Facebook iFrame application redirect

I am writing an application in Facebook that is meant to be shown through a page tab on my own business page. I need to interact with the viewing user, thus I require extended rights.

I've followed the suggested procedure but have now hit开发者_如何学编程 a wall. My application sits in an iFrame and the request for extended rights uses redirection. I can get the page where you need to confirm authorization but when you click allow, Facebook redirects to the page where my application is hosted instead of back to my Facebook page tab. Once the proper rights have been authorized, the rest of the application works fine so I know it's just a problem with redirection but I feel like I've tried everything and not a lot of people seem to have had the same problem. I would love if anyone could point me in the right direction.

Thank you!

Here's my code:

$app_id = "myappid";

$canvas_page = "http://wheremyappishosted/";

$signed_request = $_REQUEST["signed_request"];
list($encoded_sig, $payload) = explode('.', $signed_request, 2); 

$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);

$user_id = $data["user_id"];
$access_token = $data['oauth_token'];

if (empty($data["user_id"])) {
 $auth_url = "https://graph.facebook.com/oauth/authorize?client_id=".$app_id."&redirect_uri=".urlencode($canvas_page)."&scope=user_photos,friends_photos,publish_stream,user_likes";
 die("<script> top.location.href='" . $auth_url . "'</script>");
}

$f = json_decode(file_get_contents("https://graph.facebook.com/".$user_id."?access_token=".$access_token."&fields=name,albums,likes"), true);

For those interested, I believe I have found a way to circumvent this. Instead of redirecting the user back to the application, I redirect them to a small script which then redirects back to the page tab. Since the app has already been authorized, everything works and the signed_request gets passed along with the user infos. I don't know if it's really the legit way to go but it works.

Please set redirect variable to your the targeted page :

$redirect = "http://foo.com";

Set redirect_uri to "http[s]://apps.facebook.com/YOUR_APP/" instead of "http[s]://apps.facebook.com/YOUR_APP". Note the trailing slash!

I have figured out that using javascript sdk is much better choice when unsolved redirect issues arise using server scripts, implement this small test and you will figure out that most things happen using lightbox i.e. above your app. which keeps the app page intact.

https://developers.facebook.com/docs/facebook-login/getting-started-web/