Today's Question:  What are you most afraid of as a programmer?        GIVE A SHOUT

Technical Article => Web =>  PHP

PHP to get access token for Facebook app

  Pi Ke      2012-03-27 12:37:46      24,517    4    0

Since Facebook is now using OAuth 2.0 to authenticate apps to access user information. the SDK of Facebook has provided developers some useful functions to get authentication done. For example, in PHP SDK, there are getAccessToken(), getLoginUrl() etc. But unfortunately, for me I cannot use getAccessToken() method to get the user access token, it only returns me the app access token. Finally I gave up this approach to get access token for the time being. I may later retry this approach if I have time.

Today I show you another way to get the access token, which is explained on Facebook's developer website. We should use the signed_request . Since OAuth is a two way authentication mechanism, the first time, when the canvas page is loaded, a signed_request will  be POSTed to the canvas page, user can use $_REQUEST["signed_request"] to access this object. At the first time,, the signed_request will contain limited information, then the page will be redirected to the Facebook login page and authorization page. Once the authorization is done, the page will be redirected to the redirect_url and this time it will again send a signed_request object to the canvas page, and now the signed_request object will contain the access token.

An example code snippet below :


    $auth_url = ""
    . APPID . "&redirect_uri=" . urlencode(CANVAS_URL)."&scope=user_relationships,user_relationship_details";
    $signed_request = $_REQUEST["signed_request"];
    list($encoded_sig, $payload) = @explode('.', $signed_request, 2);
    $data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);
    if (empty($data["user_id"])) {
        echo("<script> top.location.href='" . $auth_url . "'</script>");

The code above is quite straightforward, after getting the $data object, it will check whether the user_id exists or not, if it doesn't exist, it will be redirected to the $auth_url page. After authorization, the page will be redirected back to the CANVAS_URL page and now the user_id should have been set and the access token is available.

Now we can use access_token to get some information of the user using the Graph API . One example :


Ok, it's done. Later I will explain how to use FQL to get gender of a friend.



Share on Facebook  Share on Twitter  Share on Google+  Share on Weibo  Share on Reddit  Share on Digg  Share on Tumblr    Delicious



Mad_Griffith [Reply]@ 2012-05-09 18:38:41
Hello, I'm trying to guess how to fetch and display the picture of a group and the number of total members... do you have any clue?
Peter [Reply]@ 2012-05-10 06:12:01
I guess this one will help you.$access_token/members. The returned value is an array of members in a group. The access_token here is the group's access token.
Mad_Griffith [Reply]@ 2012-05-11 04:07:49
Peter, can you help me? I didn't know how to put your advice into practice so I mixed some lines of PHP code with the help of the Facebook developers codex (but without understanding much): for the "scope" parameter I put the values listed here: also this is useful to build the query to the group picture:
kunal [Reply]@ 2012-07-17 06:42:40
thanks for this vital information


Programmer, hacker and user

By sonic0002