Facebook Login with PHP Graph SDK



Today we learn how to log a user in through Facebook using their PHP Graph SDK. We create a login link to Facebook, send them their with a pop up, they accept and get redirected back to our website. Upon redirect, we get an access token from Facebook which allows us to get the users information.

Step 1: Create a Facebook App and config.php

First thing, before do any coding, is to setup a Facebook App. The Facebook App will give us our App ID and App Secret which we will use in our code to connect to the API through the PHP Graph SDK.

The user flow happens like this. The user visits our website. If they are not logged in with Facebook, they are redirected to Facebook and prompted to accept our apps permissions. If they accept, they are redirected back to our website, we are given code, and use that code to generate and access token for that user. We then use that access token to call Facebook and ask for the users information.

  • Go to https://developers.facebook.com/apps/
  • Create a new App
  • Visit the App Dashboard to get your App ID and App Secret.
  • Create a config.php and add your App ID and App Secret to the code below.
<?php
    // your app id goes here
    define( 'MY_FB_APP_ID', 'YOUR-FB-APP-ID' );

    // place our app secret here
    define( 'MY_FB_APP_SECRET', 'YOUR-FB-APP-SECRET' );

Step 2: Create index.php

In this file we determine if the user is logged in with Facebook, has been redirected to our site from Facebook, or is not logged in at all. If there is an access token in the session, we can log the user in and grab their user information. If the user is not logged in but is being redirected from our Facebook App, there is a code $_GET variable we can use to get the user an access token, log them in, and get their user information. If all else fails, we display a “Log in with Facebook” link to the user.

<?php
    // require our config file and load the php graph sdk
    require 'config.php';
    require_once 'vendor/graph-sdk/autoload.php';

    // start the session
    session_start();

    $appCreds = array( // array to hold app creds from fb app
	    'app_id' => MY_FB_APP_ID,
	    'app_secret' => MY_FB_APP_SECRET,
	    'default_graph_version' => 'v3.2'
    );

    if ( isset( $_SESSION['fb_access_token'] ) && $_SESSION['fb_access_token'] ) { // if we have access token, add it to the app creds
	    $appCreds['default_access_token'] = $_SESSION['fb_access_token'];
    }

    if ( isset( $_SESSION['fb_access_token'] ) && $_SESSION['fb_access_token'] ) { // we have an access token, use it to get user info from fb
	    $isLoggedIn = true;
    } elseif ( isset( $_GET['code'] ) && !$_SESSION['fb_access_token'] ) { // user is coming from allowing our app
	    // create new facebook object and helper for getting access token
	    $fb = new \Facebook\Facebook( $appCreds );
	    $helper = $fb->getRedirectLoginHelper();

	    try { // get access token, save to session, and add to app creds
	        $accessToken = $helper->getAccessToken();
	        $_SESSION['fb_access_token'] = (string) $accessToken;
	        $appCreds['default_access_token'] = $_SESSION['fb_access_token'];
	        $isLoggedIn = true;
	    } catch(Facebook\Exceptions\FacebookResponseException $e) { // When Graph returns an error
	        echo 'Graph returned an error: ' . $e->getMessage();
	        exit;
	    } catch(Facebook\Exceptions\FacebookSDKException $e) { // When validation fails or other local issues
	        echo 'Facebook SDK returned an error: ' . $e->getMessage();
                exit;
	    }
    } else { // user is no logged in, display the login with facebook link
	    // create new facebook object and helper for getting access token
	    $fb = new \Facebook\Facebook( $appCreds );
	    $helper = $fb->getRedirectLoginHelper();

	    // user is not logged in
	    $isLoggedIn = false;
    }

    if ( $isLoggedIn ) { // logged in
	    // create new facebook object
	    $fb = new \Facebook\Facebook( $appCreds );

	    // call facebook and ask for name and picture
	    $facebookResponse = $fb->get( '/me?fields=first_name,last_name,picture' );
	    $facebookUser = $facebookResponse->getGraphUser();

	    // Use handler to get access token info
	    $oAuth2Client = $fb->getOAuth2Client();
	    $accessToken = $oAuth2Client->debugToken( $_SESSION['fb_access_token'] );

	    // display everything in the browser
	    ?>
	    <div><b>Logged in as <?php echo $facebookUser['first_name']; ?> <?php echo $facebookUser['last_name']; ?></b></div>
	    <div><b>FB User ID: <?php echo $facebookUser['id']; ?></b></div>
	    <div><img src="<?php echo $facebookUser['picture']['url']; ?>" /></div>
	    <br />
	    <br />
	    <hr />
	    <br />
	    <br />
	    <b>User Info</b>
	    <textarea style="height:200px;width:100%"><?php echo print_r( $facebookUser, true ); ?></textarea>
	    <br />
	    <br />
	    <b>Access Token</b>
	    <textarea style="height:200px;width:100%"><?php echo print_r( $accessToken, true ); ?></textarea>
	    <br />
	    <br />
	    <b>Access Token Expires</b>
	    <textarea style="height:100px;width:100%"><?php echo print_r( $accessToken->getExpiresAt(), true ); ?></textarea>
	    <br />
	    <br />
	    <b>Access Token Is Valid</b>
	    <textarea style="height:50px;width:100%"><?php echo print_r( $accessToken->getIsValid(), true ); ?></textarea>
	    <br />
	    <br />
	    <?php
    } else { // not logged in
	    $permissions = ['email']; // Optional permissions
	    $loginUrl = $helper->getLoginUrl( 'https://www.justinstolpe.com/blog_code/facebook_login_php/index.php', $permissions );

	    ?>
	    <a href="<?php echo $loginUrl; ?>">Log in with Facebook</a>
	    <?php
    }
?>

 

In our index.php  file we determine if the user is logged in with Facebook by checking for a valid access token. We save the access token to our session so we can get the users information if they come back to our site. We do this because calling the actual Facebook get access token function over and over again fast enough will produce an error. The access token also lives on for a while anyways so once the user has accepted our app, there is no need for a new access token until the old one has expired.

Links

Live Demo

YouTube Video

Code on GitHub

That is going to do it for this post! Leave any comments/questions/concerns below and thanks for stopping by the blog!

2 comments

Leave a Reply to Cyrus Cancel reply

Your email address will not be published. Required fields are marked *