facebook app client authentication + server authentication + php

i’m developing an app for android using xamarin and facebook sdk, for the server side i’m using php and the last version of facebook sdk, i’ve read some other discussions here on stackoverflow, and i have some questions:

i would athenticate the user usign the app ( android smartphone) pass a token and fb_id to the server and make another authentication to get some data like the list of friend (who are using the app). is it possible? and do you have some example code? i’ve found something here but it seems that for me don’t run, i put the code below – thanks in advance – :

    <?
require 'src/facebook.php';
/**
* Login for Server-side Apps.
*
* @author Xavier Barbosa
* @since 13 February, 2013
* @link https://developers.facebook.com/docs/howtos/login/server-side-re-auth/
**/
function __autoload($class_name) {
    require_once str_replace('', '/', $class_name) . '.php';
}
use MuteFacebookApp;
/**
* Default params
**/
$my_url = "http://www.XXXX.com/";
/* test app */
$app_id = "XXXX";
$app_secret = "XXXXX";
/* end test app */
session_start();
$code = $_REQUEST["code"];
if(empty($code))
{

$_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
$dialog_url = "https://www.facebook.com/dialog/oauth?client_id=" 
. $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="
. $_SESSION['state'].'&scope=public_profile,email,user_friends';
echo("<script> top.location.href='" . $dialog_url . "'</script>");
}

if($_REQUEST['state'] == $_SESSION['state'])
{

$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
. "&client_secret=" . $app_secret . "&code=" . $code;

$response = file_get_contents($token_url);

$params = null;
parse_str($response, $params);
$graph_url = "https://graph.facebook.com/me?access_token=" 
. $params['access_token'];
$user = json_decode(file_get_contents($graph_url));
//print_r($user);
$uid=$user->id;


$app = new App($app_id, $app_secret);
$friends = $app->get('me/friends', array('access_token' => $params['access_token'],));

//print_r($friends);



 //header('Content-Type', 'application/json');
 $arr = array('codice' => 1, 'errore' => 0, 'result' => 3, 'facebook_id'=> $user->id, 'email'=> $user->email,'first_name'=> $user->first_name, 'gender'=> $user->gender, 'last_name'=> $user->last_name, 'link'=> $user->link, 'locale'=> $user->locale, 'name'=> $user->name, 'timezone'=> $user->timezone, 'updated_time'=> $user->updated_time, 'verified'=> $user->verified, 'photo_src'=>'graph.facebook.com/'.$uid.'/picture','friends'=> $friends);

//print_r($arr);

echo json_encode($arr);



}
else 
{
//header('Content-Type', 'application/json');
$arr = array('codice' => 2, 'errore' => 1, 'result' => 2, 'msg'=>'The state does not match. You may be a victim of CSRF. ');
//print_r($arr);
echo json_encode($arr);
}

?>


Source: facebook

Leave a Reply