Session Proxy

From Facebook Developer Wiki

Jump to: navigation, search

A session proxy is an endpoint that makes a call to auth.getSession on behalf of a client application. Calls to auth.getSession must be signed with an application secret, so a session proxy is ideal for developers that do not want to embed their application secret in their codebase for security reasons. Currently, we encourage all iPhone applications that integrate with Facebook Connect to use a session proxy.

The data returned by your session proxy should be identical to the data returned by a call to auth.getSession. To use a session proxy in your client application, just replace your auth.getSession call with a request to your Session Proxy URL. No other modifications should be necessary.

Example Session Proxy

Here's a simple session proxy written in PHP.

<?php require_once $_SERVER['PHP_ROOT'].'/lib/api/client/php_1_1/facebook.php'; $APP_INFO = array('api_key' => 'YOUR_API_KEY', 'secret' => 'YOUR_APP_SECRET'); $auth_token = $_GET['auth_token']; $generate_ss = $_GET['generate_session_secret']; unset($_GET['auth_token']); unset($_GET['generate_session_secret']); $fb = new Facebook($APP_INFO['api_key'], $APP_INFO['secret'], $generate_ss); $fb->clear_cookie_state(); $fb->api_client->setFormat('xml'); $session_vars = $fb->api_client->auth_getSession($auth_token, $generate_ss); echo $fb->api_client->getRawData();


Here's a version of the same proxy, with comments.

<?php require_once $_SERVER['PHP_ROOT'].'/lib/api/client/php_1_1/facebook.php'; //////////////////////////////////////////////////////////////////////////////// // Put your app info here. //////////////////////////////////////////////////////////////////////////////// $APP_INFO = array('api_key' => 'YOUR_API_KEY', 'secret' => 'YOUR_APP_SECRET'); //////////////////////////////////////////////////////////////////////////////// // You probably don't need to modify anything below this line. //////////////////////////////////////////////////////////////////////////////// // grab the auth_token and generate_session_secret GET values. the Facebook // PHP lib does some magic with these, so unset them to hide them from the lib. // client libraries in other languages probably don't have this problem. $auth_token = $_GET['auth_token']; $generate_ss = $_GET['generate_session_secret']; unset($_GET['auth_token']); unset($_GET['generate_session_secret']); // initialize the Facebook lib $fb = new Facebook($APP_INFO['api_key'], $APP_INFO['secret'], $generate_ss); // the PHP lib also does some magic with cookies, so clear them $fb->clear_cookie_state(); // set format to XML, since that's the format we need to return to the iPhone $fb->api_client->setFormat('xml'); // make the auth.getSession call $session_vars = $fb->api_client->auth_getSession($auth_token, $generate_ss); // print the raw XML response echo $fb->api_client->getRawData(); // if the raw XML data isn't available (either because you use JSON instead of // XML, or because you're using a client library that doesn't support // getRawData(), you can always output the XML yourself /* $xml = '<?xml version="1.0" encoding="UTF-8"?>'; $xml .= '<auth_getSession_response'; $xml .= ' xmlns="http://api.facebook.com/1.0/"'; $xml .= ' xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"'; $xml .= ' xsi:schemaLocation="http://api.facebook.com/1.0/'; $xml .= ' http://api.facebook.com/1.0/facebook.xsd">'; foreach ($session_vars as $key => $val) { $xml .= '<' . $key . '>' . $val . '</' . $key . '>'; } $xml .= '</auth_getSession_response>'; echo $xml; */
Retrieved from "http://wiki.developers.facebook.com/index.php/Session_Proxy"
reference