pass a different URL vs. my production environment.