After you do an /oauth/dialog request, a bunch of other data is passed in the permissions request:
https://www.facebook.com/dialog/permissions.request?_path=permissions.request&app_id=[MY_APP_ID]&redirect_uri=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D6%23cb%3Dff5d002c57c23a%26origin%3Dhttp%253A%252F%252F[MYHOST.COM]%252Ff1e938e69c3d116%26domain%3D[MYHOST.COM]%26relation%3Dopener%26frame%3Df10f71bf23f26f8&sdk=joey&display=popup&response_type=token%2Csigned_request&domain=[MYHOST.COM]&fbconnect=1&from_login=1&client_id=132581756764290
The data that comes back (assuming you're using Chrome) comes in a JavaScript encoded code. Note that either function d() or function c() is executed depending on the browser/user-agent string...
var message = "cb=ff5d002c57c23a&origin=http\u00253A\u00252F\u00252F[MYHOST.COM]\u00252Ff1e938e69c3d116&domain=[MYHOST.COM]&relation=opener&frame=f10f71bf23f26f8&access_token=[ACCESS TOKEN]&expires_in=0&signed_request=[SIGNED_REQUEST]&base_domain=[MYHOST.COM]",
origin = "http:\/\/[MYHOST.COM}\/f1e938e69c3d116";
document.domain = 'facebook.com';
(function () {
var a = window.opener || window.parent,
b = 'fb_xdm_frame_' + location.protocol.replace(':', '');
function c() {
try {
a.frames[b].proxyMessage(message);
} catch (e) {
setTimeout(c, 100);
}
}
function d() {
__fbNative.postMessage(message, origin);
}
if (window === top && /FBAN\/\w+;/i.test(navigator.userAgent)) {
if (window.__fbNative && __fbNative.postMessage) {
d();
} else window.addEventListener('fbNativeReady', d);
} else c();
})();
No comments:
Post a Comment