Facebook Graph API authentication in canvas app and track session
Short question is: how can i use graph api oauth redirects mechanism to authenticate user and save retrieved access_token and also use javascript SDK when needed (the problem is javascript SDK will have different access_token when initialized).
I have initially setup my facebook iframe canvas app, with single sign on. This works well with graph api, as I am able to use access_token saved by facebook's javascript when it detects sessionchange(user logged in).
But, I want to rather not do single sign-on. But, use gra开发者_如何学Goph api redirect and force user to send to a permissions dialog. But, if he has already given permissions, I shouldn't redirect user. How to handle this?
Another question: I have done graph api redirects for authentication and have retrieved access_token also. But then, what if I want to use javascript call FB.ui to do stream.Publish? I think it will use it's own access_token which is set during FB.init and detecting session. So, I am looking for some path here. How to use graph api for authentication and also use facebook's javascript SDK when needed.
P.S. I'm using ASP .NET MVC 2. I have an authentication filter developed, which needs to detect the user's authentication state and redirect.(currently it does this to graph api authorize url)
I've been working on a .NET client for the Graph API called FBGraph.NET. I haven't had enough time to get it to a release state yet, but you should still be able to use the existing code either directly or as a reference for what you're trying to do.
Specifically, FBFraphAuthorizeAttribute, FBGraphAuthenticationHelper and FBGraphAuthorizationHelper.
The authentication/authorization system is set up to be separate from ASP.NET Forms Authentication, so you can you them separately, or you can use the FBGraph Facebook authorization as a direct replacement for Forms auth. It will automatically redirect the user and prompt for authorization/extended permissions if they haven't already granted them.
I don't have anything in there yet that helps work between server-side code and the JS SDK, but I imagine that the access tokens should be interchangeable. If you end up using the client as is, you should be able to set any token on IFacebookContext, and conversely pass an access token generated server side to the client.
精彩评论