Automatic Authentication

From Facebook Developer Wiki

Jump to: navigation, search

Automatic authentication is a very lightweight authentication model that replaced the concept of "adding" Platform applications. It was announced on the developers blog.

Automatic authentication means that if a user visits an application canvas page (whether it's an FBML- or iframe-based canvas page), Facebook will pass that visitor's user ID to the application, even if the user has not authorized the application. The UID also gets passed when a user interacts with another user's application tab.

With this ID, the application can access the name, friends, and profile picture for most users (except for users who have chosen to not display a public search listing). Additionally, the application can now show Feed forms and request forms to these users, though it cannot automatically publish a one line story by default since it doesn't have a session.

This system makes it possible to develop fully-featured social applications with the least possible amount of friction. Users can go from a Feed story into the middle of a game without any redirections or dialogs.

The primary difference is that with automatic authentication, the application does not get a session. It cannot request personal user data or publish to the user's profile.

Technical Details

The user ID is passed along to canvas pages as the fb_sig_canvas_user parameter. You can access it from the new version of the PHP client using:

$fb->get_canvas_user();


This parameter will not always appear. If the user has set stronger privacy settings or is redirected from a non-Facebook URL, this parameter will return null. Furthermore, if the user is logged into Facebook and enters your callback URL (for example, http://yourdomain/facebookapp) directly into the browser's address bar, neither the fb_sig_canvas_user nor the fb_sig_friends parameters get POSTed in the request because this is essentially the same as being redirected from a non-Facebook site.

To access the user's friends in an iFrame application, using PHP, you can simply call friends_get( array( "uid" => fb_sig_canvas_user ) ). Or, for an FBML-based application, the friends are sent automatically, in the fb_sig_friends parameter. Either way, client libraries can get the friend ID information by making this call:

$fb->api_client->friends_get();


To access profile pictures and names, you can use FBML or use the users.getInfo method, which will return the profile picture and user name available on the user's public profile.


See Also

Retrieved from "http://wiki.developers.facebook.com/index.php/Automatic_Authentication"
reference