0

How are you supposed to deal with people who signed into Facebook a while ago. Come to your site you should them a continue link (because you detect that they are already logged into Facebook) and then on the page you direct them to you get this error.

Fatal error: Uncaught OAuthException: An active access token must be used to query information about the current user. thrown in /var/www/html/lib/base_facebook.php on line 1039

I don't understand how you are supposed to prevent this? Does this have something to do with the signed info that you give back to Facebook to get an access_token? Seems like this signed info can expire (it has an issued_at date). What is the correct way to handle this in your website's flow?

Are you expected to write code like this:

<?php 
$user = $facebook->getUser();
try {
  // attempt to do a call just to see if you are going to have this issue
  $profile = $facebook->api('/me'); 
} catch (Exception $e) {
  $user = false;
}
if ($user) { ?>
  <a href="start.php">Begin</a>
<?php } else { ?>
    <fb:login-button scope="email" size="large">Connect</fb:login-button>
<?php } ?>

Instead of this:

<?php 
$user = $facebook->getUser();
if ($user) { ?>
  <a href="start.php">Begin</a>
<?php } else { ?>
    <fb:login-button scope="email" size="large">Connect</fb:login-button>
<?php } ?>

Getting the $user back from the Facebook SDK only seems to tell you there is a cookie. And not if that will actually work when you go to do the API calls.

UPDATE: So my only problem with this method is ... when the user does have a cookie on my site, but the API call fails - I show them the connect button. User clicks the connect button, it quickly appears and disappears. Because it wasn't a true 'auth.login' that just occured, the user will not get sent to my start.php page via JavaScript redirect. How do others handle this? I'm stumped. Please tell me if there are other flaws with how I'm attempting to do this.

BuddyJoe
  • 69,735
  • 114
  • 291
  • 466
  • Have you checked that the domain names, app_id and app_secret are same on both sites (the one on which you check the fb user exists, and the one on which you redirect)? And the domain used to initialize facebook object on first site should be a higher level domain then on the next site. – Ashwini Dhekane Dec 23 '11 at 21:36
  • This is all on the same site. After a successful login I would like to redirect my user from / (or index.php) to start.php – BuddyJoe Dec 25 '11 at 17:50

2 Answers2

1

Try passing the access token to the API call that verifies that the user has authorized your application. Below is what I do, and it should help to alleviate the OAuthException you're getting.

$user = $facebook->getUser();

if($user) {
    $access_token = $facebook->getAccessToken();
    $params = array('access_token' => $access_token);
    try {
        $me = $facebook->api("/me", $params);
    } catch(FacebookApiException $e) {
        $user = null;
    }
}

if($me) {
    // proceed with authenticated user with an active access token.
}
Chaney Blu
  • 343
  • 2
  • 7
0

Are you expected to write code like this:

Yes, you will have to handle the OAuthException.

But rather than using FBML login button, you can redirect the user to facebook login url for your application. You can get the url by using function getLoginUrl provided by Facebook PHP SDK. See getLoginUrl for more information.

For your email permissions you can use following array:

$params = array( 'scope' => 'email' );

Once successfully logged in, the user will be redirected back to the application page which redirected him to facebook login.

Ashwini Dhekane
  • 2,280
  • 14
  • 19
  • Let me ask you this... Is it common to also incorporate this into the login. If your facebook login is stale (in other words you stay logged into Facebook all day) then I will use the Javascript SDK to force you to logout and log back in - http://stackoverflow.com/questions/2764436/facebook-oauth-logout – BuddyJoe Dec 27 '11 at 21:32
  • Redirecting user to getLoginUrl does not mean you are logging him out of facebook; It means you are not sure of the state of the user and you want to check that with facebbok. AFA i understand you don't have access token for the logged in user. In other words your app does not have permissions to query "the" info for the user. If you got the access token (for the query) then you must be fine. But you didn't. It means that you either lack on permissions, user is logged out or you were not able to read session (from cookie or GET). In this case you redirect the user to facebook login – Ashwini Dhekane Dec 30 '11 at 19:06