Login Desktop App
From Facebook Developer Wiki
Contents |
[edit] Logging a User into a Desktop Application
This article provides a high level view of the login process for a desktop application.
First, create an auth_token by calling auth.createToken.
Your desktop application may look something like this (see below for a sample login button).
Using the auth_token returned from auth.createToken, redirect the user to the following URL in a Web browser, to log in to Facebook. http://www.facebook.com/login.php?api_key=YOUR_API_KEY&v=1.0&auth_token=abc123
If the user is not already logged into Facebook, the user will be directed to a page like this:
If the user has never logged into your application before, she'll be asked to authorize (through which the user accepts the Terms of Service for using the application). These are your Terms of Service, not Facebook's. If the user has already accepted the Terms of Service, this dialog does not appear.
If the user has used your application before, she'll be taken directly to the "logged in" page.
The user is now successfully logged into the application, and is directed to close the browser window and return to the application.
[edit] Getting a Session Key for the User
Once the user logs into your application, you need to get a session key so you can make API calls on behalf of the user. To do this, call auth.getSession over https passing in the same auth_token that was used as a parameter to login.php. This method also returns a session key for the user, when the session key expires, and a secret, which should be used in place of the desktop application's normal secret to sign all subsequent calls in this session.
Be sure to use the secret returned by auth.getSession when signing any calls that require a session key. For API calls made outside the context of a session (for example, auth.createToken), use your application's secret key as the secret.
Session keys for desktop applications last 24 hours. If you make another API call that requires a session within those 24 hours, the session gets extended for another 24 hours. You can get a permanent session by prompting a user to grant your application the offline access extended permission. Direct the user to this URL: http://www.facebook.com/authorize.php?api_key=YOUR_API_KEY&v=1.0&ext_perm=offline_access
[edit] Required Parameters for Use Outside a Session
These are the parameters required for all API calls except those that happen outside of the context of a session:
| Parameter | Description |
|---|---|
| session_key | The session key assigned to the user after they have logged in via the vendor page. This is the code returned to the application from the login request. This key may time out, after which the $API_EC_PARAM_SESSION_KEY error gets returned. The application then needs to redirect the user to the login page to obtain another key. |
| call_id | This is simply a number that must increase with each API call in a particular session. We strongly recommend using the current time in milli- or micro-seconds. In PHP, this can be set equal to microtime(true). |
Whether the request generates an error or not, an XML stream gets sent back to the application as a response to the request.
[edit] Facebook Login Image
You may use this image to display on your site as a link or login to Facebook.
Please note that you may only use the Facebook name (or any of our other trademarks) in accordance with the Facebook Platform Terms of Service. You will likely format the button like this:
