How do I authorize the user in a facebook pages tab?_问答_开发者

How do I authorize the user in a facebook pages tab?

开发者 https://www.devze.com 2023-04-12 11:12 出处：网络

I have problems with authoriz开发者_StackOverflow中文版ing of the user in a facebook page tab. I have tried a lot of different methods in both PHP and Javascript without any luck at all basically.

If someone could explain this for me and show some code it would be great! I was thinking on to do the authorizing in PHP and then continue to grab some user-data width Javascript. I also need to be able to let the user agree on the persmissions. so a popup for authorizing and permissions is what i need help with.

What do you think? Is there a better way? Help with some code for this would as i said be great!

In order to know whether user already authenticated your app or not, decode signed_request and check if oauth_token is passed:

<?php     
$secret='APP_SECRET';
$signed_request=($_REQUEST['signed_request']);
function parse_signed_request($signed_request, $secret) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2); 

// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);

if (strtoupper($data['algorithm']) !== 'HMAC-SHA256') {
error_log('Unknown algorithm. Expected HMAC-SHA256');
return null;}

// check signature
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}

return $data;
}

function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}

$information=parse_signed_request($signed_request, $secret);
$oauth_token=$information["oauth_token"];
?>

Then, use this script to get user authenticated if $oauth_token is empty:

 <?php 
     $app_id = "APP_ID";
     $canvas_page = "YOUR_TAB_URL";
     $auth_url = "http://www.facebook.com/dialog/oauth?client_id=" 
            . $app_id . "&redirect_uri=" . urlencode($canvas_page) . "&scope=ENTER WANTED  PERMISSIONS HERE";

     $signed_request = $_REQUEST["signed_request"];

     list($encoded_sig, $payload) = explode('.', $signed_request, 2); 

     $data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);

     if (empty($oauth_token)) {echo("<script> top.location.href='" . $auth_url .    "'</script>");}
   ?>

Fill in APP_SECRET, APP_ID, YOUR_TAB_URL and WANTED PERMISSIONS in these scripts, cheers.