Hi facebooker-ers, It looks to me like facebooker does not currently support iframe facebook apps - or am I missing something? My first problem as I understand it is as follows - When you are logged into facebook, and access a facebook application, facebook tacks on a whole lot of extra fb_sig parameters to the request (including fb_sig_user) that the application can then validate to authenticate the user. ( via a frustratingly poorly documented algorithm ) I found that for my facebook application that uses an iframe, facebooker didn''t seem to be performing this validation. Digging into the code, I found in controller.rb, that the validation is only performed if the parameter ''fb_sig_in_canvas'' is present, and when the request is for an iframe the parameter ''fb_sig_in_iframe'' is sent instead. So, I patched it to also perform the validation in that case as well. Does this make any sense? Is this patch something worth submitting? If so. how should I do that? The next problem is that now, with the patch, facebooker validates these parameters and authenticates the facebook user placing their credentials in the session, and all proceeds smoothly. However, if the user logs out of facebook, their credentials remain in the session and they are left still logged in to the facebook application. If a second user logs into facebook and accesses the application, they will be logged in to it as the first user. I''m not sure what to do about this.. any ideas? cheers Perryn
Hi Perryn, I am also struggling with getting iframes to work with facebooker. Sorry to be ignorant of how facebooker works, but I am trying to switch from rfacebook. When you say "the validation is only performed if the parameter ''fb_sig_in_canvas'' is present"Are you talking about secure_with_facebook_params!, which calls request_is_for_a_facebook_canvas? The only assistance I can give you is a link to a blog post, which talks about your problem, which was some help to me. http://webjazz.blogspot.com/2008/03/gotchas-of-internal-iframe-facebook.html Is using iframes with facebooker a dead end? I am considering using an fbml fb:iframe tag to wrap all my pages instead, but this would be a lot slower on low bandwidth connections and would also mean I would have to do some hacking of link_to to get clicks in the iframe to redirect the facebook frmae.> Hi facebooker-ers, > > It looks to me like facebooker does not currently support iframe > facebook apps - or am I missing something? > > My first problem as I understand it is as follows - When you are > logged into facebook, and access a facebook application, > facebook tacks on a whole lot of extra fb_sig parameters to the > request (including fb_sig_user) that the application can then > validate to authenticate the user. ( via a frustratingly poorly > documented algorithm ) > > I found that for my facebook application that uses an iframe, > facebooker didn''t seem to be performing this validation. > > Digging into the code, I found in controller.rb, that the validation > is only performed if the parameter ''fb_sig_in_canvas'' is present, > and when the request is for an iframe the parameter ''fb_sig_in_iframe'' > is sent instead. > > So, I patched it to also perform the validation in that case as well. > > Does this make any sense? Is this patch something worth submitting? If > so. how should I do that? > > The next problem is that now, with the patch, facebooker validates > these parameters and authenticates the facebook user > placing their credentials in the session, and all proceeds smoothly. > However, if the user logs out of facebook, > their credentials remain in the session and they are left still logged > in to the facebook application. If a second user logs into > facebook and accesses the application, they will be logged in to it as > the first user. > > I''m not sure what to do about this.. any ideas? > > cheers > Perryn_________________________________________________________________ Be part of history. Take part in Australia''s first e-mail archive with Email Australia. http://emailaustralia.ninemsn.com.au -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://rubyforge.org/pipermail/facebooker-talk/attachments/20080525/5c239519/attachment.html>
There aren''t many people using facebooker for IFrame applications. We would love to support it better, but will need your help. Can you provide some example parameters along with an exact error message, ideally including a stack trace? Mike On May 24, 2008, at 9:02 PM, Kristian Meyer wrote:> Hi Perryn, > > I am also struggling with getting iframes to work with facebooker. > Sorry to be ignorant of how facebooker works, but I am trying to > switch from rfacebook. When you say > "the validation > is only performed if the parameter ''fb_sig_in_canvas'' is present" > Are you talking about secure_with_facebook_params!, which calls > request_is_for_a_facebook_canvas? > > The only assistance I can give you is a link to a blog post, which > talks about your problem, which was some help to me. > > http://webjazz.blogspot.com/2008/03/gotchas-of-internal-iframe-facebook.html > > Is using iframes with facebooker a dead end? I am considering using > an fbml fb:iframe tag to wrap all my pages instead, but this would > be a lot slower on low bandwidth connections and would also mean I > would have to do some hacking of link_to to get clicks in the iframe > to redirect the facebook frmae. > > > > Hi facebooker-ers, > > > > It looks to me like facebooker does not currently support iframe > > facebook apps - or am I missing something? > > > > My first problem as I understand it is as follows - When you are > > logged into facebook, and access a facebook application, > > facebook tacks on a whole lot of extra fb_sig parameters to the > > request (including fb_sig_user) that the application can then > > validate to authenticate the user. ( via a frustratingly poorly > > documented algorithm ) > > > > I found that for my facebook application that uses an iframe, > > facebooker didn''t seem to be performing this validation. > > > > Digging into the code, I found in controller.rb, that the validation > > is only performed if the parameter ''fb_sig_in_canvas'' is present, > > and when the request is for an iframe the parameter > ''fb_sig_in_iframe'' > > is sent instead. > > > > So, I patched it to also perform the validation in that case as > well. > > > > Does this make any sense? Is this patch something worth > submitting? If > > so. how should I do that? > > > > The next problem is that now, with the patch, facebooker validates > > these parameters and authenticates the facebook user > > placing their credentials in the session, and all proceeds smoothly. > > However, if the user logs out of facebook, > > their credentials remain in the session and they are left still > logged > > in to the facebook application. If a second user logs into > > facebook and accesses the application, they will be logged in to > it as > > the first user. > > > > I''m not sure what to do about this.. any ideas? > > > > cheers > > Perryn > > > > Email Australia. Be part of history. Take part in Australia''s first > e-mail archive with _______________________________________________ > Facebooker-talk mailing list > Facebooker-talk at rubyforge.org > http://rubyforge.org/mailman/listinfo/facebooker-talk-- Mike Mangino http://www.elevatedrails.com
Hi Mike,
I don''t have a stack trace or parameters that would be useful, it is
more that the behaviour is not compatible with how iframes work.
The first unsupported thing for iframes is logging in to the app (or facebook).
If your facebooker app is set up as iframe, the login.php or tos.php page will
be nested within the original frame, giving a double facebook border.
I used code modified from the blog entry I mentioned,
(http://webjazz.blogspot.com/2008/03/gotchas-of-internal-iframe-facebook.html),
which overrides create_new_facebook_session_and_redirect!, like so:
class WorkshopController < ApplicationController
ensure_authenticated_to_facebook
def create_new_facebook_session_and_redirect!
session[:facebook_session] = new_facebook_session
render :layout => false, :inline => %Q{<script
type="text/javascript">
top.location.href = "<%= session[:facebook_session].login_url
-%>"
</script>}
# (:canvas=>"true")
end
def index
@user = session[:facebook_session].user
end
end
This is modified from the 10-minute quick start guide for facebooker.
This works around the double frame problem, but once the user clicks on the
"Log in to <app name>" button, they are taken to my app without
the frame. So this is another problem, the user should be taken to
apps.facebook.com/<app name>. I tried putting changing the call to
login_url to login_url(:canvas=>"true"), but this caused an endless
loop somehow.
I don''t understand enough of the facebooker code to fix these problems
for iframes.
Thanks for any assistance you can provide.
> CC: facebooker-talk at rubyforge.org
> From: mmangino at elevatedrails.com
> To: kpmeyer at hotmail.com
> Subject: Re: [Facebooker-talk] Facebooker support for iframe apps
> Date: Sat, 24 May 2008 21:45:49 -0500
>
> There aren''t many people using facebooker for IFrame applications.
We
> would love to support it better, but will need your help.
>
> Can you provide some example parameters along with an exact error
> message, ideally including a stack trace?
>
> Mike
>
>
> On May 24, 2008, at 9:02 PM, Kristian Meyer wrote:
>
> > Hi Perryn,
> >
> > I am also struggling with getting iframes to work with facebooker.
> > Sorry to be ignorant of how facebooker works, but I am trying to
> > switch from rfacebook. When you say
> > "the validation
> > is only performed if the parameter
''fb_sig_in_canvas'' is present"
> > Are you talking about secure_with_facebook_params!, which calls
> > request_is_for_a_facebook_canvas?
> >
> > The only assistance I can give you is a link to a blog post, which
> > talks about your problem, which was some help to me.
> >
> >
http://webjazz.blogspot.com/2008/03/gotchas-of-internal-iframe-facebook.html
> >
> > Is using iframes with facebooker a dead end? I am considering using
> > an fbml fb:iframe tag to wrap all my pages instead, but this would
> > be a lot slower on low bandwidth connections and would also mean I
> > would have to do some hacking of link_to to get clicks in the iframe
> > to redirect the facebook frmae.
> >
> >
> > > Hi facebooker-ers,
> > >
> > > It looks to me like facebooker does not currently support iframe
> > > facebook apps - or am I missing something?
> > >
> > > My first problem as I understand it is as follows - When you are
> > > logged into facebook, and access a facebook application,
> > > facebook tacks on a whole lot of extra fb_sig parameters to the
> > > request (including fb_sig_user) that the application can then
> > > validate to authenticate the user. ( via a frustratingly poorly
> > > documented algorithm )
> > >
> > > I found that for my facebook application that uses an iframe,
> > > facebooker didn''t seem to be performing this validation.
> > >
> > > Digging into the code, I found in controller.rb, that the
validation
> > > is only performed if the parameter
''fb_sig_in_canvas'' is present,
> > > and when the request is for an iframe the parameter
> > ''fb_sig_in_iframe''
> > > is sent instead.
> > >
> > > So, I patched it to also perform the validation in that case as
> > well.
> > >
> > > Does this make any sense? Is this patch something worth
> > submitting? If
> > > so. how should I do that?
> > >
> > > The next problem is that now, with the patch, facebooker
validates
> > > these parameters and authenticates the facebook user
> > > placing their credentials in the session, and all proceeds
smoothly.
> > > However, if the user logs out of facebook,
> > > their credentials remain in the session and they are left still
> > logged
> > > in to the facebook application. If a second user logs into
> > > facebook and accesses the application, they will be logged in to
> > it as
> > > the first user.
> > >
> > > I''m not sure what to do about this.. any ideas?
> > >
> > > cheers
> > > Perryn
> >
> >
> >
> > Email Australia. Be part of history. Take part in Australia''s
first
> > e-mail archive with _______________________________________________
> > Facebooker-talk mailing list
> > Facebooker-talk at rubyforge.org
> > http://rubyforge.org/mailman/listinfo/facebooker-talk
>
> --
> Mike Mangino
> http://www.elevatedrails.com
>
>
>
_________________________________________________________________
Search for local singles online @ Lavalife - Click here
http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Flavalife9%2Eninemsn%2Ecom%2Eau%2Fclickthru%2Fclickthru%2Eact%3Fid%3Dninemsn%26context%3Dan99%26locale%3Den%5FAU%26a%3D30290&_t=764581033&_r=email_taglines_Search_OCT07&_m=EXT
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://rubyforge.org/pipermail/facebooker-talk/attachments/20080525/db6022ae/attachment.html>