Facebook as an OAuth

Continuing my last post we will now be seeing how we can use Facebook as an OAuth for our website.

The very fast step would be to register your website in facebook as an Application.

• Go to the link https://developers.facebook.com/apps. It will ask you to log into facebook if you are not already logged in.
• Click on create new app.And input the fields.

• Once Namespace and Display Name is accepted it will take you to next screen where you can input your website information.
• Input your email address in contact email field. Input your website address in Site URL mentioned below and App Domain should be a subset of your Site URL.

• After this click save and go to Basic page in settings. Copy the App Id and App Secret, you will be needing these two fields to validate users.

Next step you will create the website OAuth.
• In first page we will directly redirect to facebook authorization page. In production this can be done on click of a link or button.

index.php

<?php

    $facebookAuthURL = 'https://www.facebook.com/dialog/oauth';

    $facebookClientId = '145XXXXXXXXXX10'; // Put your App Id here.

    $facebookRedirectUrl = 'http://subirkumarsao.dyndns-server.com/oauthdemo/userAuth.php'; // This will be the url which will do the second part of authentication.

    $authUrl = $facebookAuthURL.'?client_id='.$facebookClientId.'&redirect_uri='.

$facebookRedirectUrl;

?>

<html>

<head>

<meta http-equiv="REFRESH" content="0;url=<?php print $authUrl;?>"></meta>

</head>

</html>

• After user accepts to allow your site to access basic information, facebook will redirect the user to redirect_uri mentioned above and pass code as a paramter.

userAuth.php

<?php

    $facebookAppAuthUrl = 'https://graph.facebook.com/oauth/access_token';

    $facebookGraphUrl = 'https://graph.facebook.com';

    $facebookClientId = '145XXXXXXXXXX10'; // Put your App Id here.

    $facebookRedirectUrl = 'http://subirkumarsao.dyndns-server.com/oauthdemo/userAuth.php'; // Redirect url same as passed before.

    $facebookAppSecret = "7f2feXXXXXXXXXXc40806fYYYYYYbf16"; // Put your App Secret here.

  $code = $_GET['code'];

  

  $url =$facebookAppAuthUrl."?client_id=".$facebookClientId

."&redirect_uri=".$facebookRedirectUrl

."&client_secret=".$facebookAppSecret

."&code=".$code;

  

  $output = urlResponse($url);

  $var = strtok($output, "&");

  $ApCode = strtok($var, "=");

  $ApCode = strtok("=");

  

  //  This $ApCode will be used as a token to get user info from facebook.

    

    $url = $facebookGraphUrl.'/me';

    echo '<pre>';

    $resposeObj = json_decode(processUrl($url,$ApCode));

    var_dump($resposeObj);

    echo '<pre>';

    

    function urlResponse($url)

    {

$ch = curl_init();

curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);

curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);

curl_setopt($ch, CURLOPT_URL, $url);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

$response = curl_exec($ch);

curl_close($ch);

return $response;

    }

    function processUrl($url,$apCode){

if(stripos($url,'?')>0)

           $url = $url.'&access_token='.$apCode;

else

           $url = $url.'?access_token='.$apCode;

return urlResponse($url);

    }

?>

• If everything goes fine you will see user info in JSON format in output.

• You have now successfully integrated your website to use facebook as an OAuth. You can now save the user info received in JSON format. If you need more specific information about the user you can ask specific permission by specifying scope in the request url. Ex: .....&scope=read_friendlists. For more details go through https://developers.facebook.com/docs/reference/api/.

Thanks for reading my post. If you have any doubts do post them. Suggestions are always welcomed.

Why OAuth (Open Authorization) is necessary.

We visit many websites daily, of them some asks you to register to their website. And every one knows how boring it can get to fill up same details everywhere. It's a major issue for web designers. Most try to postpone registration unless required and keep it as small as possible.

Looking at the perspective of company it is very important to keep customer details. If you don't have customer details how do you push more products to them. Marketing teams needs it to plan advertisement to target consumers.

Think of a scenario. You want to buy a cell phone you go and search, you land up in a decent website. You like the product, and the vendor. You want to do some more research. That's the point where you left the website. Chances are you don't come back. To the website its a great loss. If they had your information they might have given a last try with some discount. But you never registered to the website.

OAuth comes here as a savior. You put a up a OAuth login option, user is directed to his OAuth website, he logs in , accepts to share basic information and you are done. Just a few clicks and you are saved from the lengthy registration form. You can always un-share your details when you want, something that was not possible before.

OAuth allows users to share personal data stored on one site to another without having to give user credentials.

On next post will take on how you can use Facebook as OAuth with an example code. And then do the same with Google. Do post about your suggestions.

Social Networking and Cinema

Social Networking and Cinema

  Like it or not Social Networking has grown larger then we could have ever imagined. Its taking new shapes and decisions without being controlled by any individual or organisation. Much like the the science fiction villains social networking sites has become a controller of our lives from just being a dumb website.Take the example of Indian Cinema.

  Friday is the release date of Cinema in India (I don't know the reason behind it.). Its a working day most of the people. So who is going to movies on Friday. Students who can bunk a class or two, die hard fans of the stars, and rest people cannot be exactly to put into some category lets call them random people. Once they watch the movie they have their opinion about the movie. Say around 10% people totally hated the movie on the first day and around 10% of that posted on internet about how much they dislike the movie. Say around the same 10% liked the movie, but how often do we see people going to internet to praise a movie unless they are die hard fan. The problem is if a die hard fan is praising a movie people simply ignore them, thinking them to be biased.

10% disliked the movie - 1% posted on social networking sites - People spread it like fire.
10% liked the movie -     1% posted on social networking sites-  People ignore it thinking its biased.

Friday night working people are on the way home, quickly checking rating of released movies. People trust Social networking sites more then rating from film critics. So there you go a movie which had a fair chance of survival (10 % liked it and 10% disliked it) is already a flop.

So what do we do about it?