Extends the BaseFacebook class with the intent of using PHP sessions to store user ids and access tokens.
Identical to the parent constructor, except that we start a PHP session to store the user ID and access token if during the course of execution we discover them.
allowed in query parameters or POST body. Should be false for non-canvas apps. Defaults to true.
the application configuration. Additionally accepts "sharedSession" as a boolean to turn on a secondary cookie for environments with a shared session (that is, your app shares the domain with other apps).
setAppId(string $appId) : \BaseFacebook
Set the Application ID.
The Application ID
setApiSecret(string $apiSecret) : \BaseFacebook
Set the App Secret.
The App Secret
setAppSecret(string $appSecret) : \BaseFacebook
Set the App Secret.
The App Secret
setFileUploadSupport(boolean $fileUploadSupport) : \BaseFacebook
Set the file upload support status.
The file upload support status.
setAccessToken(string $access_token) : \BaseFacebook
Sets the access token for api calls. Use this if you get your access token by other means and just want the SDK to use it.
an access token.
getAccessToken() : string
Determines the access token that should be used for API calls.
The first time this is called, $this->accessToken is set equal to either a valid user access token, or it's set to the application access token if a valid user access token wasn't available. Subsequent calls return whatever the first call returned.
The access token
getLoginUrl(array $params) : string
Provide custom parameters
The URL for the login flow
getUserAccessToken() : string
Determines and returns the user access token, first using the signed request if present, and then falling back on the authorization code if present. The intent is to return a valid user access token, or false if one is determined to not be available.
A valid user access token, or false if one
could not be determined.
getUserFromAvailableData() : integer
Determines the connected user by first examining any signed requests, then considering an authorization code, and then falling back to any persistent store storing the user.
The id of the connected Facebook user,
or 0 if no such user exists.
getSignedRequestCookieName() : string
Constructs and returns the name of the cookie that potentially houses the signed request for the app user.
the name of the cookie that would house
the signed request value.
getUserFromAccessToken() : integer
Retrieves the UID with the understanding that $this->accessToken has already been set and is seemingly legitimate. It relies on Facebook's Graph API to retrieve user information and then extract the user ID.
Returns the UID of the Facebook user, or 0
if the Facebook user could not be determined.
getAccessTokenFromCode(string $code, string $redirect_uri) : mixed
Retrieves an access token for the given authorization code (previously generated from www.facebook.com on behalf of a specific user). The authorization code is sent to graph.facebook.com and a legitimate access token is generated provided the access token and the user for which it was generated all match, and the user is either logged in to Facebook or has granted an offline access permission.
An authorization code.
Optional redirect URI. Default null
An access token exchanged for the authorization code, or
false if an access token could not be generated.
getAppSecretProof(string $access_token) : string
Generate a proof of App Secret This is required for all API calls originating from a server It is a sha256 hash of the access_token made using the app secret
The access_token to be hashed (required)
The sha256 hash of the access_token
makeRequest(string $url, array $params, \CurlHandler $ch) : string
Makes an HTTP request. This method can be overridden by subclasses if developers want to do fancier things or use something other than curl to make the request.
The URL to make the request to
The parameters to use for the POST body
Initialized curl handle
The response text
getUrl(string $name, string $path, array $params) : string
Build the URL for given domain alias, path and parameters.
The name of the domain
Optional path (without a leading slash)
Optional query parameters
The URL for the given parameters
shouldRetainParam(string $param) : boolean
Returns true if and only if the key or key/value pair should be retained as part of the query string. This amounts to a brute-force search of the very small list of Facebook-specific params that should be stripped out.
A key or key/value pair within a URL's query (e.g.