Facebook PHP SDK for Canvas and FB Login

Posted: January 10th, 2011 | Author: | Filed under: Facebook, PHP | Tags: , , , | 3 Comments »

This is a short article on how to best implement the Facebook PHP SDK for two integration methods: Canvas applications and external websites offering Facebook Login to their visitors. The difference is not very well documented in the example provided with the SDK.

Facebook Login (previously Connect)

This method is used by external websites, offering their visitors an easy method of registration and login, using their Facebook account. As shown in the example code provided with the SDK, we first create an instance of the facebook class, which we use to retreive a session.

We will not find a session in two cases:

  1. The visitor has not authorised the website in the past
  2. The method getSession() cannot find the signed_request or session variable in the $_COOKIE or $_REQUEST variables

To be sure that the visitor has not authorised your application in the past, we transfer the visitor to Facebook using the method getLoginStatusUrl(). This will header the visitor to Facebook, which in turn headers the visitor back to the referring URL including a $_REQUEST['session'] variable, if the visitor has indeed authorised in the past. Be sure to build in a check to only check this once a session, otherwise this will result in a loop if the user is unknown.

Canvas

When using Facebook Canvas (a website iframed within Facebook), the requested page within the iframe is always provided a signed_request which the SDK uses to build a “session”. This means that we always know whether the visitor is an authorised user or not, making the getLoginStatusUrl() superfluous. If we can’t find a session (getSession()), or we can’t find “/me“, the user has not authorised and we need to present the authorisation button.

The following graphic depicts the flow for both cases:

Of course, the above can also be established with the Javascript SDK, but a little dedudancy won’t do any harm. And the getLoginStatusUrl method is probably a lot quicker than the JS variant.


3 Comments on “Facebook PHP SDK for Canvas and FB Login”

  1. 1 paris said at 11:34 am on April 19th, 2011:

    thanks for that!

  2. 2 Julie said at 10:26 pm on October 27th, 2011:

    I’m not sure this works as well as the documentation leads you to believe it works

  3. 3 Jop said at 11:01 pm on October 27th, 2011:

    That’s correct Julie, as of PHP SDK 3.1.0 the function getLoginStatusUrl() is broken, since it’s not updated to use oAuth 2.0. See also:
    https://github.com/facebook/php-sdk/issues/494
    http://developers.facebook.com/bugs/295348980494364?browse=search_4ea9c66780cc77a17337520


Leave a Reply