I am having an issue with the php Facebook sdk / opengraph extension. I have read many posts talking about the same kind of issue (Access token invalid, redirect loop etc…) but not any answers can solve my problem.
Briefly, how my project is designed:
This is a Facebook application that is meant to run only with a user logged in Facebook. I have created a Filter that is called every time a page is loaded, to ensure that the content is visible only by Facebook logged users. It should actually behave exactly like the application BranchOut on Facebook.
My issue, and how to reproduce it:
-
I am logged in my application, using the typical login process from Facebook (OAuth, access token)
-
I logout manually on the Facebook page, and then try to do a new action on my application
-
The filter checks if I am logged on Facebook, and because I am not, it redirects me to the Facebook login page.
-
After I login to Facebook again, I get the typical infinite loop between Facebook and my application’s filter.
Here is the code of my filter, preFilter():
$fb_logged = false;
try
{
$user = Yii::app()->facebook->getUser();
$me = Yii::app()->facebook->api('/me');
$fb_id = $me['id'];
$fb_logged = true;
}
catch (Exception $e)
{
$fb_logged = false;
}
if($fb_logged)
{
print_r($fb_id. ' has logged');
/* Check if user exists on MyApp
... */
}
// If user NOT logged on FB, send him to the FB login page
else
{
$loginUrl = Yii::app()->facebook->getLoginUrl(array(
'redirect_uri' => Yii::app()->request->hostInfo . Yii::app()->getRequest()->getUrl() // I have tried many things here.
));
echo("<script> top.location.href='" . $loginUrl . "'</script>");
Yii::app()->end();
}
What is exactly happening is that after login on FB, the Filter is called again, because a request to the same URL is made. And at that point, the a call the api(’/me’) generates an exception, because it cannot find any valid access token, and starts looping on it.
I can add that all my configuration is good (seems good), I have checked all my urls, domain name according to Facebook’s app settings. I have also tried many things like redirecting to a new specific URL, but anyway I need to use the filter as well because I want to make sure this is still the same user (or act consequently is the user has changed).
The only thing that works is to redirect the user to a page that has no Filter (no call to api("/me") is done). And then, clicking by hand to a new link in the application (with Filter this time), and there the access token is found. And this is not the behavior I want.
I really hope someone can help me!
Thanks in advance.