Couple Quick Questions and a tip

Jun 28, 2007 at 3:57 PM
  1. Is there an easy way to SIZE the deafult picture for the user?
  2. When I get friends is there a way to just get the FacebookUserID (List<string> for friends as opposed to the full user object collection?
  3. Your web site example pulls the authtoken from query. But when a user clicks on the app from the app list in facebook. It sends in a session key and userID as the query string to start so you can grab those initially. Correct?
  4. if you build your app as an Iframed app in facebook. You will not be able to set your authentication cookie in IE since it does not trust cookies from iframes under default security settings.
    1. you need to add Response.AddHeader("p3p", "CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""); so that IE will accept the cookie.
Coordinator
Jun 28, 2007 at 9:37 PM
1. Not sure. I will check.
2. If you call GetFriendsXML, you will get an xml string of all the userids
3. The user and session are not passed in query, but in request parameters. I built some base canvas pages that show how I have currently figured out how to handle auth for canvas pages. It is in the latest code. I am open to suggestions on how to do it better, but what I have seems to cover all the basic scenarios.

4. Good tip. You could also use Sessions or ViewState instead of cookies. (In my CanvasIFrameBasePage, I use Sessions.
Jun 29, 2007 at 6:18 PM
1. As for the sizing of the images I have seen that you can request different size picture in the FQL.

2 I haven't looked at this xml funciton yet If it is just xml with userID's do you think you might be willing to wrap it to return a List<string>. Programatically that is just easier for me to utilize straight up.

3. I believe CreateSession() return as parameters. But when I click on my apps link in app section off facebook. When it put my app into the IFRAME canvas it appends onto the requested url of my site a UserID and sessionID already there in the url. ( I may have watched something wrong but this is the behavior I though I saw.

4. If you get major hits like the flixster wouldn't the session get big pretty quick if you kept all the auth stuff there?

Coordinator
Jul 2, 2007 at 1:29 PM
1. There are 2 different size pictures you can request. Right now we are only providing the one picture/url. But, we could look into the small version if it would help. From what I saw, the url of the different pictures is the same.

2. Yes, we can do that. Also, I was just reading that for canvas pages this list is supposed to be part of the request. I will play around with this and find out some more information.

3. Interesting. I plan to spend some more time today learning about what is included and when for canvas pages. So, that I can improve/complete my base pages.

4. Potentially. I think ViewState is a better choice. I plan to make that change today.
Jul 2, 2007 at 5:59 PM
Edited Jul 2, 2007 at 6:00 PM
  1. Could be handy
  2. That would be great! And yes I heard about them including as well. I thought it might have only been for people using FBML and not the IFRAME app version though (not sure on this at all)
  3. Look forward to seeing any new implementations
  4. If you are using Viewstate you will have to append on to each link any necessary parameters for subsequent pages wouldn't you?
Coordinator
Jul 2, 2007 at 6:42 PM
2. I played around with this today and didn't find where they are including it. So, I will add that override for you.



4. You are right, I just figured that out too. For now, I left as Sessions, but possible we could convert to cookies. I will look into it. But, viewState won't work unless we require the page authors to pass that info in all links. Which is no good.

Will post a few small changes later.
Coordinator
Jul 2, 2007 at 8:59 PM
1. I will add an issue tracker.

2. I added a new method in the c# base, and in the new Release 1.2 drop. Called GetFriendIds.
3. I fixed a couple minor issues, but didn't fundamentally change anything. I do see some cookies (using http sniffer) that are passed that would be helpful tostreamline the logic, but I can't seem to find them within the Request. I will continue to play around. I am open to suggestions for more improvements.
4.I am thinking of adding a property on the Iframe base page to allow using cookies or sessions for passing user context between pages. But, right now I just have Sessions.
Jul 2, 2007 at 9:29 PM
Thanks for the great resposne!

For my app I have a facebook and a publicly live version. I force Facebook users into the 3rd party authentication system so that I can publish content from both seamlessly. To do that I piggy backed off the Asp SQL membership provider. And attached the cookies for authentication from ASP to the facebook user once they told me who they are.

I thought about making a FacebookMembershipProvider but I will loose some of the cohesiveness of the site. So I just simply find the user who has the stored facebook userID get his login name and then use FormsAuthenticationi to set the cookie for that login to the current user.

That is where that tip I posted above came in, as IE wouldn't allow that auth cookie to be sent back through an IFRAME.