Search code examples
pythongoogle-app-enginefacebook-graph-apiaccess-tokenfacebook-oauth

iframe tab facebook app displays on a new page instead of within the iframe/facebook-canvas

I am using Python and a javascript or php sdk.

To obtain the access_token - I follow the steps indicated on the docs page (https://developers.facebook.com/docs/authentication/). I pass the redirect url to dialog/oauth and obtained the access_token. Once this is done, all output html being sent back to the browser gets rendered into to a new page, leaving the facebook iframe/canvas. (fyi, all output is done thru the usual 'self.response.out.write' function call).

Seems the PHP sdk hides this and I can't find a way to get : http://www.facebook.com/dialog/oauth?client_id=%s&redirect_uri=%s" dialog to send the output from the redirected url to the iframe/canvas that triggered the application. This is a 'Page Tab' app (not a 'App on Facebook') so have set the "Page Tab Name" and "Page Tab Url" on the basic apps config page.

I have not implemented session yet and I am wondering if that is necessary to pass the iframe target as a state variable and have it passed back along with the redirect to the uri.

I have searched many posts/etc and no luck and any help would be much appreciated !!

Solution

  • Tab Page Application undocumented steps :

    1. The confusing part is the CANVAS_PAGE_URL in the example. This needs to be the web-hosted app URL (e.g. https://www.appname.appspot.com/).. This not clearly defined..

    2. If access_token and the user_id is not found on the signed_request an auth dialog needs to be done (as per the page documentation). This needs to be done thru the script top.location.ref to endure that it launches as a dialog. This goes to a new page overwriting the canvas (or the fan-page) that triggered the app.

    3. When the user allows the permissions on the app, the app is called thru the tab-page-canvas-url?code=".....". At this point, a redirect needs to be done (which is not documented anywhere. I had to look at the php sdk code to figure this out (fbmain.php line 17) (redirect() in python and header() php). The redirect needs to take the url for the app on the fan page : http://www.facebook.com/FAN_PAGE_NAME?sk=app_nnnnnnn

    It took many hours of research and digging to understand this and hope it helps (I see a lot of questions raised around page breaking out of the iframe/canvas) and the basic problem is the extra redirect step that FB does not document anywhere...

    (mail me and I am happy to share python code that is now all working nicely)