Facebooker talk - Jan 2008 - couple of newbie questions about redirects

I''m working on an app, and am new to both ruby and facebooker.  Here
is my current area of confusion:

What should happen on a user''s initial visit to my app?  When I hit
apps.facebook.com/<my app> for the first time with no cookies or
sessions or anything, I''m asked if I want to log into the app, etc.,
and am then redirected to my callback url outside of facebook.  This
raises Facebooker::Session::IncorrectSignature.  Once I get this
error, however, if I then go back to the canvas page, it pulls in the
fbml from my controller just fine, and everything works.  Should my
app immediately go to the canvas page when a user authenticates to it,
or is there a convention for what the base callback page should look
like?  And what is missing in my configuration such that I have to be
in the canvas to avoid the errors?

Currently all of my routes live in the same controller.

Hey John,

What do you mean by callback url outside of facebook?  The user
doesn''t leave facebook do they?

This is how I understand the authentication flow.

1) User clicks on your app
2) Facebook makes a call to the callback url
     a) This controller requires that either the user is authenticated
to facebook or that the application is added by the user
     b)  Facebook shows the appropriate "log in" or "add this
app" form
     c) User clicks okay
3) Facebook makes a call to the callback url again and now your before
filter lets the request pass through to your controller.


I have ensure_application_is_installed_by_facebook_user at the top of
application.rb

Are you using IFrames? I had that error yesterday with IFRames.


Dave




On Jan 11, 2008 9:34 AM, John Richardson <barooo at gmail.com>
wrote:
> I''m working on an app, and am new to both ruby and facebooker. 
Here
> is my current area of confusion:
>
> What should happen on a user''s initial visit to my app?  When I
hit
> apps.facebook.com/<my app> for the first time with no cookies or
> sessions or anything, I''m asked if I want to log into the app,
etc.,
> and am then redirected to my callback url outside of facebook.  This
> raises Facebooker::Session::IncorrectSignature.  Once I get this
> error, however, if I then go back to the canvas page, it pulls in the
> fbml from my controller just fine, and everything works.  Should my
> app immediately go to the canvas page when a user authenticates to it,
> or is there a convention for what the base callback page should look
> like?  And what is missing in my configuration such that I have to be
> in the canvas to avoid the errors?
>
> Currently all of my routes live in the same controller.
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk
>

I meant that after logging in to my app, the user was being sent to
http://my.server/callback/path, as configured in facebook, instead of
http://apps.facebook.com/myapp, as seems to be required to use the
library.  I am not using iframes, although I was at one point so I
could use localhost for hosting, but now I have a publically
accessible host.

I changed the facebook configuration to ask/require that the user
install the app and was given extra configuration options to specify a
post-install URL (which I set to my canvas URL) and now it''s working
as I expected.

I still can''t use any controller in the app, even if no filters are
given, outside of the canvas, not even an empty one created by:
script/generate foo index

hitting /foo raises the same invalid signature error as mentioned before.

Progress is being made, though!

On Jan 11, 2008 2:26 PM, David Clements <digidigo at gmail.com>
wrote:
> Hey John,
>
> What do you mean by callback url outside of facebook?  The user
> doesn''t leave facebook do they?
>
> This is how I understand the authentication flow.
>
> 1) User clicks on your app
> 2) Facebook makes a call to the callback url
>      a) This controller requires that either the user is authenticated
> to facebook or that the application is added by the user
>      b)  Facebook shows the appropriate "log in" or "add
this app" form
>      c) User clicks okay
> 3) Facebook makes a call to the callback url again and now your before
> filter lets the request pass through to your controller.
>
>
> I have ensure_application_is_installed_by_facebook_user at the top of
> application.rb
>
> Are you using IFrames? I had that error yesterday with IFRames.
>
>
> Dave
>
>
>
>
>
> On Jan 11, 2008 9:34 AM, John Richardson <barooo at gmail.com> wrote:
> > I''m working on an app, and am new to both ruby and
facebooker.  Here
> > is my current area of confusion:
> >
> > What should happen on a user''s initial visit to my app?  When
I hit
> > apps.facebook.com/<my app> for the first time with no cookies or
> > sessions or anything, I''m asked if I want to log into the
app, etc.,
> > and am then redirected to my callback url outside of facebook.  This
> > raises Facebooker::Session::IncorrectSignature.  Once I get this
> > error, however, if I then go back to the canvas page, it pulls in the
> > fbml from my controller just fine, and everything works.  Should my
> > app immediately go to the canvas page when a user authenticates to it,
> > or is there a convention for what the base callback page should look
> > like?  And what is missing in my configuration such that I have to be
> > in the canvas to avoid the errors?
> >
> > Currently all of my routes live in the same controller.
>
> > _______________________________________________
> > Facebooker-talk mailing list
> > Facebooker-talk at rubyforge.org
> > http://rubyforge.org/mailman/listinfo/facebooker-talk
> >
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk
>

Okay cool,   sounds like we have a similar setup now.

In order to hit a controller outside of facebook you will need to skip
the before filters that require facebook authentication.  Or
alternately move ensure_application_is_installed_by_facebook_user to
just the controllers that are facebook specific.

One caveat to this , that I have noticed, is that there is a
before_filter for set_fbml_format that I have had to skip as well when
calling actions without the facebook authentication params.


Dave

On Jan 11, 2008 1:37 PM, John Richardson <barooo at gmail.com>
wrote:
> I meant that after logging in to my app, the user was being sent to
> http://my.server/callback/path, as configured in facebook, instead of
> http://apps.facebook.com/myapp, as seems to be required to use the
> library.  I am not using iframes, although I was at one point so I
> could use localhost for hosting, but now I have a publically
> accessible host.
>
> I changed the facebook configuration to ask/require that the user
> install the app and was given extra configuration options to specify a
> post-install URL (which I set to my canvas URL) and now it''s
working
> as I expected.
>
> I still can''t use any controller in the app, even if no filters
are
> given, outside of the canvas, not even an empty one created by:
> script/generate foo index
>
> hitting /foo raises the same invalid signature error as mentioned before.
>
> Progress is being made, though!
>
>
> On Jan 11, 2008 2:26 PM, David Clements <digidigo at gmail.com>
wrote:
> > Hey John,
> >
> > What do you mean by callback url outside of facebook?  The user
> > doesn''t leave facebook do they?
> >
> > This is how I understand the authentication flow.
> >
> > 1) User clicks on your app
> > 2) Facebook makes a call to the callback url
> >      a) This controller requires that either the user is authenticated
> > to facebook or that the application is added by the user
> >      b)  Facebook shows the appropriate "log in" or
"add this app" form
> >      c) User clicks okay
> > 3) Facebook makes a call to the callback url again and now your before
> > filter lets the request pass through to your controller.
> >
> >
> > I have ensure_application_is_installed_by_facebook_user at the top of
> > application.rb
> >
> > Are you using IFrames? I had that error yesterday with IFRames.
> >
> >
> > Dave
> >
> >
> >
> >
> >
> > On Jan 11, 2008 9:34 AM, John Richardson <barooo at gmail.com>
wrote:
> > > I''m working on an app, and am new to both ruby and
facebooker.  Here
> > > is my current area of confusion:
> > >
> > > What should happen on a user''s initial visit to my app? 
When I hit
> > > apps.facebook.com/<my app> for the first time with no
cookies or
> > > sessions or anything, I''m asked if I want to log into
the app, etc.,
> > > and am then redirected to my callback url outside of facebook. 
This
> > > raises Facebooker::Session::IncorrectSignature.  Once I get this
> > > error, however, if I then go back to the canvas page, it pulls in
the
> > > fbml from my controller just fine, and everything works.  Should
my
> > > app immediately go to the canvas page when a user authenticates
to it,
> > > or is there a convention for what the base callback page should
look
> > > like?  And what is missing in my configuration such that I have
to be
> > > in the canvas to avoid the errors?
> > >
> > > Currently all of my routes live in the same controller.
> >
> > > _______________________________________________
> > > Facebooker-talk mailing list
> > > Facebooker-talk at rubyforge.org
> > > http://rubyforge.org/mailman/listinfo/facebooker-talk
> > >
> > _______________________________________________
> > Facebooker-talk mailing list
> > Facebooker-talk at rubyforge.org
> > http://rubyforge.org/mailman/listinfo/facebooker-talk
> >
>

Good catch David. I have a fix for this in one of my local facebooker  
repos. I have a bunch of fixes for little things like this and some  
new helpers to add. I''ll try to get all of that committed tomorrow.

If anyone is doing both Facebook and non-facebook in the same app and  
having troubles, please speak up. I''d love to hear what the gotchas  
are so that we can fix them. I''d love to hear of any issues with  
nested controllers as well.

On Jan 11, 2008, at 2:53 PM, David Clements wrote:
> Okay cool,   sounds like we have a similar setup now.
>
> In order to hit a controller outside of facebook you will need to skip
> the before filters that require facebook authentication.  Or
> alternately move ensure_application_is_installed_by_facebook_user to
> just the controllers that are facebook specific.
>
> One caveat to this , that I have noticed, is that there is a
> before_filter for set_fbml_format that I have had to skip as well when
> calling actions without the facebook authentication params.
>
>
> Dave
>
> On Jan 11, 2008 1:37 PM, John Richardson <barooo at gmail.com> wrote:
>> I meant that after logging in to my app, the user was being sent to
>> http://my.server/callback/path, as configured in facebook, instead of
>> http://apps.facebook.com/myapp, as seems to be required to use the
>> library.  I am not using iframes, although I was at one point so I
>> could use localhost for hosting, but now I have a publically
>> accessible host.
>>
>> I changed the facebook configuration to ask/require that the user
>> install the app and was given extra configuration options to  
>> specify a
>> post-install URL (which I set to my canvas URL) and now it''s
working
>> as I expected.
>>
>> I still can''t use any controller in the app, even if no
filters are
>> given, outside of the canvas, not even an empty one created by:
>> script/generate foo index
>>
>> hitting /foo raises the same invalid signature error as mentioned  
>> before.
>>
>> Progress is being made, though!
>>
>>
>> On Jan 11, 2008 2:26 PM, David Clements <digidigo at gmail.com>
wrote:
>>> Hey John,
>>>
>>> What do you mean by callback url outside of facebook?  The user
>>> doesn''t leave facebook do they?
>>>
>>> This is how I understand the authentication flow.
>>>
>>> 1) User clicks on your app
>>> 2) Facebook makes a call to the callback url
>>>     a) This controller requires that either the user is  
>>> authenticated
>>> to facebook or that the application is added by the user
>>>     b)  Facebook shows the appropriate "log in" or
"add this app"
>>> form
>>>     c) User clicks okay
>>> 3) Facebook makes a call to the callback url again and now your  
>>> before
>>> filter lets the request pass through to your controller.
>>>
>>>
>>> I have ensure_application_is_installed_by_facebook_user at the top
>>> of
>>> application.rb
>>>
>>> Are you using IFrames? I had that error yesterday with IFRames.
>>>
>>>
>>> Dave
>>>
>>>
>>>
>>>
>>>
>>> On Jan 11, 2008 9:34 AM, John Richardson <barooo at
gmail.com> wrote:
>>>> I''m working on an app, and am new to both ruby and
facebooker.
>>>> Here
>>>> is my current area of confusion:
>>>>
>>>> What should happen on a user''s initial visit to my
app?  When I hit
>>>> apps.facebook.com/<my app> for the first time with no
cookies or
>>>> sessions or anything, I''m asked if I want to log into
the app,
>>>> etc.,
>>>> and am then redirected to my callback url outside of facebook.
>>>> This
>>>> raises Facebooker::Session::IncorrectSignature.  Once I get
this
>>>> error, however, if I then go back to the canvas page, it pulls
in
>>>> the
>>>> fbml from my controller just fine, and everything works. 
Should my
>>>> app immediately go to the canvas page when a user authenticates
>>>> to it,
>>>> or is there a convention for what the base callback page should
>>>> look
>>>> like?  And what is missing in my configuration such that I have
>>>> to be
>>>> in the canvas to avoid the errors?
>>>>
>>>> Currently all of my routes live in the same controller.
>>>
>>>> _______________________________________________
>>>> Facebooker-talk mailing list
>>>> Facebooker-talk at rubyforge.org
>>>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>>>>
>>> _______________________________________________
>>> Facebooker-talk mailing list
>>> Facebooker-talk at rubyforge.org
>>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>>>
>>
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk
--
Mike Mangino
http://www.elevatedrails.com

Hi Mike,
I am speaking up like you asked :-)

I am still having problems with the facebook app name being appended  
to non-facebook controllers i.e. i have an app "my_app" i''ll
get
something like this from an action new_sessions_path  ''/my_app/ 
sessions/new'', even though the sessions controller is outside of the  
context of the facebook controller. I tracked this down to the  
url_rewriter methods but have been unable to isolate it because of  
how deep the rewriters hook into rails.

The second problem i''ve noticed (and this might be facebook and not  
facebooker related) is that when you give someone access to the app  
in a login context (i.e. they don''t have to install the application)  
the first time they are granted access to the app facebook redirects  
them to the naked callback url, which again happens outside of those  
facebook apps that are nestled into just a controller. Do you know  
any way around that?

BTW, I am working on a skeleton app, which I could provide as a  
replacement for the kitchen sink app if anyone is interested.



Later,
Mark

On Jan 12, 2008, at 9:17 AM, Mike Mangino wrote:
> Good catch David. I have a fix for this in one of my local facebooker
> repos. I have a bunch of fixes for little things like this and some
> new helpers to add. I''ll try to get all of that committed
tomorrow.
>
> If anyone is doing both Facebook and non-facebook in the same app and
> having troubles, please speak up. I''d love to hear what the
gotchas
> are so that we can fix them. I''d love to hear of any issues with
> nested controllers as well.
>
> On Jan 11, 2008, at 2:53 PM, David Clements wrote:
>
>> Okay cool,   sounds like we have a similar setup now.
>>
>> In order to hit a controller outside of facebook you will need to  
>> skip
>> the before filters that require facebook authentication.  Or
>> alternately move ensure_application_is_installed_by_facebook_user to
>> just the controllers that are facebook specific.
>>
>> One caveat to this , that I have noticed, is that there is a
>> before_filter for set_fbml_format that I have had to skip as well  
>> when
>> calling actions without the facebook authentication params.
>>
>>
>> Dave
>>
>> On Jan 11, 2008 1:37 PM, John Richardson <barooo at gmail.com>
wrote:
>>> I meant that after logging in to my app, the user was being sent to
>>> http://my.server/callback/path, as configured in facebook,  
>>> instead of
>>> http://apps.facebook.com/myapp, as seems to be required to use the
>>> library.  I am not using iframes, although I was at one point so I
>>> could use localhost for hosting, but now I have a publically
>>> accessible host.
>>>
>>> I changed the facebook configuration to ask/require that the user
>>> install the app and was given extra configuration options to
>>> specify a
>>> post-install URL (which I set to my canvas URL) and now
it''s working
>>> as I expected.
>>>
>>> I still can''t use any controller in the app, even if no
filters are
>>> given, outside of the canvas, not even an empty one created by:
>>> script/generate foo index
>>>
>>> hitting /foo raises the same invalid signature error as mentioned
>>> before.
>>>
>>> Progress is being made, though!
>>>
>>>
>>> On Jan 11, 2008 2:26 PM, David Clements <digidigo at
gmail.com> wrote:
>>>> Hey John,
>>>>
>>>> What do you mean by callback url outside of facebook?  The user
>>>> doesn''t leave facebook do they?
>>>>
>>>> This is how I understand the authentication flow.
>>>>
>>>> 1) User clicks on your app
>>>> 2) Facebook makes a call to the callback url
>>>>     a) This controller requires that either the user is
>>>> authenticated
>>>> to facebook or that the application is added by the user
>>>>     b)  Facebook shows the appropriate "log in" or
"add this app"
>>>> form
>>>>     c) User clicks okay
>>>> 3) Facebook makes a call to the callback url again and now your
>>>> before
>>>> filter lets the request pass through to your controller.
>>>>
>>>>
>>>> I have ensure_application_is_installed_by_facebook_user at the
top
>>>> of
>>>> application.rb
>>>>
>>>> Are you using IFrames? I had that error yesterday with IFRames.
>>>>
>>>>
>>>> Dave
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Jan 11, 2008 9:34 AM, John Richardson <barooo at
gmail.com> wrote:
>>>>> I''m working on an app, and am new to both ruby and
facebooker.
>>>>> Here
>>>>> is my current area of confusion:
>>>>>
>>>>> What should happen on a user''s initial visit to my
app?  When I
>>>>> hit
>>>>> apps.facebook.com/<my app> for the first time with no
cookies or
>>>>> sessions or anything, I''m asked if I want to log
into the app,
>>>>> etc.,
>>>>> and am then redirected to my callback url outside of
facebook.
>>>>> This
>>>>> raises Facebooker::Session::IncorrectSignature.  Once I get
this
>>>>> error, however, if I then go back to the canvas page, it
pulls in
>>>>> the
>>>>> fbml from my controller just fine, and everything works.   
>>>>> Should my
>>>>> app immediately go to the canvas page when a user
authenticates
>>>>> to it,
>>>>> or is there a convention for what the base callback page
should
>>>>> look
>>>>> like?  And what is missing in my configuration such that I
have
>>>>> to be
>>>>> in the canvas to avoid the errors?
>>>>>
>>>>> Currently all of my routes live in the same controller.
>>>>
>>>>> _______________________________________________
>>>>> Facebooker-talk mailing list
>>>>> Facebooker-talk at rubyforge.org
>>>>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>>>>>
>>>> _______________________________________________
>>>> Facebooker-talk mailing list
>>>> Facebooker-talk at rubyforge.org
>>>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>>>>
>>>
>> _______________________________________________
>> Facebooker-talk mailing list
>> Facebooker-talk at rubyforge.org
>> http://rubyforge.org/mailman/listinfo/facebooker-talk
>
> --
> Mike Mangino
> http://www.elevatedrails.com
>
> _______________________________________________
> Facebooker-talk mailing list
> Facebooker-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/facebooker-talk

Hello,
> BTW, I am working on a skeleton app, which I could provide as a
> replacement for the kitchen sink app if anyone is interested.
    I''d definitely be interested. If you make your skeleton app
public, I will update my "How-To: Tutorial on developing a Facebook
application using Ruby on Rails (Part I)" (*) using Facebooker instead
of rfacebook.

   Currently I''m a little lost on how to set everything up and get
started with Facebooker.

    Cheers.

(*) http://rfacebook.wordpress.com/2008/01/10/tutorial/
-- 
Gerald Bauer - Internet Professional - http://geraldbauer.wordpress.com