开发者

Facebook canvas page in Java - optional app authorization?

I have canvas FBML app for facebook in Java. I am trying to get current user id using facebook java api in a controller, but without forcing every user to grand app access through facebook.com/login.ph开发者_JS百科p.

The trouble is that I don't understand a facebook app workflow. In order to get userid I need to provide fb sessionid. In order to get session it seems like I have to forward all users to http://www.facebook.com/login.php?api_key=... which will prompt them for extra permissions. The thing is I don't want to force everyone to give me extra permissions or to be logged in. Guests should be also able to use the app with limited functionality.

How do I separate guests and those who didn't give me permissions from the rest without redirecting everyone without session to permissions page all the time?

Thanks.


I don't know anything about the details of the Java API, but I can tell you about the two ways to get a user ID. The first, as you know about, is to require the user to authenticate the application. You don't necessarily need to redirect the user anywhere to do this if you're using FBML and put requirelogin="1" on some HTML links or form elements and an in-page "Authorise this app" popup will appear. Once they've authorised the app you'll get the fb_sig_user parameter passed in each request.

Secondly, you may get the user ID of a visitor passed to you in another parameter without them having authorised your app. This comes in the form of fb_sig_canvas_user, and you get it once the user has interacted with your application in some way. This may be from clicking on a link in an FBML canvas page or clicking on a feed story published by another user. fb_sig_canvas_user allows you to identify the user but not to make any API calls on their behalf. You can still prompt them to publish stories and send invites.

With both methods, though, there'll be some users who arrive at your application and you have no way of knowing who they are - not even their user ID. This is to protect the privacy of users and there's no way around it - you either have to get them clicking on something, or get them to authorise.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜