function fb_auth_get_token in Drupal for Facebook 7.4

When user returns from fb_auth process, $_REQUEST might contain token details.

2 calls to fb_auth_get_token()

fb_admin_token_generate_process in ./fb.admin.inc
fb_user_token in ./fb.module: The user-specific token allows individual users to post to their own feeds.

File

./fb.module, line 1069

Code

function fb_auth_get_token($app = NULL) {
  if (!$app) {
    $app = fb_get_app();
  }

  // Handle oauth parameters from facebook.
  // http://developers.facebook.com/docs/authentication/server-side/
  if (!empty($_REQUEST['code']) && !empty($_REQUEST['state']) && !empty($app['secret'])) {

    // If redirect_uri include client_id, we can rule out some apps.
    if (!empty($_REQUEST['client_id']) && $_REQUEST['client_id'] != $app['fba']) {
      return;
    }

    // Check state to ensure it was this user who generated the token.
    if ($_REQUEST['state'] == _fb_oauth_state() && !empty($app['secret'])) {
      $url = url('https://graph.facebook.com/oauth/access_token', array(
        'query' => array(
          'client_id' => $app['fba'],
          'client_secret' => $app['secret'],
          'code' => $_REQUEST['code'],
          // The redirect_uri here must exactly match the one from fb_server_auth_url.
          'redirect_uri' => fb_auth_redirect_uri(current_path(), array(
            'query' => array(
              'client_id' => $app['fba'],
            ),
          )),
        ),
      ));
      $result = drupal_http_request($url);

      // Do not use fb_http for this request.
      if ($result->code == 200 && !empty($result->data)) {
        $data = array();
        parse_str($result->data, $data);

        // access_token and expires
        return $data['access_token'];
      }
    }
  }
}

You are here

function fb_auth_get_token in Drupal for Facebook 7.4

File

Code

API Navigation