9

I am trying to create a welcome tab for one of my pages, but I would like to be able to access a users likes (permission user_likes).

I can only find documentation on how to do this for a Facebook app or a website integrating Facebook, I can find no documentation on how to do this for an app (tab) inside a facebook page (as a welcome tab).

Is it possible as a page tab to request extra permissions from the user but allow page access without it, or is it a case or me having to make an application as well as a page tab? Could I perhaps have a button that when they click it grants the page extra permissions?

I am currently trying two separate implementations, neither of which I can get to work, PHP and Javascript.

Thanks,

Just using 

$loginUrl = $fb->getLoginUrl(
     array('canvas' => 1, 'scope' => 'user_likes,user_about_me,user_birthday')
);

echo "<a href='$loginUrl'>Login</a>";

Results in a link, which just redirects the user (within the pages iframe) to a screen with the Facebook logo. I want a permissions dialog!

Facebook Fail

Using the javascript code

<script>
  FB.init({
    appId  : 'APPID',
    status : true, // check login status
    cookie : true, // enable cookies to allow the server to access the session
    xfbml  : true, // parse XFBML
    oauth  : true // enable OAuth 2.0
  });

 FB.login(function(response) {
   if (response.authResponse) {
     console.log('Welcome!  Fetching your information.... ');
     FB.api('/me', function(response) {
       console.log('Good to see you, ' + response.name + '.');
       FB.logout(function(response) {
         console.log('Logged out.');
       });
     });
   } else {
     console.log('User cancelled login or did not fully authorize.');
   }
 }, {scope: 'email'});
</script>

Results in

Unsafe JavaScript attempt to access frame with URL https://www.facebook.com/dialog/oauth?api_key=158609350887973&app_id=158609350887973&client_id=158609350887973&display=popup&locale=en_US&method=permissions.oauth&origin=1&redirect_uri=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2f7aed38%26origin%3Dhttp%253A%252F%url.com%252Ff3634c5da%26relation%3Dopener%26transport%3Dpostmessage%26frame%3Df9748b77&response_type=token%2Csigned_request&scope=email&sdk=joey from frame with URL http://url.com/gs/index.php. Domains, protocols and ports must match.

The javascript also opens the following error popup box

API Error Code: 191, API Error Description: The specified URL is not owned by the application, Error Message: Invalid redirect_uri: Given URL is not permitted by the application configuration.

My app config settings

Facebook Settings

hakre
  • 193,403
  • 52
  • 435
  • 836
Pez Cuckow
  • 14,048
  • 16
  • 80
  • 130
  • 2
    Can someone explain why the close and downvotes are being proposed? I researched the question before I asked, and found no mention of requesting permissions in a welcome tab for a page just how to request them as part of an application. – Pez Cuckow Sep 02 '11 at 11:40
  • ..."Domains, protocols and ports must match" might have something to do with your problem. I'd go about fixing that first (might be the root of your problem) – Tarek Fadel Sep 04 '11 at 12:22
  • I can only figure that is being caused because it is an iFrame within Facebook, and it's own API is trying to access the parent frame? (Actual Facebook). – Pez Cuckow Sep 04 '11 at 12:29
  • What's the value of `$loginUrl`? – Tarek Fadel Sep 04 '11 at 12:32
  • I would first double check that the app settings for the canvas URL are pointing to the same domain / port that the iframe content is being pulled from. – Elad Lachmi Sep 04 '11 at 12:34
  • They should all be the same, I have uploaded a copy to make sure? @Tarek, It is defined above? – Pez Cuckow Sep 04 '11 at 12:40
  • Only thing I can see is that given the URLs in your app settings, it fails the 'protocols' and 'ports' parts of the error message (http vs. https / 80 vs. 443). And yes, `$loginUrl` is defined as `$loginUrl = $fb->getLoginUrl`... – Tarek Fadel Sep 04 '11 at 12:45
  • Everything should be on port 80, I don't have HTTPS so if the user is using HTTPs they get an https warning, my web server only hosts on port 80. – Pez Cuckow Sep 04 '11 at 12:48

5 Answers5

6

You're seeing the error in your popup window because the redirect_uri in your authorization URL doesn't match what's listed in your Site URL in app config. To address this, you need to enable the "Website" option in app config. Enable it by clicking on the checkbox next to "Website" and then enter http://Site.com (or whatever your real site url is) in the "Site URL" text box. This URL must match the host url you're providing in redirect_uri. Doing this should solve the popup window error.

In terms of the "Unsafe JavaScript attempt to access frame" error, are you using a webkit browser? Webkit throws these errors but for the most part can be ignored. See this for more info: "Unsafe JavaScript attempt to access frame with URL..." error being continuously generated in Chrome webkit inspector

Community
  • 1
  • 1
Johnny Oshika
  • 54,741
  • 40
  • 181
  • 275
0

Use the user id in the response object instead of 'me' when you call FB.api Both methods point to the fact you don't have your website domain settings correct in the app settings.

We do this exact thing on a lot of our tab apps so it's definitely possible.

slashwhatever
  • 732
  • 8
  • 24
0

It looks like you're using the same value for app_id and api_key. These should be different.

Johntron
  • 2,443
  • 2
  • 24
  • 26
  • app_id and api_key are synonymous - anywhere in the API which once required the 'api_key' will work with the App ID instad – Igy Sep 09 '11 at 20:15
0

Instead of displaying the link ($loginUrl) try to redirect user, for example using php header function or js location.href.

Mateusz Bartkowiak
  • 154
  • 2
  • 9
-1

Yes it is possible. Read: http://www.masteringapi.com/tutorials/how-to-ask-for-extended-permission-in-your-facebook-application/32/

fjsj
  • 10,995
  • 11
  • 41
  • 57