Steps For Creating a Facebook Application

  1. Login to your facebook account (or register if you don't already have one)
  2. Go to the developer page on facebook
  3. From here, click on Apps (in the header of the page)
  4. Click on Create New App
  5. Provide a name to your app, and respond correctly to the captcha challenge
  6. Provide a site url (make sure that you use the site url that will have the callback pages, facebook requires all callback provided in requests (explained later) to be on the same domain)

And you're done!

Facebook will show you the summary info of your application, including:

Steps for authorizing your application

Authentication gives your app the ability to know the identity of a Facebook user, and to read and write data via Facebook's APIs. The Facebook Platform uses OAuth 2.0 for authentication and authorization.

 Full documentation about Facebook's authentication included here

What is required:

The Flow

The process goes as follows:

  1. The website will provide the user with an authorization link; the link will look like this:
    which includes:
    1. client_id: the app id provided by facebook while creating the application
    2. redirect_uri: location of the page that will be called by the browser (via a redirect). This page will be the one processing the Facebook call when the user authorizes your application
    3. state: free parameter that facebook will retransmit in the redirect call. Use this parameter to identify the requesting user (a temporary key associated with the user would be a good example)
    4. scope: the set of permissions requested
  2. The user clicks on the link, gets a dialog and either
    1. clicks on authorize (the case we're interested in)
    2. or clicks on decline
  3. The Facebook dialog will redirect to the specified redirect_uri, including the state and a verifier code (using request parameters: state and code)
  4. The application at the redirect_uri will
    1. read the state parameter and identify the user
    2. obtain an access token, based on the provided code

Generating the authorization url

Generating the authorization url is done using the apstrata scripting method:, AppSecret, redirect_uri, scope, state)
ex:"444444444444444", "626262626262662626262", "", "publish_stream,read_stream,user_photos,user_videos,user_status,offline_access,manage_pages,read_insights", "ABCDEF")


Obtaining the AccessToken

Obtaining the AccessToken is done using the apstrata scripting method, AppSecret, redirect_uri, code)
ex:"444444444444444", "626262626262662626262", "","AQAPWAi96tsTilrEnbwCtgo9QlBL7-OgwzSJajHA5TdBj5Vp8NA3ZszMwrOzLr");

Important Notes

  1. The redirect url needs to be under the same domain specified as the "site url" in the definition of the Facebook application
  2. The redirect url needs to end with a /