iframe 画布应用程序的 Facebook OAuth 登录显示徽标图像和转到 Facebook.com 标题，而不是登录 [英] Facebook OAuth login for iframe canvas apps displays a logo image and a Go to Facebook.com caption instead of logging in

问题描述

我正在尝试设置我的 (iframe) Facebook 应用程序以使用 OAuth 进行身份验证.我使用了 Facebook 的

此问题的唯一已知解决方案是从客户端(即通过 JavaScript)第一次重定向到 https://graph.facebook.com/oauth/authorize?，使用

这可以在用户点击某个元素(例如登录按钮)或访问特定页面时触发(只需将其包含在 HTML 标题中).

I'm trying to set up my (iframe) Facebook application to use OAuth for authentication. I used the python-sdk from Facebook, but I'm not really satisfied by the result, yet.

The problem is that when I redirect a user that never accessed my application to the login page, my iframe diplays an ugly intermediate page, such as the following one:

If the user clicks on "Go to Facebook.com" link, she is then redirected to the standard "Request for Permission" page.

Is there any way to avoid the first page and lead the user straight to the second one?

This problem happens on the first access for users that haven't granted any permission to my application yet.

The login code is based on the OAuth example in the Python SDK:

class LoginHandler(BaseHandler):
    def get(self):
        verification_code = self.request.get("code")
        args = dict(client_id=FACEBOOK_APP_ID, redirect_uri=self.request.path_url)
        if self.request.get("code"):
            args["client_secret"] = FACEBOOK_APP_SECRET
            args["code"] = self.request.get("code")
            raw_response = urllib.urlopen(
                "https://graph.facebook.com/oauth/access_token?" +
                urllib.urlencode(args)).read()
            logging.debug("access_token raw response " + raw_response)
            response = cgi.parse_qs(raw_response)
            access_token = response["access_token"][-1]

            # Download the user profile and cache a local instance of the
            # basic profile info
            graph = facebook.GraphAPI(access_token)
            profile = graph.get_object("me")

            user = User.get_by_key_name(profile["id"])
            if not user:
                user = User(key_name=str(profile["id"]),
                                id=str(profile["id"]),
                                name=profile["name"],
                                firstname=profile["first_name"],
                                profile_url=profile["link"],
                                access_token=access_token)
                user.put()
            elif user.access_token != access_token:
                # we already know this user, but we need to update
                user.access_token = access_token
                user.put()

            set_cookie(self.response, "fb_user", str(profile["id"]),
                       expires=time.time() + 30 * 86400)

            self.response.headers["P3P"] = 'CP="IDC CURa ADMa OUR IND PHY ONL COM STA"'
            self.redirect("/")
        else:
            self.redirect(
                "https://graph.facebook.com/oauth/authorize?" +
                urllib.urlencode(args))

解决方案

The issue is caused to the code Facebook uses to bust out of iframes. A bug has been filed on Facebook's bugzilla: http://bugs.developers.facebook.net/show_bug.cgi?id=11326

The only known solution to this problem is to do the first redirect to https://graph.facebook.com/oauth/authorize? from the client side (i.e. Via JavaScript), using

 <script type='text/javascript'>
 top.location.href="https://graph.facebook.com/oauth/authorize?.......
 </script>

This can be triggered when the user clicks on some element (e.g. a login button) or whenever a specific page is visited (just include it in the HTML head).

这篇关于iframe 画布应用程序的 Facebook OAuth 登录显示徽标图像和转到 Facebook.com 标题，而不是登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！