10 replies to this topic

[King_DuckZ]

Hello everybody, I need to write some code to make our game perform some actions on Facebook. The game is multiplatform (iOS, MacOSX, Win32, Linux) and is mainly written in c++. We can do http and https communication, and it's ok to invoke platform-specific functions such as ShellExecute from win32.

I've searched the net fo days now, and it seems to me I need a so called "access token" in order to do anything. The question is: how do I get such token? I've seen thousands of examples in php and .net, but all of them are under the assumption the game is a browser game. Our game is a stand-alone binary. Any help on how to get a signed request, an access token, a code or whatever is needed would be very helpful.

As far as I can tell, we need access to the user's friends list and the ability to post pictures on his behalf.

[swiftcoder]

The question is: how do I get such token? I've seen thousands of examples in php and .net, but all of them are under the assumption the game is a browser game. Our game is a stand-alone binary. Any help on how to get a signed request, an access token, a code or whatever is needed would be very helpful.

Basically, you need to do exactly what the PHP and .NET APIs do under the hood - make the relevant HTTP(S) requests, process the returned JSON, etc.

It just so happens that the PHP API is open source. Look at facebook-php-sdk/src/base_facebook.php (particularly the makeSignedRequest()/parseSignedRequest() functions), and you should be able to rebuild all that functionality in your C++ program.

[King_DuckZ]

Maybe I'm missing something obvious but... doesn't parseSignedRequest() expect a signed_request already? Its caller (line 484) is getting it from the session or from some cookie, but I don't have either of them in our game. I could get a signed_request out of apps.facebook.com/<appID>, but that too seems to rely on cookies. As soon as I try to get that same page from a ruby script for example, the base64-encoded signed_request results into a mostly empty json structure.

My understanding of the flow in oauth2 is:
client asks for an access_token
client fires up a browser asking the user to login and allow whoever is using that access token to mess around with his account
focus gets back to the game, and if the access_token has been validated it can be used for a limited time

I suppose I'm wrong, but then I don't understand how I can do a two-way communication with a browser launched via ShellExecute.

[swiftcoder]

Its caller (line 484) is getting it from the session or from some cookie, but I don't have either of them in our game. I could get a signed_request out of apps.facebook.com/, but that too seems to rely on cookies.

Cookies are just data. You'll need to implement your own cookie handling, or use an API that already supports them (i.e. libCURL).

[SiCrane]

There are at least a couple of open source C++ Facebook libraries: [1] [2]. If nothing else you can look at their code to see what they're doing inside.

[King_DuckZ]

@SiCrane: I've checked the libraries you linked and:
lib 1 prints to stdout an url to copy-paste into your browser, then asks to copy back whatever url the user is redirected to; that's exactly what I'm trying to automate
lib 2 I already had seen it; it relies on QNetworkAccessManager, which /somehow/ returns the redirected url. It's really not clear how that's possible at all because when the user logs in to facebook he might be subscribing for the first time, so you can't just ask for the 3rd redirected url for example AND the user could get distracted, close the tab, open one more, go to a porn site and then come back to the game, so you can't ask for the last url he visited. I'll check Qt source code anyways.

@Swiftcoder: I'm sorry but I still don't get it. In fact I'm the least fit person for internet-related programming, and yet they choose me.
Where do I get these cookies from? Can you give me an example please?
My understanding is that I open an url using the default browser using ShellExecute. It might start Explorer, Opera or even some home-made browser. The browser then shows the login page, and upon successful login it will receive the cookies (not my program). The best I can do is to wait for the process to terminate, but that doesn't give me a clue on where to find the browser's cookies or the redirected url.

[swiftcoder]

My understanding is that I open an url using the default browser using ShellExecute. It might start Explorer, Opera or even some home-made browser. The browser then shows the login page, and upon successful login it will receive the cookies (not my program). The best I can do is to wait for the process to terminate, but that doesn't give me a clue on where to find the browser's cookies or the redirected url.

The only method sanctioned by FaceBook is to embed a web browser in your desktop application, and display the facebook login page in that.

[King_DuckZ]

I wish I could see that earlier... I never scrolled that page to the bottom :/
Too bad for them then, no facebook support. It's fairly stupid, as the oauth2 system provides a request_token based authentication that would work pretty nicely -- http://cms.getsatisf.../authentication and http://www.reijo.org...rvice-providers I thought they were using some alternate method or that I was wrong, instead they just disabled it...
Thanks for helping, I think we will only use the iOS library they provide and leave the pc versions facebook-free.

Edited by King_DuckZ, 05 September 2012 - 07:18 AM.

[Servant of the Lord]

@SiCrane: I've checked the libraries you linked and:
lib 1 prints to stdout an url to copy-paste into your browser, then asks to copy back whatever url the user is redirected to; that's exactly what I'm trying to automate

That sounds like an example program provided with the library, and not the library itself. But even if it is the library itself, you could re-direct stdout (without it going to a command console) and parse it and use it, I think.
Couldn't you also look at the sourcecode for libfacebookcpp and see how that works?

[King_DuckZ]

Building the authentication address (ie: the one that gets spit to stdout) is not hard at all; in fact it's just a composition of client_id, redirect_url and a couple more things. The problem is that you need on output out of that address, and I can't tell any browser/platform-independent reliable way of getting some random text out of another program's memory. Obviously, I won't ask the user to do a copy and paste over some 30 characters long opaque string. People could take it as if you're trying to hack their account. As swiftcoder pointed out, the suggested way is to embed a browser directly inside my app, which is just not doable.

Edited by King_DuckZ, 06 September 2012 - 02:27 AM.

[swiftcoder]

As swiftcoder pointed out, the suggested way is to embed a browser directly inside my app, which is just not doable.

Why is it not feasible?

Drop-in webkit implementations abound (Awesomium and Berkelium, off the top of my head), and if you are not cross-platform you should be able to embed Internet Explorer pretty easily as well.