Using Facebook Connect with Server-Side Libraries

From Facebook Developer Wiki

Jump to: navigation, search

One of the primary goals of Facebook Connect is to provide developers choice with respect to how they integrate Facebook data into their site. In particular, we support three general approaches towards integrating data -– XFBML, the Facebook JavaScript Client Library, and the Facebook Server-Side Libraries. These approaches can freely be intermixed within a single site.

Most of the Facebook Connect examples on this wiki show how to use either XFBML and the Facebook JavaScript library or the Facebook PHP Library. This article describes how to transfer sessions generated in one environment to the other.

With Facebook Connect, you can make calls to the Facebook Platform REST server -- http://api.facebook.com/restserver.php.

By and large, the API is fully supported, with some exceptions. Facebook Connect provides additional JavaScript methods (like stream.* methods) as well as XFBML (which is an extension to FBML, the Facebook markup language). You can't make any API calls that require your application secret, such as admin.getAppProperties, admin.setAppProperties, fbml.setRefHandle, and the Permissions API.

Moreover, you'll need to use the JavaScript library to perform the following actions that require AJAX dialogs when called by the REST API:

Transferring Sessions From JavaScript to the Server

If a session is generated using the Facebook Connect login flow, that session may also be used with the Facebook PHP Library. If you're using the Facebook JavaScript Library and the Facebook PHP Library, this process will be automatic (as the JavaScript library will save the session in a set of cookies local to your site, which the PHP library will parse). Note that the session will not be available on the server side until the next HTTP request.

If you're not using the Facebook PHP Library, please see Verifying The Signature for details on the cookie format and how to ensure that the cookies you're transferring are secure.

Transferring Sessions From JavaScript to ASP.NET

There is an ASP.NET library that can help you verify your Facebook Connect users and transfer their session from JavaScript to ASP.NET: Facebook Connect Authentication for ASP.NET. You can also read this article for more info: How to Retrieve User Data from Facebook Connect in ASP.NET

Transferring Sessions From the Server to JavaScript

A session secret-based session is required for the Facebook JavaScript Client Library. By default, sessions generated on the server-side (for example, by calling require_login) are not session secret-based. In order to get a session secret-based session, you have two options:

  1. Explicitly ask for a session secret-based session in auth.getSession – when first requesting a session, you can ask for a session secret-based session via this API. If you’re using our PHP 5 client library, you can also indicate this in the Facebook object constructor.
  2. Promote a non-session-secret-based session – the auth.promoteSession API call can be used to promote an already existing session to a session secret-based session.

The PHP 5 client automatically saves the session in a set of cookies local to your site, which the Facebook JavaScript library will parse, so a valid session secret-based session should be available immediately after either of these methods succeeds. If you’re not using the Facebook PHP library, please see the article Verifying The Signature for details on the cookie format and how to ensure that the cookies you’re transferring are secure.

The Facebook Connect login flow is JavaScript-based, so almost all interoperability scenarios will involve moving sessions from JavaScript to the server. If your site is using the traditional redirect/popup experience or the user has previously granted your site offline access, it may be necessary to promote a session from the server to JavaScript.

Retrieved from "http://wiki.developers.facebook.com/index.php/Using_Facebook_Connect_with_Server-Side_Libraries"