Authenticate sites with different domain names using the Facebook API_问答_开发者

Authenticate sites with different domain names using the Facebook API

开发者 https://www.devze.com 2022-12-26 08:29 出处：网络

We have a CMS that supports multiple sites, one of our features allows our users (The site admin) to connect to the site facebook account to allow status updates, create events and upload pictures to

We have a CMS that supports multiple sites, one of our features allows our users (The site admin) to connect to the site facebook account to allow status updates, create events and upload pictures to FB from with in the CMS.

The authentication needs to occur once since each site may have multiple site admins that do not have access to the site FB user name and password. We use iframe and authenticate using $facebook->require_login() which redirects the user to the FB login and authentication pages.

All this works just fine but when the user hits "Allow" the authentication will break as it will only redirect to whatever is in the "Post-Authorize Redirect URL" field making the app obsolete for any other domain except the one in the "Post-Authorize Redirect URL"

I know other API's authentication methods like开发者_JS百科 in Vimeo and YouTube will allow you to specify a NEXT parameter which is the equivalent of the "Post-Authorize Redirect URL" and it can be set at run time.

How can I make this work for multiple domain names?

Any hints on this issue will be of great help

If the call back page is in your domain, that page could acts as a proxy, all you have to do is pass the parameters needed by the proxy page to redirect the user to the proper location. For example I used the URL of the domain I want to redirect and an ID needed for me to know which user I am dealing with.

My code end up looking something like this:

Authorize link:

$authorizeURL = "http://www.facebook.com/authorize.php?api_key=" . $facebookApiKey . "&v=1.0&ext_perm=status_update&domainName=$domainName&path=/path/to/my/next/page.php";

and the "proxy" code would like something like this:



    $path =  $_GET['path'];
    $query = $_GET['query'];
    $domainName = $_GET['domainName'];

    //if you happen to have a query, get the values like this:
    parse_str($query, $queryValues);
    $id = $queryValues['id'];

    // construct the url where your user came from or where you want them to be redirected.
    $url = "http://$domainName/$path?$query";

    header("Location: " . $url);
    exit;

This is not the whole code, but it will give you an idea on how to do it.

make a separated domain used only for FB authentication.