Facebook Login with PHP Graph SDK

Posted on by justinstolpe



Today we learn how to log a user in through Facebook using their PHP Graph SDK. We create a login link to Facebook, send them their with a pop up, they accept and get redirected back to our website. Upon redirect, we get an access token from Facebook which allows us to get the users information.

Step 1: Create a Facebook App and config.php

First thing, before do any coding, is to setup a Facebook App. The Facebook App will give us our App ID and App Secret which we will use in our code to connect to the API through the PHP Graph SDK.

The user flow happens like this. The user visits our website. If they are not logged in with Facebook, they are redirected to Facebook and prompted to accept our apps permissions. If they accept, they are redirected back to our website, we are given code, and use that code to generate and access token for that user. We then use that access token to call Facebook and ask for the users information.

  • Go to https://developers.facebook.com/apps/
  • Create a new App
  • Visit the App Dashboard to get your App ID and App Secret.
  • Create a config.php and add your App ID and App Secret to the code below.
<?php
    // your app id goes here
    define( 'MY_FB_APP_ID', 'YOUR-FB-APP-ID' );

    // place our app secret here
    define( 'MY_FB_APP_SECRET', 'YOUR-FB-APP-SECRET' );

Step 2: Create index.php

In this file we determine if the user is logged in with Facebook, has been redirected to our site from Facebook, or is not logged in at all. If there is an access token in the session, we can log the user in and grab their user information. If the user is not logged in but is being redirected from our Facebook App, there is a code $_GET variable we can use to get the user an access token, log them in, and get their user information. If all else fails, we display a “Log in with Facebook” link to the user.

<?php
    // require our config file and load the php graph sdk
    require 'config.php';
    require_once 'vendor/graph-sdk/autoload.php';

    // start the session
    session_start();

    $appCreds = array( // array to hold app creds from fb app
	    'app_id' => MY_FB_APP_ID,
	    'app_secret' => MY_FB_APP_SECRET,
	    'default_graph_version' => 'v3.2'
    );

    if ( isset( $_SESSION['fb_access_token'] ) && $_SESSION['fb_access_token'] ) { // if we have access token, add it to the app creds
	    $appCreds['default_access_token'] = $_SESSION['fb_access_token'];
    }

    if ( isset( $_SESSION['fb_access_token'] ) && $_SESSION['fb_access_token'] ) { // we have an access token, use it to get user info from fb
	    $isLoggedIn = true;
    } elseif ( isset( $_GET['code'] ) && !$_SESSION['fb_access_token'] ) { // user is coming from allowing our app
	    // create new facebook object and helper for getting access token
	    $fb = new \Facebook\Facebook( $appCreds );
	    $helper = $fb->getRedirectLoginHelper();

	    try { // get access token, save to session, and add to app creds
	        $accessToken = $helper->getAccessToken();
	        $_SESSION['fb_access_token'] = (string) $accessToken;
	        $appCreds['default_access_token'] = $_SESSION['fb_access_token'];
	        $isLoggedIn = true;
	    } catch(Facebook\Exceptions\FacebookResponseException $e) { // When Graph returns an error
	        echo 'Graph returned an error: ' . $e->getMessage();
	        exit;
	    } catch(Facebook\Exceptions\FacebookSDKException $e) { // When validation fails or other local issues
	        echo 'Facebook SDK returned an error: ' . $e->getMessage();
                exit;
	    }
    } else { // user is no logged in, display the login with facebook link
	    // create new facebook object and helper for getting access token
	    $fb = new \Facebook\Facebook( $appCreds );
	    $helper = $fb->getRedirectLoginHelper();

	    // user is not logged in
	    $isLoggedIn = false;
    }

    if ( $isLoggedIn ) { // logged in
	    // create new facebook object
	    $fb = new \Facebook\Facebook( $appCreds );

	    // call facebook and ask for name and picture
	    $facebookResponse = $fb->get( '/me?fields=first_name,last_name,picture' );
	    $facebookUser = $facebookResponse->getGraphUser();

	    // Use handler to get access token info
	    $oAuth2Client = $fb->getOAuth2Client();
	    $accessToken = $oAuth2Client->debugToken( $_SESSION['fb_access_token'] );

	    // display everything in the browser
	    ?>
	    <div><b>Logged in as <?php echo $facebookUser['first_name']; ?> <?php echo $facebookUser['last_name']; ?></b></div>
	    <div><b>FB User ID: <?php echo $facebookUser['id']; ?></b></div>
	    <div><img src="<?php echo $facebookUser['picture']['url']; ?>" /></div>
	    <br />
	    <br />
	    <hr />
	    <br />
	    <br />
	    <b>User Info</b>
	    <textarea style="height:200px;width:100%"><?php echo print_r( $facebookUser, true ); ?></textarea>
	    <br />
	    <br />
	    <b>Access Token</b>
	    <textarea style="height:200px;width:100%"><?php echo print_r( $accessToken, true ); ?></textarea>
	    <br />
	    <br />
	    <b>Access Token Expires</b>
	    <textarea style="height:100px;width:100%"><?php echo print_r( $accessToken->getExpiresAt(), true ); ?></textarea>
	    <br />
	    <br />
	    <b>Access Token Is Valid</b>
	    <textarea style="height:50px;width:100%"><?php echo print_r( $accessToken->getIsValid(), true ); ?></textarea>
	    <br />
	    <br />
	    <?php
    } else { // not logged in
	    $permissions = ['email']; // Optional permissions
	    $loginUrl = $helper->getLoginUrl( 'https://www.justinstolpe.com/blog_code/facebook_login_php/index.php', $permissions );

	    ?>
	    <a href="<?php echo $loginUrl; ?>">Log in with Facebook</a>
	    <?php
    }
?>

 

In our index.php  file we determine if the user is logged in with Facebook by checking for a valid access token. We save the access token to our session so we can get the users information if they come back to our site. We do this because calling the actual Facebook get access token function over and over again fast enough will produce an error. The access token also lives on for a while anyways so once the user has accepted our app, there is no need for a new access token until the old one has expired.

Links

Live Demo

YouTube Video

Code on GitHub

That is going to do it for this post! Leave any comments/questions/concerns below and thanks for stopping by the blog!

128 comments

  1. In today’s fast-paced world, staying informed about the latest advancements both locally and globally is more crucial than ever. With a plethora of news outlets struggling for attention, it’s important to find a trusted source that provides not just news, but insights, and stories that matter to you. This is where [url=https://www.usatoday.com/]USAtoday.com [/url], a leading online news agency in the USA, stands out. Our dedication to delivering the most current news about the USA and the world makes us a go-to resource for readers who seek to stay ahead of the curve.

    Subscribe for Exclusive Content: By subscribing to USAtoday.com, you gain access to exclusive content, newsletters, and updates that keep you ahead of the news cycle.

    [url=https://www.usatoday.com/]USAtoday.com [/url] is not just a news website; it’s a dynamic platform that empowers its readers through timely, accurate, and comprehensive reporting. As we navigate through an ever-changing landscape, our mission remains unwavering: to keep you informed, engaged, and connected. Subscribe to us today and become part of a community that values quality journalism and informed citizenship.

  2. Yoou really mae it sewm soo easxy wit your presentation bbut I inn finding
    this matgter too bbe really onne thing wbich I feel I would by noo means understand.
    It sort oof feels too comploex and ver broad for me.
    I’m having a ook aead ffor yolur subsequent submit, I’ll
    attemplt too gett thee cking oof it!

  3. Hey Ikbow tuis is off topic bbut I waas wondering if youu knew of any widgets
    I could add to my blog that automatifally tweet mmy newesxt twifter updates.
    I’ve een looking ffor a plug-in like his forr quite soe
    time and wwas hoping maybe you woulkd have some
    experience with sojething lke this. Please let mme
    know if you ruun into anything. I truly emjoy readxing yoour bog and I ook forward to your neww
    updates.

  17. Once your blog is more established, this list will be used to bring in money, and you will be thankful that you already took care of this.

  23. I will immediately grasp your rss feed as I can’t to find your email subscription link or e-newsletter service.Do you have any? Please permit me realize in order that I may subscribe.Thanks.

  24. A motivating discussion is definitely worth comment. I think that you ought to write more about this subject, it may not be a taboo subject but typically folks don’t talk about such issues. To the next! Kind regards!!

  25. YouTube is an marvellous tool incorporated with this to help the visibility of one’s business. So for being to have more views on youtube you must go and be proactive.

  27. Does anyone know whether I am able to purchase Just Delta 8 Cartridges (justdeltastore.com) at Infinite Vapor Coon Rapids, 79 85th Ave NW, Coon Rapids, MN, 55433?

  34. Thanks for the good writeup. It if truth be told was a entertainment account it. Look complex to far added agreeable from you! By the way, how could we communicate?

  35. Heya i’m for the primary time here. I found this board and I find It truly helpful & it helped me out much. I’m hoping to provide one thing back and help others such as you helped me.

  61. Aw, this was an extremely nice post. Spending some time and actual effort to make a superb article… but what can I say… I hesitate a lot and don’t seem to get nearly anything done.

  62. I do not even know how I ended up here, but I thought this postwas great. I do not know who you are but certainly you are goingto a famous blogger if you aren’t already 😉 Cheers!

  64. I¡¦m not positive the place you are getting your info, but good topic. I needs to spend a while studying much more or figuring out more. Thanks for excellent info I was looking for this info for my mission.

  65. Greetings! I’ve been reading your blog for a while now andfinally got the courage to go ahead and give you a shout out from Austin Texas!Just wanted to say keep up the excellent job!

  69. I will right away grab your rss as I can’t find your email subscription link or e-newsletter service. Do you have any? Please allow me realize so that I may subscribe. Thanks.

  89. Howdy! I could have sworn I’ve been to this blog beforebut after checking through some of the post I realized it’s newto me. Anyways, I’m definitely glad I found it and I’ll be book-markingand checking back frequently!

  90. When I originally commented I clicked the “Notify me when new comments are added” checkbox and noweach time a comment is added I get several emails with the same comment.Is there any way you can remove me from that service?Cheers!

  92. When someone writes an post he/she keeps the image of a user in his/hermind that how a user can understand it. Thus that’s why this post is perfect.Thanks!

  95. I wanted to thank you for this wonderful read!! I definitely loved every bit of it. I have got you book marked to look at new things you postÖ

  108. What’s Happening i’m new to this, I stumbled upon this I have foundIt positively helpful and it has helped me outloads. I’m hoping to give a contribution & assist other users likeits helped me. Good job.

  111. I do not even understand how I finished up right here, but I believed this submit used to be great. I do not know who you might be however definitely you are going to a well-known blogger for those who aren’t already 😉 Cheers!

  116. I do not even know how I ended up here, but I thought this post was great.I don’t know who you are but definitely you’re going to a famous bloggerif you aren’t already 😉 Cheers!

  127. What’s up i am kavin, its my first occasion to commenting anywhere, when iread this piece of writing i thought i could also make comment due to this sensible paragraph.

Leave a Reply

Your email address will not be published. Required fields are marked *