The REST API has two methods for dealing with authenticating your users. The method facebook.auth.createToken creates an authentication token (auth_token) that is then passed to the Facebook authentication mechanism. After the user is logged in, the second REST method, facebook.auth.getSession, will contain this token in the response, but only if you specifically request the auth_token in the response.
Authentication is usually (at least when it’s done well) a big headache for developing online applications. Because Facebook takes responsibility for these actions, you don’t have to purchase SSL certifications, implement your own encryption schema for passwords, or even worry about sessions. In the case of the PHP client library, you start the authentication procedure by calling the Facebook object’s require_login method. By calling this method, your users are redirected to Facebook’s login pages (https://login.facebook.com/login.php), which are passed your API key, and the user is given a session key and redirected to your callback page. The only difference is that when the user enters the application for the first time, they are asked to accept the terms of service for the application.
Now, you might find yourself in need of performing some task (such as updating FBML), but instead of logging into Facebook every time, you want to update the data to use some sort of scheduled task. You are able to do this with an infinite session key.
The process to get your infinite key is a bit convoluted (but, hey, you have to do it only once for each application). After creating your application, create a new page (infinite_key.php) in your callback domain that creates a new Facebook object and echoes your session_key:
<?php
/**
* @title infinite_key.php
*/
$facebook_config['debug'] = false;
$facebook_config['api_key'] = '<your_api_key>';
$facebook_config['secret_key'] = '<your_secret_key>';
require_once('<path_to_api>/facebook.php');
$facebook = new Facebook($facebook_config['api_key'],
$facebook_config['secret']);
// force a login page
$user = $facebook->require_login();
$infinate_key = $facebook->api_client->session_key;
echo($infinate_key);
?>
Once you have this code on your server, log out of Facebook, clear your Facebook cookies and browser cache (just to make sure nothing funky is going on), and then go to the page you just created on your server (that is, not the application URL, but the actual URL). You will be asked to log on again, so do so, but make sure you check the No Longer Have to Log In to Facebook box. After you’ve logged on, you should see the infinite key that you can then use in your code.
You can now use your own UID and key in other code to perform anything that needs to happen on a regular basis with the set_user function in the facebook object:
<?php
...
$uid = '<your_uid>';
$key = '<your infinite key>';
$facebook->set_user($uid, $key);
// code that needs to be executed
?>
The infinite key is a powerful construct for your Facebook application that you might find you need to implement. Most of the folks who have needed this are updating FBML for features such as mini-feeds or pushing content to their user’s profile page.
0 comments
Post a Comment