Link to home
Start Free TrialLog in
Avatar of jdav357
jdav357

asked on

Facebook API Authentication

Hi,
I can't find specifically the piece of information that I want.
I am building a website, that I also want to integrate into facebook as an application.
On my website, I want a user to be able to login to my site using only their facebook credentials which upon success returns their user Id (or whatever) which i can use in my application.
First question - is that possible!!!

If the user chooses to login to my application using their credentials which generates the account in my system, can I have the user automatically have the my application added to their profile?
ASKER CERTIFIED SOLUTION
Avatar of nbandan
nbandan
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of edster9999
edster9999
Flag of Ireland image
I would seriously hope that it is the exact opposite.

If I had a facebook account (which I do not) then I would be ***beyond*** stupid if I signed up on another unrelated web site by giving them my facebook login and password.... and facebook tells you it is valid and gives you the user id....

So what stops you logging all this and then having everyones facebook login ids.

If FB did allow that (which they do not) then I would cancel my account (which I dont have)
:)
Avatar of jdav357
jdav357

ASKER

Hi both, thanks for your comments.

Esdter, If I am correct I think it is possible to get the users id, I have attached the code off FB's site, this piece will get it:
<?php if ($cookie) { ?>
      Your user ID is <?= $cookie['uid'] ?>
    <?php } else { ?>
nbandan has provided a link to the API:
http://developers.facebook.com/docs/authentication/

This is the way I think the likes of dailymotion.com do it. The user id then allows you to view bits of a users profile.

I am not the greatest at understanding documentation, so please correct me if you think I am misunderstanding the above. :-) thanks again for your help...

<?php

define('FACEBOOK_APP_ID', 'your application id');
define('FACEBOOK_SECRET', 'your application secret');

function get_facebook_cookie($app_id, $application_secret) {
  $args = array();
  parse_str(trim($_COOKIE['fbs_' . $app_id], '\\"'), $args);
  ksort($args);
  $payload = '';
  foreach ($args as $key => $value) {
    if ($key != 'sig') {
      $payload .= $key . '=' . $value;
    }
  }
  if (md5($payload . $application_secret) != $args['sig']) {
    return null;
  }
  return $args;
}

$cookie = get_facebook_cookie(FACEBOOK_APP_ID, FACEBOOK_SECRET);

?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:fb="http://www.facebook.com/2008/fbml">
  <body>
    <?php if ($cookie) { ?>
      Your user ID is <?= $cookie['uid'] ?>
    <?php } else { ?>
      <fb:login-button></fb:login-button>
    <?php } ?>

    <div id="fb-root"></div>
    <script src="http://connect.facebook.net/en_US/all.js"></script>
    <script>
      FB.init({appId: '<?= FACEBOOK_APP_ID ?>', status: true,
               cookie: true, xfbml: true});
      FB.Event.subscribe('auth.login', function(response) {
        window.location.reload();
      });
    </script>
  </body>
</html>

Open in new window

Avatar of jdav357
jdav357

ASKER

Ps. I dont think the user gives the login details directly to an unrelated site, it navigates them away through some kind of popup etc, which allows a user to login directly to FB and then sets the cookie. Upon returning back to the site, the cookie is set along with a signature and a user id. Then you can go grab whole heaps of data about the uesr from their FB account (with their permission of course!)