I'm struggling to combine client-side authentication with server-side authentication and I appreciate help from the community. My app is simple and all users are on Facebook so I would like to use FB widgets both for login/auth and registration.
After page is loaded I check FB.getLoginStatus and show the fb:login-button if the user is not logged in.Then the user press the login-button and I receive the auth.login event. It's from here I'm a bit uncertain on the next action and I wonder if I'm missing a point.
I try to redirect the user to the server and I was hoping I could use the php-sdk there to check if the user is logged in without any fuzz, but when I do $facebook->api('/me') I get no response.
So how should I pass authorization information to the server in a secure way (my app doesn't use https) so that I can ensure that the user is authentication and authorized on the server side as well when I use the fb-login-button?
does the following example from facebook work for you http://developers.facebook.com/blog/post/534/
it is combining javascript with php SDK and there is some additional info you should check
hope this helps