Menu
Friends,
I have set up a facebook login for my website using JS SDK.
If the use is logged in through JS SDK, should we cross verify whether the session is valid in the server side also as client side can easily be fabricated.
Since I use JS SDK, server will not have access to the facebook session. If I need to verify the session at the server end, can i use php-sdk adn extern the session like it is specified in https://developers.facebook.com/docs/reference/php/ ? In this case I need to enable CURL PHP extension to get this running and worried if performance will go down when using php sdk.
Could you please help me in finding answers for the above queries?
603
The Facebook SDK for JavaScript provides a rich set of client-side functionality that: Enables you to use the Like Button and other Social Plugins on your site. Enables you to use Facebook Login to lower the barrier for people to sign up on your site. Makes it easy to call into Facebook's Graph API.
Web OAuth Login settings enables any OAuth client token flows that use the Facebook web login dialog to return tokens to your own website. This setting is in the Products > Facebook Login > Settings section of the App Dashboard.
The php sdk and the javascript are the completely opposite, of what Julian H. Lam said, in fact they were build to be used together.
On the php sdk documentation you can find this:
Integration with the Facebook SDK for JavaScript
Used in conjunction with the Facebook SDK for JavaScript, the PHP SDK can share user sessions seamlessly across the client and server. If a user is logged in with Facebook and has authorized your app, the JavaScript SDK can pick up the user session persist this in a cookie which, which the PHP SDK reads without any intervention on the developer's part.
To enable this functionality, ensure that when you embed and initialise the JS SDK, you set both the status and the cookie parameters of the object passed to FB.init() to true.
And by using basic logic this makes all sense, on the client side you can create listeners to retrieve user status(if he's logged in, if he has granted permissions, if he has logout), doing this kind of actions on the server side doesn't make any sense at all.
So my advice for you is to use Javascript SDK to handle user events, like the ones I mentioned before, and to handle the responses from the actions of the users, like when the user does a like, or shares a post using the feed dialogue, etc.
With the php SDK you just check if you have a valid user, since you're sharing the same cookie for the client side and for the server side after you handle the login proccess with the javascript SDK, if you do this $fb_id = $facebook->getUser() (after initializing the PHP SDK of course), you'll get the user facebook id, now that you know you have a valid user, you can use the PHP SDK to query information about the user, post on user behalf, etc.
Here's an example of a proper loading of the javascript SDK with cookie support:
<div id="fb-root"></div>
<script>
window.fbAsyncInit = function() {
// init the FB JS SDK
FB.init({
appId : 'YOUR_APP_ID', // App ID from the app dashboard
channelUrl : '//WWW.YOUR_DOMAIN.COM/channel.html', // Channel file for x-domain comms
status : true, // Check Facebook Login status
xfbml : true, // Look for social plugins on the page
cookie : true
});
// Additional initialization code such as adding Event Listeners goes here
};
// Load the SDK asynchronously
(function(d, s, id){
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) {return;}
js = d.createElement(s); js.id = id;
js.src = "//connect.facebook.net/en_US/all.js";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));
</script>
And this is a simple code on the server side just to enlighten you:
require_once("facebook.php");
$config = array();
$config[‘appId’] = 'YOUR_APP_ID';
$config[‘secret’] = 'YOUR_APP_SECRET';
$config[‘fileUpload’] = false; // optional
$facebook = new Facebook($config);
try {
$user_profile = $facebook->api('/me','GET');
$user_name = $user_profile['name'];
$user_email = $user_profile['email'];
} catch(FacebookApiException $e) {
// If the user is logged out, you can have a
// user ID even though the access token is invalid.
// In this case, we'll get an exception, so we'll
// just ask the user to login again here.
}
PS: this server side code, only works if the user has already granted permissions with the scope email
178
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
