Is it possible to use FB Connect in an iframe on a 3rd party site?

I have an iframe on a 3rd party site. Inside the iframe is my application, which users authenticate to using FB Connect. I am using the omniauth gem with my Ruby on Rails site to handle the connection to Facebook.

It works seamlessly if a) you are already logged in to FB, and b) you have already given my site permission to use your details.

If either of these are missing - at th开发者_运维知识库at moment where FB connect calls out to Facebook - it all stops, and I get the FB logo and a link to click through to Facebook. When I click the link - it takes me out of my iframe and into Facebook. Obviously once I return - there is no iframe to go back to and I am no longer on the 3rd party site - but on mine.

Should this technique be possible? And if so - where might I be going wrong? As I said - if a) and b) are met - it works seamlessly.

You can't do the redirect to Facebook from within an iframe, it has to be loaded into the top-level page. That's why you see the FB logo and link, it's there to force a breakout of the iframe structure. If you want to avoid that intermediate step, make sure you do a top-level redirect yourself (usually by outputting some javascript code that sets top.location).

On the return side, you can either set redirect_uri to point to the 3rd-party site instead of directly to your site (or accepting the default redirect_uri which is probably doing that invisibly), or if that is impossible because of your app config on Facebook, detect that your page is being loaded into the top level and do a redirect to the 3rd-party site to force it back into the iframe.