first step is to setup your fb canvas app to use oauth 2.0 - http://developers.facebook.com/docs/authentication/canvas
howto ask use to authorize your app? you need to point user to proper url - http://developers.facebook.com/docs/authentication/#authenticating-users-in-a-web-application this code generates url to ask user for permissions in 'scope' arg: =================================================== fb_auth_url = "https://graph.facebook.com/oauth/authorize"; args = { 'client_id': settings.FACEBOOK_API_KEY, 'redirect_uri': 'http://apps.facebook.com/%s/' % getattr(settings, 'FACEBOOK_APP_NAME', None), 'type': 'user_agent', 'display': 'page', 'scope': 'user_photos,user_videos,publish_stream,offline_access,user_birthday,...', } url = "%s?%s" % (fb_auth_url, urllib.urlencode(args)) =================================================== full list of permissions ('scope' arg) is available - http://developers.facebook.com/docs/authentication/permissions what's next after user authorizes app and ext. permissions? when user authorizes your app and returns to your app you'll get 'signed_request' on first request. you can extract data from 'signed_request' with this code: =================================================== import json # or simplejson as json import base64 import hashlib import hmac # code for facebook signed_request based on/copied from: http://sunilarora.org/parsing-signedrequest-parameter-in-python-bas # additional info: http://stackoverflow.com/questions/3302946/how-to-base64-url-decode-in-python def base64_url_decode(inp): padding_factor = (4 - len(inp) % 4) % 4 inp += "="*padding_factor return base64.b64decode(unicode(inp).translate(dict(zip(map(ord, u'-_'), u'+/')))) def parse_signed_request(signed_request, secret): l = signed_request.split('.', 2) encoded_sig = l[0] payload = l[1] sig = base64_url_decode(encoded_sig) data = json.loads(base64_url_decode(payload)) if data.get('algorithm').upper() != 'HMAC-SHA256': # log.error('Unknown algorithm') return None else: expected_sig = hmac.new(secret, msg=payload, digestmod=hashlib.sha256).digest() if sig != expected_sig: return None else: # log.debug('valid signed request received..') return data =================================================== ok, so what's in data from 'signed_request'? data from 'signed_request': =================================================== data = parse_signed_request(request.GET.get('signed_request'), settings.FACEBOOK_SECRET_KEY) # fb uid for user uid = data.get('user_id') # with access token you can access graph api and actually do something # check http://developers.facebook.com/docs/api for more info access_token = data.get('oauth_token') =================================================== so how do i actually do something? when you have access_token it's pretty simple to use graph api. to publish something: =================================================== h = httplib2.Http() api_url = "http://graph.facebook.com/PROFILE_ID/feed"; args = {...} # provide arguments as described here - http://developers.facebook.com/docs/reference/api/post#publishing resp, content = h.request(api_url, "POST", urlencode(args)) =================================================== i've posted this from my head, maybe i forgot something, so post additional questions if something doesn't work as expected. official facebook python-sdk actually works but nobody is maintaining it. also, if you ever used google apis or anything else that actually worked prepare yourself for hell know as facebook platform. Aljosa Mohorovic -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
