I am attempting to create a Rails application that will appear on Facebook as a Canvas app (apps.facebook.com/example) and also on a separate URL (example.com). I have having the toughest time trying to get user authentication/permissions working for both access points.
The main issue I am having at the moment is not being able to detect which access point is being used. It seems like detecting signed_request should be the way to go, however, the variable doesn't show up when navigating internally within the Canvas app's iFrame. For example, signed_request is t开发者_JS百科here for the homepage of the app but after clicking a link to another of the app's pages, the signed_request is gone. If I navigate directly to the app's page (apps.facebook.com/example/another_page), it is there again.
Any idea how I should be handling this?
The use of sessions won't always work depending on your hosting environment. My particular setup didn't allow for it. However one way around it was save it in a cookie that called a function within your code to validate the cookie and lookup the proper user. Mind you, security is often important so ensure to add some hashing to your cookies. But if you have control over how your sessions work, often that is ideal.
I suggest you use sessions. The first time you see the signed_request parameter coming in a request, you can decrypt it and store it into the session. Then, you will always be able to know that the entry point was through Facebook, who the user is and so on... no matter if the user clicked somewhere within your iframe and the signed_request parameter is not received anymore.
The signed_request first arrives to you as a POST variable.
Simplest method is to store this in a cookie or some kind of session variable. (I'm unfamiliar with Rails so not sure what the right thing to use is). And test for the presence of the POST or the SESSION variant of signed request, if it is present then its a Facebook Session and should hopefully still be inside the iFrame.
You can also detect iFrame presence with a bit of javascript
Couple of methods here: Detect iFrame embedding in Javascript
I use something along the lines of:
<script type="text/javascript">
if(location.href != top.location.href){ alert('the content has been loaded into an IFRAME');}
</script>
I use the signed_request. The signed request shows which page use the application as TAB. As far as I know the Facebook plans to extend the signed request variable to canvas pages. So I mention for you to decode the signed request, get the page ID. If the page_id do not exists (the signed request not exist, or in the future the page_id not exist in canvas signed request) your app used in canvas mode.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论