I am embedding a Facebook app into the Facebook app canvas so that it is available at . My application sends notification emails that contain links like and that should open the page embedded into the Facebook canvas. How do I achieve this? My current thoughts:
User opens
Application checks for signed_request parameter
Application redirects user to
Application checks for requested_page parameter and redirects to this page
User sees URL and is embedded into canvas
Is there a better pattern out there to get this working?
My final working solution (with Ruby on Rails)
User opens
Application checks on client-side if app is embedded in canvas:
if(window == top){
top.location = "{Settings.facebook.app_id}#{request.fullpath}";
User is redirected to
Application middleware converts POST into GET if signed_request is present (code and idea borrowed from
Application parses signed_request with fb_graph gem, app_secret, :signed_request => params[:signed_request])

I'd just update the link to point to http://apps.facebook/example/messages/123 off the start.
When you check for authentication just set the redirect after authorization/login to the same page.
Redirecting a user around multiple pages for no reason is just not a good practice.


Build web page request in Objective C

I'm building a native application. The app has an embedded webview (UIWebView) pointing to a social website. To be able to use the website inside the app, user has to log in by the webview (username/password) and then he can continue use the site with saved cookies. Normally, the cookies expire after two days. After that, the user has to re-login by the webview.
Now suppose I know username and password of the user and I would like to make the user login automatically with this account when the cookie expires. How can I do that?
I tried to simulate the Login action when I click on Login button on web page, but not successful.By using "Inspect Element" of Chrome, I can see Chrome makes a "Post" request to an URL with some parameters. However, the request doesn't get successful (I use REST client for testing).
Finally I found out the solution. I didn't build requests anymore. I used javascript to set text fields and make "click" action on the webview. Done.

Does Twitter has a static page for OAuth redirects?

I'm developing a desktop application which is supposed to allow users to login via Twitter.
There seems to be 2 ways to do so, that differ in a way oauth_verifier is returned to the application.
The first one is for web applications and oauth_verifier is returned as a url query parameter when redirecting user back to redirect_url.
The second one is using a PIN displayed to the user, which user enters to the app.
Now Facebook, for example, has a page , where FB can redirect a user with ouath_verifier as a query param (e.g.<token>. Then I can read that param back from the browser's location field (I'm using an embedded browser).
So, is such a workflow possible with Twitter? Does it have a static page, where it can redirect user with oauth_verifier ?
I haven't been able to find such a page in Twitter's API docs, so I ended up using the main page for the redirect. Everything works fine.

Facebook authentication in a new browser instance MVC

I have an Asp.Net MVC 4 app an i have a feature in which the app can post to user's wall.
Its working fine, but currently the url
redirects to facebook page , authenticates ,post the message and redirects back to my app.
Is it possible to open the facebook authentication page in a new browser instance and somehow close the browser instance once the message is posted ?
Thanks !
Not sure if this covers what you want to achieve but by using Facebook Feed Dialog, you can set display parameter to appropriate value (e.g. popup) and let the user publish a story to a timeline.

Multiple Tab apps, using authorization of a single app id

Here is the scenario;
Our website uses APPID-1 for auth and extended permissions (MainSite)
Our Page Tab App uses APPID-1 for auth & extended permission
(TabApp-1), and this adds the auth_token to our DB on MainSite
However we want to add another tab that uses APPID-1 for auth_token acquisition, is this possible?
Proposed scenario;
MainSite - APPID-1 acquire auth_token
TabApp-1 - APPID-1 acquire auth_token
TabApp-2 - APPID-1 acquire auth_token
I should note that non of our TabApps actually need the auth_token, its our MainSite backend app that uses the auth_token to perform actions for the user. However we want to make it easier for our users to use the site, and many come via our Fan Page.
So can we have TabApp-2 pop the Auth Dialog for APPID-1 with is not TabApp-2's APPID?
Ruby on Rails 3.1 and using Graph API & Javascript Fb API
I guess you would have to initiate the JS SDK in TabApp-2 with APPID-1. Server-side you would receive a signed_request with TabApp-2 credentials but you can just it that if you work only with the JS API.
I guess you could validate the assumption with a prototype in less than 30 minutes. Have you done that yet? If so, what were the results?
You don't need different apps for this (but i think you're aware of that) the same app can be installed onto multiple pages, and you can show different content on each page by checking the page parameter in the signed_request which is POSTed to your server when the page tab is loaded by a user.
As far as authorisation goes, you may have issues when getting the user to log in directly from a page tab (issues = it may not be allowed to redirect the user back to the tab after login because the full URL to the tab ({app id here}) isn't 'owned' by your app)
If that happens you can send them to your main site after login with an additional parameter that you use to detect that the user started login on a page tab, and redirect them back to it
Seems you will have to make a few apps, then just use php-sdk to authenticate, since the auth will be server side it will not matter what iframe or page tab it appears in, it will be able to auth to a single app.

Twitter oauth authorization in a pop-up instead of in main browser window

I feel incredibly stupid for even asking this since the answer might already be under my nose but here it goes:
TweetMeme has a Re-tweet twitter widget that publishers can place on their blogs. When a user clicks on the widget, it pops open a window which allows the user to authenticate themselves with twitter and then re-tweet.
This seems to use some special Twitter oauth popup form factor - unless there is something fancier happening under the surface to authenticate the user.
The pop-up window looks like this:
I'd rather handle an authentication via a pop-up rather than send the user to a brand new page (for the app I'm working on) and they seem to have the most graceful solution. Thoughts on how they did this?
I think that the process is something like this (I assume that they have used php on server-side):
First it opens a jQuery-like popup, but it's not strictly related to twitter sign in functions.
The real sign-in process begin when you confirm that popup, so it open new popup, with some php inside, that # hold a session.
Those scripts ask to twitter the request tokens, using site's application params, and save them into $_SESSION array.
If it's all-right, twitter send you to twitter authenticate page (, and after you have inserted your login params, twitter send you to the callback page defiend by that site. Here there is another php page that request access tokens, and save them into $_SESSION array. If it's all-right now the site has params that he needs for querying your profile, so last scripts inside popup refresh opener window (main site) and close himself.
Now main window has all the interesting params inside $_SESSION array.
Check this useful library for all the server-side work.
All they're doing is opening a page in a new window (using target _blank), then starting the process from there.
EDIT: I was looking at the wrong retweet button. For your specific example, clicking the retweet button first opens Tweetmeme page in a new window. Clicking yes then initiates the OAuth process by sending you (still in that window) to (with appropriate parameters).
