Leave a comment


 

fbleadgen said on February 5th, 2011 at 10:16 pm :

With regards to the “Error validating verification code” problem, I’ve also noticed that sometimes when setting up a new app the Facebook Core Settings panel doesn’t keep a hold of the Site URL/Domain. Often I’ve gotta go in and re-enter these values. As you can imagine, it was quite frustrating figuring this out! :S

Jan 30, 2011 | Making sense of Facebook OAuth, Graph API

I spent the last two hours slogging through Facebook's developer documentation and StackOverflow's comments and I figured I'd try to save some people some of the same pain by putting up a useful walkthrough of using a simple authentication script allowing people to connect using Facebook.

1) Make an app on Facebook. I will assume that you have entered http://www.website.com/ as your site URL and website.com in your domain. You need the trailing slash in the site URL. Keep note of the app ID and the secret.

2) Send your users to

https://graph.facebook.com/oauth/authorize?type=web_server&display=touch&client_id=app id&redirect_uri=http://www.website.com/post.php

If the user is not authenticated, they will see the following screen. The documentation should be able to help you customize the types of data you want to retrieve from individuals.

You can change the display to be "page", "touch", or "wap" depending on your needs. Think of post.php to be an intermediary page where you send Facebook the approval that your user gave to your app. It should contain all of the following:


<?php
$app_id = "";
$app_secret = "";
$my_url = "http://www.website.com/post.php";

$code = $_GET["code"];

$token_url = "https://graph.facebook.com/oauth/access_token?type=web_server&client_id="
. $app_id . "&redirect_uri=" . $my_url . "&client_secret="
. $app_secret . "&code=" . $code;

$access_token = file_get_contents($token_url);

$graph_url = "https://graph.facebook.com/me?" . $access_token;

$user = json_decode(file_get_contents($graph_url));

echo("Hello " . $user->name);

?>

Hopefully it all makes a lot of sense. Basically once you've gotten the user's authorization to retrieve some basic information from them, you then send Facebook that authorization and are given an access_token that validates that request. You can pass that access_token to the Graph API and unlock more goodies that way too.

Debug hints:
I got a big headache getting "Error validating verification code" and the issue I boiled it down to was the need to have the same URL (case sensitive and all) as the one you placed the request from be the one in post.php. You should not be using &type=client_cred to get rid of your headache as that's simply bypassing the user authentication altogether and you cannot leverage anything from the graph/me (user information) API.

Also written on this day..

This entry was posted on Sunday, January 30th, 2011 at 4:18 am, EST under the category of Coding. You can leave a response, or trackback from your own site.