Phonegap + Facebook + PHP backend: Facebook user login

So I have the following scenario:

One PHP backend that already uses Facebook login to authenticate users (together with the JS SDK)

One Phonegap App being built, that already has the Facebook Plugin working.

Now, my question is: after my phonegap app authenticates with Facebook, I have the token and such, but I need to authenticate the user with my PHP backend... What's the best way to do it, given that the Facebook PHP SDK uses cookies and Phonegap doesn't support them?

Is there a way to send the token to the PHP SDK, and make it handle the token validity and really create a session for the user on the backend (that is, find my backend user related to that email FB sent me and tell the phonegap app that the user is really authenticated and can begin using the app)?

Answers


So I ended up implementing a "Facebook_Volatile" class like this:

/**
 * Extends the BaseFacebook class with the intent of NOT using
 * PHP sessions to store user ids and access tokens.
 * @Author Felipe Guaycuru <guaycuru@gmail.com>
 */
class FacebookVolatile extends BaseFacebook
{
  // Stores the shared session ID if one is set.
  //protected $sharedSessionID;

  // Stores data non-persistently
  private $storage  = array();

  /**
   * Identical to the parent constructor.
   *
   * @param Array $config the application configuration.
   * @param String $access_token the supplied access token.
   * @see BaseFacebook::__construct in facebook.php
   */
  public function __construct($config, $access_token) {
    parent::__construct($config);
    $this->setAccessToken($access_token);
  }

  protected static $kSupportedKeys =
    array('state', 'code', 'access_token', 'user_id');

  /**
   * Provides the implementations of the inherited abstract
   * methods.  The implementation uses class properties to maintain
   * a store for authorization codes, user ids, CSRF states, and
   * access tokens.
   */
  protected function setPersistentData($key, $value) {
    if (!in_array($key, self::$kSupportedKeys)) {
      self::errorLog('Unsupported key passed to setPersistentData.');
      return;
    }

    $this->storage[$key] = $value;
  }

  protected function getPersistentData($key, $default = false) {
    if (!in_array($key, self::$kSupportedKeys)) {
      self::errorLog('Unsupported key passed to getPersistentData.');
      return $default;
    }

    return isset($this->storage[$key]) ?
      $this->storage[$key] : $default;
  }

  protected function clearPersistentData($key) {
    if (!in_array($key, self::$kSupportedKeys)) {
      self::errorLog('Unsupported key passed to clearPersistentData.');
      return;
    }

    unset($this->storage[$key]);
  }

  protected function clearAllPersistentData() {
    foreach (self::$kSupportedKeys as $key) {
      $this->clearPersistentData($key);
    }
  }
}

So at my PHP backend I receive the $access_token and use it like this:

$FB = new FacebookVolatile(array(
    'appId' => CONFIG_FACEBOOK_APP_ID,
    'secret' => CONFIG_FACEBOOK_APP_SECRET,
  ), $access_token);

Then I can use $FB normally, exactly the same as if using it together with the JS SDK


Need Your Help

Are JSPs generally shipped as .jsp files , pre-compiled Java files or pre-compiled class files?

java jsp java-ee deployment war

Is there a 'standard' practice for packaging JSPs when preparing WAR for Production Env?

PHP + XML - how to rename and delete XML elements using SimpleXML or DOMDocument?

php xml simplexml domdocument

I've had some success due to the help of StackOverflow community to modify a complex XML source for use with jsTree. However now that I have data that is usable, it is only so if i manually edit th...

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.