facebook正在重定向到facebook以外的网站

时间:2012-01-22 19:34:58

标签: php facebook facebook-apps

我在身份验证中使用重定向uri时遇到问题。

如果我将其设置为我的网站,则用户将进行身份验证,因为$_Request['code']已设置,但用户将在我的网站上,我不希望

如果我重定向到apps.facebook.com/myapp,则未设置$_Request['code'],用户将无法进行身份验证,只会看到空白页。

有没有办法在PHP中执行此操作,我在呈现页面之前运行了代码。

你们是如何解决这个问题的?

我的登录功能:

public static function login($redirect) {
    $app_id = AppInfo::appID();
    $app_secret = AppInfo::appSecret();
    $home = urlencode(AppInfo::getHome());
    // See https://developers.facebook.com/docs/reference/api/permissions/
    // for a full list of permissions
    $scope = 'user_photos,publish_stream';
    session_start();
    $code = $_REQUEST["code"];
    // If we don't have a code returned from Facebook, the first step is to get
    if (empty($code)) {
      // CSRF protection - for more information, look at 'Security Considerations'
      // at 'https://developers.facebook.com/docs/authentication/'
      $state = md5(uniqid(rand(), TRUE));
      setcookie(
        AppInfo::appID() . '-fb-app',
        $state,
        $expires = 0,
        $path = "",
        $domain = "",
        $secure = "",
        $httponly = true); 
      // Now form the login URL that you will use to authorize your app
      $authorize_url = "https://www.facebook.com/dialog/oauth?client_id=$app_id" .
      "&redirect_uri=$home&state=" . $state . "&scope=$scope";
      // Now we redirect the user to the login page
      echo("<script> window.location.href='" . $authorize_url . "'</script>");
      return false;
    // Once we have that code, we can now request an access-token.  We check to
    // ensure that the state has remained the same.
    } else if ($_REQUEST['state'] === $_COOKIE[AppInfo::appID() . '-fb-app']) {
      $ch = curl_init("https://graph.facebook.com/oauth/access_token");
      curl_setopt($ch, CURLOPT_POSTFIELDS,
        "client_id=$app_id&redirect_uri=$home&client_secret=$app_secret" .
        "&code=$code&scope=$scope");
      curl_setopt($ch, CURLOPT_POST, 1);
      curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
      $response = curl_exec($ch);
      // Once we get a response, we then parse it to extract the access token
      parse_str($response, $params);
      $token = $params['access_token'];
      return $token;
    // In the event that the two states do not match, we return false to signify
    // that something has gone wrong during authentication
    } else {
      echo("States do not match.  CSRF?");
      return false;
    }
  }

1 个答案:

答案 0 :(得分:0)

如果您想在Facebook上安装自己的应用,可以使用Facebook signed_request参数将Facebook POST添加到您的画布网址。用户批准您的应用后,您无需阅读code。请注意,Facebook总是发送此参数,即使当前用户尚未批准您的应用(它包含的信息较少)。

请参阅documentation

相关问题
最新问题