Facebook的OAuth登录iframe画布应用程序显示徽标图像和转到Facebook.com标题而不是登录 [英] Facebook OAuth login for iframe canvas apps displays a logo image and a Go to Facebook.com caption instead of logging in

问题描述

我正在尝试设置（iframe）的Facebook应用程序以使用OAuth进行身份验证。
我从Facebook使用了

此问题的唯一已知解决方案是首先重定向到 https ：//graph.facebook.com/oauth/authorize？从客户端（即通过JavaScript），使用

 < script type ='text / javascript'> 
 top.location.href =https：//graph.facebook.com/oauth/authorize？....... 
< / script> 
  

当用户点击某个元素（例如登录按钮）或每当访问特定页面时（只需将其包含在HTML头）。

I'm trying to set up my (iframe) Facebook application to use OAuth for authentication. I used the python-sdk from Facebook, but I'm not really satisfied by the result, yet.

The problem is that when I redirect a user that never accessed my application to the login page, my iframe diplays an ugly intermediate page, such as the following one:

If the user clicks on "Go to Facebook.com" link, she is then redirected to the standard "Request for Permission" page.

Is there any way to avoid the first page and lead the user straight to the second one?

This problem happens on the first access for users that haven't granted any permission to my application yet.

The login code is based on the OAuth example in the Python SDK:

class LoginHandler(BaseHandler):
    def get(self):
        verification_code = self.request.get("code")
        args = dict(client_id=FACEBOOK_APP_ID, redirect_uri=self.request.path_url)
        if self.request.get("code"):
            args["client_secret"] = FACEBOOK_APP_SECRET
            args["code"] = self.request.get("code")
            raw_response = urllib.urlopen(
                "https://graph.facebook.com/oauth/access_token?" +
                urllib.urlencode(args)).read()
            logging.debug("access_token raw response " + raw_response)
            response = cgi.parse_qs(raw_response)
            access_token = response["access_token"][-1]

            # Download the user profile and cache a local instance of the
            # basic profile info
            graph = facebook.GraphAPI(access_token)
            profile = graph.get_object("me")

            user = User.get_by_key_name(profile["id"])
            if not user:
                user = User(key_name=str(profile["id"]),
                                id=str(profile["id"]),
                                name=profile["name"],
                                firstname=profile["first_name"],
                                profile_url=profile["link"],
                                access_token=access_token)
                user.put()
            elif user.access_token != access_token:
                # we already know this user, but we need to update
                user.access_token = access_token
                user.put()

            set_cookie(self.response, "fb_user", str(profile["id"]),
                       expires=time.time() + 30 * 86400)

            self.response.headers["P3P"] = 'CP="IDC CURa ADMa OUR IND PHY ONL COM STA"'
            self.redirect("/")
        else:
            self.redirect(
                "https://graph.facebook.com/oauth/authorize?" +
                urllib.urlencode(args))

解决方案

The issue is caused to the code Facebook uses to bust out of iframes. A bug has been filed on Facebook's bugzilla: http://bugs.developers.facebook.net/show_bug.cgi?id=11326

The only known solution to this problem is to do the first redirect to https://graph.facebook.com/oauth/authorize? from the client side (i.e. Via JavaScript), using

 <script type='text/javascript'>
 top.location.href="https://graph.facebook.com/oauth/authorize?.......
 </script>

This can be triggered when the user clicks on some element (e.g. a login button) or whenever a specific page is visited (just include it in the HTML head).

这篇关于Facebook的OAuth登录iframe画布应用程序显示徽标图像和转到Facebook.com标题而不是登录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！