consistent max. line length to 120. use tomdoc comment style
Mark Dodwell
10 years ago
| 76 | 76 | |
| 77 | 77 | def request_phase |
| 78 | 78 | if signed_request_contains_access_token? |
| 79 | # if we already have an access token, we can just hit the | |
| 80 | # callback URL directly and pass the signed request along | |
| 79 | # If we already have an access token, we can just hit the callback URL directly and pass the signed request. | |
| 81 | 80 | params = { :signed_request => raw_signed_request } |
| 82 | 81 | query = Rack::Utils.build_query(params) |
| 83 | 82 | |
| 92 | 91 | end |
| 93 | 92 | end |
| 94 | 93 | |
| 95 | # NOTE if we're using code from the signed request | |
| 96 | # then FB sets the redirect_uri to '' during the authorize | |
| 97 | # phase + it must match during the access_token phase: | |
| 98 | # https://github.com/facebook/php-sdk/blob/master/src/base_facebook.php#L348 | |
| 94 | # NOTE If we're using code from the signed request then FB sets the redirect_uri to '' during the authorize | |
| 95 | # phase and it must match during the access_token phase: | |
| 96 | # https://github.com/facebook/php-sdk/blob/master/src/base_facebook.php#L348 | |
| 99 | 97 | def callback_url |
| 100 | 98 | if @authorization_code_from_signed_request |
| 101 | 99 | '' |
| 108 | 106 | options.access_token_options.inject({}) { |h,(k,v)| h[k.to_sym] = v; h } |
| 109 | 107 | end |
| 110 | 108 | |
| 111 | ## | |
| 112 | # You can pass +display+, +scope+, or +auth_type+ params to the auth request, if | |
| 113 | # you need to set them dynamically. You can also set these options | |
| 114 | # in the OmniAuth config :authorize_params option. | |
| 109 | # You can pass +display+, +scope+, or +auth_type+ params to the auth request, if you need to set them dynamically. | |
| 110 | # You can also set these options in the OmniAuth config :authorize_params option. | |
| 115 | 111 | # |
| 116 | 112 | # /auth/facebook?display=popup |
| 117 | # | |
| 118 | 113 | def authorize_params |
| 119 | 114 | super.tap do |params| |
| 120 | 115 | %w[display scope auth_type].each do |v| |
| 127 | 122 | end |
| 128 | 123 | end |
| 129 | 124 | |
| 130 | ## | |
| 131 | 125 | # Parse signed request in order, from: |
| 132 | 126 | # |
| 133 | # 1. the request 'signed_request' param (server-side flow from canvas pages) or | |
| 134 | # 2. a cookie (client-side flow via JS SDK) | |
| 135 | # | |
| 127 | # 1. The request 'signed_request' param (server-side flow from canvas pages) or | |
| 128 | # 2. A cookie (client-side flow via JS SDK) | |
| 136 | 129 | def signed_request |
| 137 | 130 | @signed_request ||= raw_signed_request && |
| 138 | 131 | parse_signed_request(raw_signed_request) |
| 162 | 155 | request.cookies["fbsr_#{client.id}"] |
| 163 | 156 | end |
| 164 | 157 | |
| 165 | ## | |
| 166 | # If the signed_request comes from a FB canvas page and the user | |
| 167 | # has already authorized your application, the JSON object will be | |
| 168 | # contain the access token. | |
| 158 | # If the signed_request comes from a FB canvas page and the user has already authorized your application, the JSON | |
| 159 | # object will be contain the access token. | |
| 169 | 160 | # |
| 170 | 161 | # https://developers.facebook.com/docs/authentication/canvas/ |
| 171 | # | |
| 172 | 162 | def signed_request_contains_access_token? |
| 173 | 163 | signed_request && |
| 174 | 164 | signed_request['oauth_token'] |
| 175 | 165 | end |
| 176 | 166 | |
| 177 | ## | |
| 178 | 167 | # Picks the authorization code in order, from: |
| 179 | 168 | # |
| 180 | # 1. the request 'code' param (manual callback from standard server-side flow) | |
| 181 | # 2. a signed request (see #signed_request for more) | |
| 182 | # | |
| 169 | # 1. The request 'code' param (manual callback from standard server-side flow) | |
| 170 | # 2. A signed request (see #signed_request for more) | |
| 183 | 171 | def with_authorization_code! |
| 184 | 172 | if request.params.key?('code') |
| 185 | 173 | yield |