Thursday, June 7, 2012

Facebook permissions.request

After you do an /oauth/dialog request, a bunch of other data is passed in the permissions request:

https://www.facebook.com/dialog/permissions.request?_path=permissions.request&app_id=[MY_APP_ID]&redirect_uri=http%3A%2F%2Fstatic.ak.facebook.com%2Fconnect%2Fxd_arbiter.php%3Fversion%3D6%23cb%3Dff5d002c57c23a%26origin%3Dhttp%253A%252F%252F[MYHOST.COM]%252Ff1e938e69c3d116%26domain%3D[MYHOST.COM]%26relation%3Dopener%26frame%3Df10f71bf23f26f8&sdk=joey&display=popup&response_type=token%2Csigned_request&domain=[MYHOST.COM]&fbconnect=1&from_login=1&client_id=132581756764290

The data that comes back (assuming you're using Chrome) comes in a JavaScript encoded code.  Note that either function d() or function c() is executed depending on the browser/user-agent string...


var message = "cb=ff5d002c57c23a&origin=http\u00253A\u00252F\u00252F[MYHOST.COM]\u00252Ff1e938e69c3d116&domain=[MYHOST.COM]&relation=opener&frame=f10f71bf23f26f8&access_token=[ACCESS TOKEN]&expires_in=0&signed_request=[SIGNED_REQUEST]&base_domain=[MYHOST.COM]",
    origin = "http:\/\/[MYHOST.COM}\/f1e938e69c3d116";
document.domain = 'facebook.com';
(function () {
    var a = window.opener || window.parent,
        b = 'fb_xdm_frame_' + location.protocol.replace(':', '');

    function c() {
        try {
            a.frames[b].proxyMessage(message);
        } catch (e) {
            setTimeout(c, 100);
        }
    }
    function d() {
        __fbNative.postMessage(message, origin);
    }
    if (window === top && /FBAN\/\w+;/i.test(navigator.userAgent)) {
        if (window.__fbNative && __fbNative.postMessage) {
            d();
        } else window.addEventListener('fbNativeReady', d);
    } else c();
})();

No comments:

Post a Comment