How is the server-side flow supposed to be for Facebook Apps? What I mean is, on every page load, do I have to get an access token?
Currently, in my application_controller, I have a before filter that basically
- redirect_to @fb_aut开发者_运维技巧h.client.web_server.authorize_url (authorizes the app)
- @fb_auth.client.web_server.get_access_token (gets the access token)
This seems really slow to have to get another access_token from Facebook on every page load. How is this normally done? The problem that I'm having is that to access the /me object you have to get an access token, which requires me to get the access token on every page load.
You shouldn't need to get a new access token on every page load. The access token should be good for many page loads as it takes over an hour to expire (expiration info is available when you get the token).
Also you don't have to redirect every time. On POSTs to your app (such as when the user clicks over to your app) a signed_request is included with the post data. If the user has not authorized your app, that's the time to redirect to the fb_auth. If the user has previously authorized your app, an access_token should be in the signed_request.
More info here: http://developers.facebook.com/docs/samples/canvas/
there is a sample skeleton application available @ https://github.com/michaelbaldry/fb_graph_canvas
access_token is gained when a person first visits the canvas url on apps.facebook.com/appname/ once this has happened the access_token is stored in a table and used until the next time the user comes straight to the canvas url.
精彩评论