Currently fb_permissions prompts the user for permissions when the post-authorize url is called. However, according to http://wiki.developers.facebook.com/index.php/Post-Authorize_Callback_URL that url will be called by the facebook servers, not by the user, so the javascript to prompt the user for permission will never be displayed!

Comments

Dave Cohen’s picture

Dave Cohen commented
Status: Active » Postponed (maintainer needs more info)

Have you tested?

nighthawk117’s picture

nighthawk117 commented

yeah, i checked off prompt for the publish_stream extended permission on my app configuration page and then connected an account, but never got a prompt to authorize that permission. So, I traced through the code and I believe the above is the reason that I never saw the prompt. It works fine if I manually call fb_connect_init_js with FB.Connect.showPermissionDialog.

Dave Cohen’s picture

Dave Cohen commented

I think the reason you were not prompted is that you had already authorized the application. To test, go to http://www.facebook.com/#/editapps.php. Click the X next to the application in question. Then confirm by clicking remove.

Then go back to you app, refresh page if necessary. Click the connect button and re-authorize the app.

Now, the post-authorize callback will be called. And you'll see the dialog.

The problem is that I don't want to pester users to grant permission too often, so I chose the post-authorize callback as the trigger. If you have a better idea, let me know. During post-authorize I write some data to cache. Then on the user's next page request the cache is read and the show permission dialog is shown. Magic.

nighthawk117’s picture

nighthawk117 commented

I've actually tried removing the app as you've described without any luck. I definitely like your idea of only prompting once for the permissions, but my understanding is that you're using the session to cache data and that session will be different when facebook pings the url vs. when the user requests a url. Although I don't fully understand all the callback code so I could be wrong on this...

Dave Cohen’s picture

Dave Cohen commented
Status: Postponed (maintainer needs more info) » Active

It uses the cache, not the session, for exactly that reason.

Maybe there is truly a bug here. Can you look in your cache table for anything with an cid like "fb_connect_init_js_..."?

nighthawk117’s picture

nighthawk117 commented

yep, you're completely right, this works properly! i was testing this on my local machine, so the post authorize url was something like localhost. obviously it never got called.

Dave Cohen’s picture

Dave Cohen commented
Status: Active » Fixed

Yep. Can't expect any facebook apps to work without a domain reachable by facebook.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

scoorch’s picture

scoorch commented

I am having a similar problem. I am using the latest 3.x Dev and have a Facebook Canvas IFrame Site that is working so far (runnin live with a publicly accessible domain, not localhost). When a facebook user comes to my page she is not prompted when the app is authorized. When I remove the app as you described and return to my facebook iframe page nothing happens except that the app is authorized again (without any confirmation).

I would like to have anyone who accepts my app on facebook is created a local account and granted a certain role.

This is the devel display if the facbook logged in user visits the canvas pages, surprisingly it says "not a canvas page"

In the app settings on drupal the following is checked:
- Register Local Users on Facebook
- Create Local Account: If user has authorized the app
- Map Accounts: Map account when both local uid and Facebook id are known
- App user role: approle (When a local user has authorized the app, the user will be granted this role.)


Page Status = Not a canvas page.
  local user = Visitor
fb_get_fbu = 
base_url = http://www.netzpublikationen.de
base_path = /
url() returns = /
$_REQUEST[q] is = 
arg(0) is = node
arg(1) is = 
session_id = 217a2a14d3eca3210ae8e39ede348613
session_name = SESSda6948c4699b949f34f3c1ddbc4a1975

REQUEST
Array
(
    [signed_request] => OKme8zYHvHw4AKvAvqhlI41dm7KUK22JAJdcfTm80pA.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiJ9
)


USER 
stdClass Object
(
    [uid] => 0
    [hostname] => 88.64.13.208
    [roles] => Array
        (
            [1] => anonymous user
        )

    [session] => 
    [cache] => 0
)

fb_app = 
session = Array
cookies = Array
Dave Cohen’s picture

Dave Cohen commented

Please do not post to closed issues.

I think you misunderstand what is happening. Visiting the canvas page does not necessarily authorize the application. In fact, facebook removed the ability to automatically ask for authorization as soon as a canvas page is visited. Why, I have no idea.

If you need help with it, submit a new issue.