Skip to end of metadata
Go to start of metadata

Steps For Creating a Facebook Application

  1. Login to your facebook account (or register if you don't already have one)
  2. Go to the developer page on facebook
  3. From here, click on Apps (in the header of the page)
  4. Click on Create New App
  5. Provide a name to your app, and respond correctly to the captcha challenge
    • if you haven't verified your account yet, you will be requested to do that, using either your phone number or your credit card info
  6. Provide a site url (make sure that you use the site url that will have the callback pages, facebook requires all callback provided in requests (explained later) to be on the same domain)

And you're done!

Facebook will show you the summary info of your application, including:

  • App Id
  • App Secret

Steps for authorizing your application

Authentication gives your app the ability to know the identity of a Facebook user, and to read and write data via Facebook's APIs. The Facebook Platform uses OAuth 2.0 for authentication and authorization.

 Full documentation about Facebook's authentication included here

What is required:

  • an App Id
  • an App Secret
  • a callback page that facebook will redirect to once the user authorizes your app to access his account
  • a set of permissions to that application will require (this includes what the app you're building needs to do: does it need to post on the user's wall? does it need to access his friends list?) expressed as a comma separated list of strings

The Flow

The process goes as follows:

  1. The website will provide the user with an authorization link; the link will look like this: https://www.facebook.com/dialog/oauth?client_id=clientId&redirect_uri=uri&state=someUserIdentifier&scope=publish_stream%2Cread_stream%2Cuser_photos%2Cuser_videos%2Cuser_status%2Coffline_access%2Cmanage_pages%2Cread_insights
    which includes:
    1. client_id: the app id provided by facebook while creating the application
    2. redirect_uri: location of the page that will be called by the browser (via a redirect). This page will be the one processing the Facebook call when the user authorizes your application
    3. state: free parameter that facebook will retransmit in the redirect call. Use this parameter to identify the requesting user (a temporary key associated with the user would be a good example)
    4. scope: the set of permissions requested
  2. The user clicks on the link, gets a dialog and either
    1. clicks on authorize (the case we're interested in)
    2. or clicks on decline
  3. The Facebook dialog will redirect to the specified redirect_uri, including the state and a verifier code (using request parameters: state and code)
  4. The application at the redirect_uri will
    1. read the state parameter and identify the user
    2. obtain an access token, based on the provided code

Generating the authorization url

Generating the authorization url is done using the apstrata scripting method:

apsdb.social.facebook.getRequestToken

 

 

Obtaining the AccessToken

Obtaining the AccessToken is done using the apstrata scripting method

apsdb.social.facebook.getAccessToken

 

Important Notes

  1. The redirect url needs to be under the same domain specified as the "site url" in the definition of the Facebook application
  2. The redirect url needs to end with a /

 

  • No labels