Facebooker2 with Rails 3 edge

[Nicholas Young]

So... I'm trying to do some work with Facebooker2 on Rails 3, and I'm hitting a few snags. I'm wondering if anyone knows a solution.

This is an iFrame application, and I'm having issues with the login sequence. In Firefox, it goes like this:

Load apps.facebook.com/canvaspagename -> the app displays fine, unauthenticated content is there -> login to facebook using their login form -> app still displays as if I'm unauthenticated

I force refresh firefox (the whole window, not just the iframe) and the app nows shows me as authenticated (i.e. current_facebook_user exists, but doesn't pull in any of my info, except for my id. I'm cool with that, though).

In Safari, the same happens, except that refreshing after login doesn't do a blasted thing. I click the login button, and guess what? It doesn't do anything either. 

Am I handling the cookies wrong? Have I royally broke something? All ideas are welcome. 

In my app controller, I included Facebooker2::Rails::Controller and Facebooker2::Rails::Helpers. :) Here's the code I'm using in my view:

<%= fb_connect_async_js(APP_ID, { :cookie => true, :xfbml => true, :status => true }) %>

<% if current_facebook_user %>

<%= current_facebook_user.inspect %>

<% else %>

<%= fb_login_and_redirect("/") %>

<% end %>

Nicholas Young | Creative Geek | nich...@nicholaswyoung.com

[João Pereira]

Hi, 

I'm using the exact code in my view as you are, but using Rails 2.3.5 and having the exact same problem, so I think it's not about the rails version but something I'm missing here...

Jp

--
You received this message because you are subscribed to the Google Groups "facebooker" group.
To post to this group, send email to faceb...@googlegroups.com.
To unsubscribe from this group, send email to facebooker+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/facebooker?hl=en.

[Joseph Sofaer]

The problem you're running into sounds like it has to do with the fact
that Safari doesn't let sites in iframes set cookies if they are on a
different domain. I think it's the same with IE unless you set a p3p
header.
Does that make sense with what you're seeing?
- J.

[Nicholas Young]

On Tue, Jun 8, 2010 at 3:06 PM, Joseph Sofaer <joseph...@gmail.com> wrote:

The problem you're running into sounds like it has to do with the fact
that Safari doesn't let sites in iframes set cookies if they are on a
different domain. I think it's the same with IE unless you set a p3p
header.
Does that make sense with what you're seeing?

It really does! Wow, you would have thought Facebook would have put a bit more thought into this, but apparently not.

I'm on the hunt for a solution now, because this is quite annoying. Joseph, you've been a huge help. Thanks!

Nicholas

[Nicholas Young]

Okay, I think I've found a solution. It's a little javascript thing, and I'll be posting it here shortly after some refinement.

Nicholas

[João Pereira]

Hi, 

Meanwhile I got it working. Don't know if it's the best way to deal with it but it's functional right now. 

I'm using only Mogli and the OAuthController as described in http://github.com/mmangino/mogli. I'm also using http://github.com/binarylogic/authlogic to manage my users and sessions, because later I will let users  run the app outside apps.facebook and with no FB at all.

Here what I did:

My ApplicationController:

class ApplicationController < ActionController::Base

  helper :all # include all helpers, all the time

  

  helper_method :current_user_session, :current_user, :current_fb_user

  filter_parameter_logging :password, :password_confirmation

  protect_from_forgery 

  layout 'default'

  before_filter :ensure_is_authenticated_in_fb

  

private 

 def ensure_is_authenticated_in_fb

    #check if any session exists

    if !current_user_session || !current_user.is_fb_authorized  || !current_fb_user 

      html = ""

      html +="<script>"

      html +="window.top.location.href=\"#{new_oauth_url}\""

      html +="</script>"

      render :text=>html

    end

  end

def current_fb_user

    return @current_fb_user if defined?(@current_fb_user)

    @current_fb_user = fb_user = Mogli::User.find("me",Mogli::Client.new(current_user.fb_at))

  rescue Exception

    @current_fb_user = nil

  end

  

  def current_user_session

    return @current_user_session if defined?(@current_user_session)

    @current_user_session = UserSession.find

  end

  

  def current_user

    return @current_user if defined?(@current_user)

    @current_user = current_user_session && current_user_session.record

  end

  

The OAuthController looks like this:

class OauthController < ApplicationController

  skip_filter :ensure_is_authenticated_in_fb

  def new

    redirect_to authenticator.authorize_url(:scope => 'publish_stream', :display => 'page')

  end

  

  def create

    mogli_client = Mogli::Client.create_from_code_and_authenticator(params[:code],authenticator)

    

    fb_user = Mogli::User.find("me",Mogli::Client.new(mogli_client.access_token))

    user = User.find_by_fb_uid(fb_user.id)

    #if new user, create new one

    if !user

      user = User.new

      user.fb_uid = fb_user.id

      user.fb_at = mogli_client.access_token

      ...

      user.save!

    else #if returning user, then update access token

      user.fb_at = mogli_client.access_token

      user.save!

    end

    

    #try to authenticate user

    #remove old session if exists

    if current_user_session

      current_user_session.destroy

    end

    #create session

    @user_session = UserSession.create(user, true)

    @user_session.save

    #redirect to canvas page

    html = ""

    html +="<script>"

    html +="window.top.location.href=\"http://apps.facebook.com/#{WEBAPP_CONFIG["facebook_canvas"]}\""

    html +="</script>"

    render :text=>html

    

  end

  

  

  def authenticator

    @authenticator ||= Mogli::Authenticator.new(WEBAPP_CONFIG['facebook_client_id'],WEBAPP_CONFIG['facebook_secret'],oauth_callback_url)

  end

  

end

In the User model, what's relevant is:

class User < ActiveRecord::Base

  acts_as_authentic

    

  

  ...

  ...

  def is_fb_authorized

    return false if self.fb_uid == 0 || !self.fb_at || self.fb_at.empty?

    return true

  end

  

end

Hope it helps. It's working but if you have any better way to deal with it will be great. 

[MY]

I have the same problem. I save some value in session[] and then
try to access it with safari. it shows nil, though in firefox all ok.
I also
added p3p as http://stackoverflow.com/questions/2424975/ruby-on-rails-invalid-authenticity-token-when-using-ie
so it appears that with safari we can't use session[]?

On Jun 9, 4:49 am, João Pereira <joaomiguel.pere...@gmail.com> wrote:
> Hi,
>
> Meanwhile I got it working. Don't know if it's the best way to deal with it
> but it's functional right now.
>

> I'm using only Mogli and the OAuthController as described inhttp://github.com/mmangino/mogli. I'm also usinghttp://github.com/binarylogic/authlogicto manage my users and sessions,

> <nicho...@nicholaswyoung.com>wrote:

>
> > Okay, I think I've found a solution. It's a little javascript thing, and
> > I'll be posting it here shortly after some refinement.
>
> > Nicholas
>
> > On Tue, Jun 8, 2010 at 3:13 PM, Nicholas Young <

> > nicho...@nicholaswyoung.com> wrote:

> >>> > Nicholas Young | Creative Geek | nicho...@nicholaswyoung.com

>
> >>> > --
> >>> > You received this message because you are subscribed to the Google
> >>> Groups
> >>> > "facebooker" group.
> >>> > To post to this group, send email to faceb...@googlegroups.com.
> >>> > To unsubscribe from this group, send email to

> >>> > facebooker+...@googlegroups.com<facebooker%2Bunsu...@googlegroups.com>
> >>> .

> >>> > For more options, visit this group at
> >>> >http://groups.google.com/group/facebooker?hl=en.
>
> >>> --
> >>> You received this message because you are subscribed to the Google Groups
> >>> "facebooker" group.
> >>> To post to this group, send email to faceb...@googlegroups.com.
> >>> To unsubscribe from this group, send email to

> >>> facebooker+...@googlegroups.com<facebooker%2Bunsu...@googlegroups.com>
> >>> .

> >>> For more options, visit this group at
> >>>http://groups.google.com/group/facebooker?hl=en.
>
> >  --
> > You received this message because you are subscribed to the Google Groups
> > "facebooker" group.
> > To post to this group, send email to faceb...@googlegroups.com.
> > To unsubscribe from this group, send email to

> > facebooker+...@googlegroups.com<facebooker%2Bunsu...@googlegroups.com>
> > .

[Nicholas Young]

The trick I've found thus far is to redirect to facebook.com/login.php with your API key, API version, and next url:

http://www.facebook.com/login.php?api_key=APIKEY&v=1.0&next=http://apps.facebook.com/canvasname

(...and in my case, some optional params)

cancel_url=http://www.facebook.com/connect/login_failure.html&fbconnect=true&return_session=true&session_key_only=true&req_perms=read_stream,publish_stream,offline_access"

This seems to work okay. I just detect if the browser is Safari, and if so, redirect. This is a nasty hack at best, but gets the job done.

Nicholas Young | nich...@nicholaswyoung.com

To unsubscribe from this group, send email to facebooker+...@googlegroups.com.