consistent max. line length to 120. use tomdoc comment style
Mark Dodwell
10 years ago
76 | 76 | |
77 | 77 | def request_phase |
78 | 78 | if signed_request_contains_access_token? |
79 | # if we already have an access token, we can just hit the | |
80 | # callback URL directly and pass the signed request along | |
79 | # If we already have an access token, we can just hit the callback URL directly and pass the signed request. | |
81 | 80 | params = { :signed_request => raw_signed_request } |
82 | 81 | query = Rack::Utils.build_query(params) |
83 | 82 | |
92 | 91 | end |
93 | 92 | end |
94 | 93 | |
95 | # NOTE if we're using code from the signed request | |
96 | # then FB sets the redirect_uri to '' during the authorize | |
97 | # phase + it must match during the access_token phase: | |
98 | # https://github.com/facebook/php-sdk/blob/master/src/base_facebook.php#L348 | |
94 | # NOTE If we're using code from the signed request then FB sets the redirect_uri to '' during the authorize | |
95 | # phase and it must match during the access_token phase: | |
96 | # https://github.com/facebook/php-sdk/blob/master/src/base_facebook.php#L348 | |
99 | 97 | def callback_url |
100 | 98 | if @authorization_code_from_signed_request |
101 | 99 | '' |
108 | 106 | options.access_token_options.inject({}) { |h,(k,v)| h[k.to_sym] = v; h } |
109 | 107 | end |
110 | 108 | |
111 | ## | |
112 | # You can pass +display+, +scope+, or +auth_type+ params to the auth request, if | |
113 | # you need to set them dynamically. You can also set these options | |
114 | # in the OmniAuth config :authorize_params option. | |
109 | # You can pass +display+, +scope+, or +auth_type+ params to the auth request, if you need to set them dynamically. | |
110 | # You can also set these options in the OmniAuth config :authorize_params option. | |
115 | 111 | # |
116 | 112 | # /auth/facebook?display=popup |
117 | # | |
118 | 113 | def authorize_params |
119 | 114 | super.tap do |params| |
120 | 115 | %w[display scope auth_type].each do |v| |
127 | 122 | end |
128 | 123 | end |
129 | 124 | |
130 | ## | |
131 | 125 | # Parse signed request in order, from: |
132 | 126 | # |
133 | # 1. the request 'signed_request' param (server-side flow from canvas pages) or | |
134 | # 2. a cookie (client-side flow via JS SDK) | |
135 | # | |
127 | # 1. The request 'signed_request' param (server-side flow from canvas pages) or | |
128 | # 2. A cookie (client-side flow via JS SDK) | |
136 | 129 | def signed_request |
137 | 130 | @signed_request ||= raw_signed_request && |
138 | 131 | parse_signed_request(raw_signed_request) |
162 | 155 | request.cookies["fbsr_#{client.id}"] |
163 | 156 | end |
164 | 157 | |
165 | ## | |
166 | # If the signed_request comes from a FB canvas page and the user | |
167 | # has already authorized your application, the JSON object will be | |
168 | # contain the access token. | |
158 | # If the signed_request comes from a FB canvas page and the user has already authorized your application, the JSON | |
159 | # object will be contain the access token. | |
169 | 160 | # |
170 | 161 | # https://developers.facebook.com/docs/authentication/canvas/ |
171 | # | |
172 | 162 | def signed_request_contains_access_token? |
173 | 163 | signed_request && |
174 | 164 | signed_request['oauth_token'] |
175 | 165 | end |
176 | 166 | |
177 | ## | |
178 | 167 | # Picks the authorization code in order, from: |
179 | 168 | # |
180 | # 1. the request 'code' param (manual callback from standard server-side flow) | |
181 | # 2. a signed request (see #signed_request for more) | |
182 | # | |
169 | # 1. The request 'code' param (manual callback from standard server-side flow) | |
170 | # 2. A signed request (see #signed_request for more) | |
183 | 171 | def with_authorization_code! |
184 | 172 | if request.params.key?('code') |
185 | 173 | yield |