浏览器重定向到Facebook外部，而不是重定向到iframe内部

Question

我刚刚创建了一个Facebook应用程序，这是我的第一次尝试，我完全关注了Facebook开发人员的文档，同时完成了所说的一切，我被困在这种奇怪的情况：

1. 在我的应用验证过程中，该应用会将我的浏览器重定向到外部 将Facebook改为托管我网站的网站页面 在iframe中重定向它。我无法直接重定向到我的应用中的其他页面，也无法使用app namespace page
2. 我无法从已签名的请求参数中检索user_id

landhere.php的代码

<?php
    include ('src/facebook.php');
    $app_id = "*******";
    $app_secret = "*********";
    $redirect_uri = "http://myweb.com/myapp/landhere.php";
    //$redirect_uri = "http://appplatform.info/WFBRU/start.php";
    //$redirect_uri = "http://apps.facebook.com/wfbrumapp";

    $signed_request = $_REQUEST["signed_request"];
    list($encoded_sig, $payload) = explode('.', $signed_request, 2);
    $data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);

    $id = $data["user_id"];
    $authorized_code = $_GET["code"];
    $oauth_token = $data["oauth_token"];
    $like_status = $data["page"]["liked"];
    echo "<br>page id = $id";
    echo "<br>page admin = $authorized_code";
    echo "<br>like status = $like_status";
    echo "<br>country = $oauth_token";

    if (empty($authorized_code)) {
        echo "string";
        $_SESSION['state'] = md5(uniqid(rand(), TRUE));
        $dialog_url = "http://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&redirect_uri=" . $redirect_uri . "&state=" . $_SESSION['state'];
        echo("<script> top.location.href='" . $dialog_url . "'</script>");
        //echo("<script> window.top.location='" . $dialog_url . "'</script>");
    } else {
        $authenticate_url = "https://graph.facebook.com/oauth/access_token?client_id=" . $app_id . "&redirect_uri=" . $redirect_uri . "&client_secret=" . $app_secret . "&code=" . $authorized_code . "";
        $response = @file_get_contents($authenticate_url);
        $params = null;
        parse_str($response, $params);
        $access_token = $params['access_token'];

        $userId = $_POST["user_id"];
        echo $userId;
        if ($like_status) {
            echo "<form method=\"post\" action=\"start.php\" id=\"landingForm\">";
            echo "<input type=\"text\" name=\"user_id\" value=" . $id . " style=\"display: none\">";
            echo "<input type=\"text\" name=\"oauth_token\" value=" . $oauth_token . " style=\"display: none\">";
            echo "</form>";
            echo "<script>document.forms['landingForm'].submit()</script>";
        } else {
            echo "<div class=\"likepage\">";
            echo("<b class=\"welcome\"></b><br/>");
            echo "</div>";
        }
    }
?>

---

陷入无限循环：

if (!empty($_SESSION['access_token'])) {
    $signed_request = $_REQUEST["signed_request"];
    list($encoded_sig, $payload) = explode('.', $signed_request, 2);
    $data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);

    $id = $data["user_id"];
    $authorized_code = $_GET["code"];
    $oauth_token = $data["oauth_token"];
    $like_status = $data["page"]["liked"];
    echo "<br>page id = $id";
    echo "<br>page admin = $authorized_code";
    echo "<br>like status = $like_status";
    echo "<br>country = $oauth_token";
    if ($data["page"]["liked"]) {
        echo "<form method=\"post\" action=\"start.php\" id=\"landhereForm\">";
        echo "<input type=\"text\" name=\"user_id\" value=" . $id . " style=\"display: none\">";
        echo "<input type=\"text\" name=\"oauth_token\" value=" . $oauth_token . " style=\"display: none\">";
        echo "</form>";
        echo "<script>document.forms['landhereForm'].submit()</script>";
    } else {
        echo "<div class=\"likepage\">";
        echo("<b class=\"welcome\"></b><br/>");
        echo "</div>";
    }
} else if (!empty($_GET["error"])) {
    echo "user hasn't authorized your app";
}else if (!empty($_GET["code"])) {
    $authorized_code = $_GET["code"];
    $authenticate_url = "https://graph.facebook.com/oauth/access_token?client_id=" .    $app_id . "&redirect_uri=" . $redirect_uri . "&client_secret=" . $app_secret . "&code=" . $authorized_code . "";
    $response = @file_get_contents($authenticate_url);
    $params = null;
    parse_str($response, $params);
    $access_token = $params['access_token'];
    $_SESSION['access_token'] = $access_token;
    //header('Location: http://apps.facebook.com/myapp');
    header('Location: http://www.facebook.com/mypage/app_***********');
} else {
    echo "string";
    echo "<br>page id = $id";
    echo "<br>page admin = $authorized_code";
    echo "<br>like status = $like_status";
    echo "<br>country = $oauth_token";
    $_SESSION['state'] = md5(uniqid(rand(), TRUE));
    $dialog_url = "http://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&redirect_uri=" . $redirect_uri . "&state=" . $_SESSION['state'];
    echo("<script> top.location.href='" . $dialog_url . "'</script>");
    //echo("<script> window.top.location='" . $dialog_url . "'</script>");
}

Answer 1

是的，你错了很多。

您应该关注Authentication tutorial，它描述了所有步骤：

1. 如果用户未经过身份验证，则在撰写时通过js脚本将其发送到auth对话框。

2. Facebook重定向回您的网页，而不是iframe，这是主窗口的重定向。

3. 如果用户拒绝了该应用，您将在GET数据中出现“error”，“error_reason”和“error_description”，请记住您当时不在facebook内。

4. 如果用户授予了您的应用，请重定向到您的页面（在主窗口中），然后您应该使用活动访问令牌交换代码，然后将用户重定向到您的fb应用（ http （一个或多个）：//apps.facebook.com/YOUR-APP-NAME ）

5. 当Facebook加载时，它会将您的应用加载到iframe中，然后您将获得已签名的请求，并且您可以显示您的画布页。

这是你的php代码的修改版本，其中一些是伪的，因为我不是一个php程序员。

<?php
    include ('src/facebook.php');
    $app_id = "******";
    $app_secret = "******";

    if (access_token in session) {
        $signed_request = $_REQUEST["signed_request"];
        list($encoded_sig, $payload) = explode('.', $signed_request, 2);
        $data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);

        $id = $data["user_id"];
        $oauth_token = $data["oauth_token"];
        $like_status = $data["page"]["liked"];
        echo "<br>page id = $id";
        echo "<br>like status = $like_status";
        echo "<br>country = $oauth_token";
    } else if (error in get_data) {
        // user hasn't authorized your app
    } else if (code in get_data) {
        $authorized_code = $_GET["code"];
        $authenticate_url = "https://graph.facebook.com/oauth/access_token?client_id=" . $app_id . "&redirect_uri=" . $redirect_uri . "&client_secret=" . $app_secret . "&code=" . $authorized_code . "";
        $response = @file_get_contents($authenticate_url);
        $params = null;
        parse_str($response, $params);
        $access_token = $params['access_token'];
        $_SESSION['access_token'] = $access_token;
        header('Location: http://apps.facebook.com/APP_NAME');
    } else {
        $redirect_uri = "http://myweb.com/myapp/landhere.php";
        echo "string";
        $_SESSION['state'] = md5(uniqid(rand(), TRUE));
        $dialog_url = "http://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&redirect_uri=" . $redirect_uri . "&state=" . $_SESSION['state'];
        echo("<script> top.location.href='" . $dialog_url . "'</script>");
    }
?>

它没有经过测试或其他任何东西，只是为了给你一个正确方向的推动。 希望这会有所帮助。

---

修改

第二段代码的修改版本：

list($encoded_sig, $payload) = explode('.', $_REQUEST["signed_request"], 2);
$signed_request = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);

$access_token = null;
if (!empty($_SESSION['access_token'])) {
    $access_token = $_SESSION['access_token'];
} else if (!empty($signed_request['oauth_token'])) {
    $access_token = $signed_request['oauth_token'];
}

if ($access_token != null) {
    $id = $access_token["user_id"];
    $authorized_code = $_GET["code"];
    $oauth_token = $access_token["oauth_token"];
    $like_status = $access_token["page"]["liked"];
    echo "<br>page id = $id";
    echo "<br>page admin = $authorized_code";
    echo "<br>like status = $like_status";
    echo "<br>country = $oauth_token";
    if ($data["page"]["liked"]) {
        echo "<form method=\"post\" action=\"start.php\" id=\"landhereForm\">";
        echo "<input type=\"text\" name=\"user_id\" value=" . $id . " style=\"display: none\">";
        echo "<input type=\"text\" name=\"oauth_token\" value=" . $access_token . " style=\"display: none\">";
        echo "</form>";
        echo "<script>document.forms['landhereForm'].submit()</script>";
    } else {
        echo "<div class=\"likepage\">";
        echo("<b class=\"welcome\"></b><br/>");
        echo "</div>";
    }
} else if (!empty($_GET["error"])) {
    echo "user hasn't authorized your app";
}else if (!empty($_GET["code"])) {
    $authorized_code = $_GET["code"];
    $authenticate_url = "https://graph.facebook.com/oauth/access_token?client_id=" .    $app_id . "&redirect_uri=" . $redirect_uri . "&client_secret=" . $app_secret . "&code=" . $authorized_code . "";
    $response = @file_get_contents($authenticate_url);
    $params = null;
    parse_str($response, $params);
    $access_token = $params['access_token'];
    $_SESSION['access_token'] = $access_token;
    //header('Location: http://apps.facebook.com/myapp');
    header('Location: http://www.facebook.com/mypage/app_***********');
} else {
    echo "string";
    echo "<br>page id = $id";
    echo "<br>page admin = $authorized_code";
    echo "<br>like status = $like_status";
    echo "<br>country = $oauth_token";
    $_SESSION['state'] = md5(uniqid(rand(), TRUE));
    $dialog_url = "http://www.facebook.com/dialog/oauth?client_id=" . $app_id . "&redirect_uri=" . $redirect_uri . "&state=" . $_SESSION['state'];
    echo("<script> top.location.href='" . $dialog_url . "'</script>");
    //echo("<script> window.top.location='" . $dialog_url . "'</script>");
}

Answer 2

两件事：

1）$ redirect_uri应该指向你的Facebook应用程序，而不是你的网站

2）在javascript中，您应该检查“apps.facebook.com”是否位于顶部框架的网址中，如果没有，则执行重定向

if(top.location.href.indexOf("apps.facebook.com") > 0){
    top.location.href = YOUR_FACEBOOK_CANVAS_APP_URL;
}