-
You must setup an SSL cert to make your life easy.
-
Create a fake
app.localhost.loc
virtual host or something by editing your/etc/hosts
or windows hosts file and pointing that domain to 127.0.0.1 and then editing yournginx
orApache
config. -
For FB login You can't do a
header()
redirect because ofX-Frame-Options
. Use Javascript instead:<html><script>top.location.href = "loginUrl";</script></html>
-
All requests that should be HTTP
GET
will becomePOST
requests. -
Signed Request
- You can parse it with
$signed_request = $facebook->getSignedRequest();
- if you are not using the FB SDK you need this.
- If a user visits your app without signing/authorizing your app in you will still have a
signed_request
variable which is nice.
- You can parse it with
[signed_request_object] => Array
(
[algorithm] => HMAC-SHA256
[issued_at] => 1394849666
[user] => Array
(
[country] => us
[locale] => en_US
[age] => Array
(
[min] => 21
)
)
)
Logged in User:
[signed_request_object] => Array
(
[algorithm] => HMAC-SHA256
[expires] => 1314856000
[issued_at] => 1314850255
[oauth_token] => CAAJKO... ...ogZDZD
[user] => Array
(
[country] => us
[locale] => en_US
[age] => Array
(
[min] => 21
)
)
[user_id] => 12345
)
Your friends and their friends:
SELECT uid, name, pic_square FROM user WHERE uid = me() OR uid IN (SELECT uid2 FROM friend WHERE uid1 = me())