function fb_auth_get_token in Drupal for Facebook 7.4
When user returns from fb_auth process, $_REQUEST might contain token details.
2 calls to fb_auth_get_token()
- fb_admin_token_generate_process in ./
fb.admin.inc - fb_user_token in ./
fb.module - The user-specific token allows individual users to post to their own feeds.
File
- ./
fb.module, line 1069
Code
function fb_auth_get_token($app = NULL) {
if (!$app) {
$app = fb_get_app();
}
// Handle oauth parameters from facebook.
// http://developers.facebook.com/docs/authentication/server-side/
if (!empty($_REQUEST['code']) && !empty($_REQUEST['state']) && !empty($app['secret'])) {
// If redirect_uri include client_id, we can rule out some apps.
if (!empty($_REQUEST['client_id']) && $_REQUEST['client_id'] != $app['fba']) {
return;
}
// Check state to ensure it was this user who generated the token.
if ($_REQUEST['state'] == _fb_oauth_state() && !empty($app['secret'])) {
$url = url('https://graph.facebook.com/oauth/access_token', array(
'query' => array(
'client_id' => $app['fba'],
'client_secret' => $app['secret'],
'code' => $_REQUEST['code'],
// The redirect_uri here must exactly match the one from fb_server_auth_url.
'redirect_uri' => fb_auth_redirect_uri(current_path(), array(
'query' => array(
'client_id' => $app['fba'],
),
)),
),
));
$result = drupal_http_request($url);
// Do not use fb_http for this request.
if ($result->code == 200 && !empty($result->data)) {
$data = array();
parse_str($result->data, $data);
// access_token and expires
return $data['access_token'];
}
}
}
}