Post-Authorize Callback URL example

Oct 15, 2009 at 3:39 AM

I am new to this and not sure the correct way to do something.  I am using the Facebook Developer's Toolkit v2.1.  Whenever a user add my application, i would like to add that user to my database.

1.  I have a SQL Server Database with a table called Users.  This table contains a varchar 50 field to store the FBUserID.

2.  I have my "Post Authorize Call URL" set to http://localhost:49619/<myappname>/Settings/AddApp.aspx

If i put a breakpoint within the Page_Load event of AddApp.aspx, it never breaks.  putting a breakpoint on my canvas page works great.  Is my url setup properly to debug locally?  Can you debug the Post-Authorize callback locally?

Finally, assuming i figure out how to debug it, how can i access the FB User ID?  Anyone willing to share their post authorize C# code?

I thank you in advance for any help!



Oct 15, 2009 at 8:46 AM

Hello Dan,

I suppose that you use iFrame app where it don't works. Look at the small text right to the text box in developer application :)

You can find user id with API.uid.  By the way, since you are beginner at this area I would like to offer you my scripts and

user control lib. You will spare lot of time. Just visit my site: Thanks !!

Oct 15, 2009 at 1:25 PM

To the right it says "Facebook pings this URL when a user removes your application.  Cannot be a Facebook-framed page."

My understanding is the specific page the authorize URL points to cannot be facebook frame.  Is this related to my canvas settings render method?

My current code for AddApp.aspx is:

<%@ Page Language="C#" MasterPageFile="~/Site.master" AutoEventWireup="true" CodeFile="AddApp.aspx.cs" Inherits="FacebookApp.Add" Title="Untitled Page" %>
<%@ MasterType VirtualPath="~/Site.Master" %>
<asp:Content ID="Content1" ContentPlaceHolderID="MainContentPlaceHolder" runat="Server">


What type of code should i be using?  If an IFrame canvas application cannot receive the authorize event, then how does those types of app know when someone added their application?




Oct 15, 2009 at 3:13 PM

If I understood correctly Post Authorize Call URL works only for FBML apps. You know when somebody added an app

first time by checkin in DB. But you cannot know when somebody remove the app :(


Oct 15, 2009 at 6:42 PM

Thanks Vatra for your answers.

I have read several IFrame versus FBML articles and this difference was never mentioned.  Can someone confirm that an IFrame FB application cannot receive post authorize posts?

If an Iframe application cannot, then what is the recommended best practice time to check the FB database for new users?

Can Iframe applications be redirected to a post authorized page?  If yes, is that the workaround?


Feb 17, 2010 at 1:24 PM

According to my understanding, As I am new to this too.

The post-authorized call is done by facebook implicitly and localhost is not visible to facebook. If you deploy your application to some visible location to world then facebook's call will reach your url too.

Guide Me If I Am Wrong