Today we learn how to log a user in through Facebook using their PHP Graph SDK. We create a login link to Facebook, send them their with a pop up, they accept and get redirected back to our website. Upon redirect, we get an access token from Facebook which allows us to get the users information.
Step 1: Create a Facebook App and config.php
First thing, before do any coding, is to setup a Facebook App. The Facebook App will give us our App ID and App Secret which we will use in our code to connect to the API through the PHP Graph SDK.
The user flow happens like this. The user visits our website. If they are not logged in with Facebook, they are redirected to Facebook and prompted to accept our apps permissions. If they accept, they are redirected back to our website, we are given code, and use that code to generate and access token for that user. We then use that access token to call Facebook and ask for the users information.
- Go to https://developers.facebook.com/apps/
- Create a new App
- Visit the App Dashboard to get your App ID and App Secret.
- Create a config.php and add your App ID and App Secret to the code below.
<?php // your app id goes here define( 'MY_FB_APP_ID', 'YOUR-FB-APP-ID' ); // place our app secret here define( 'MY_FB_APP_SECRET', 'YOUR-FB-APP-SECRET' );
Step 2: Create index.php
In this file we determine if the user is logged in with Facebook, has been redirected to our site from Facebook, or is not logged in at all. If there is an access token in the session, we can log the user in and grab their user information. If the user is not logged in but is being redirected from our Facebook App, there is a code $_GET variable we can use to get the user an access token, log them in, and get their user information. If all else fails, we display a “Log in with Facebook” link to the user.
<?php // require our config file and load the php graph sdk require 'config.php'; require_once 'vendor/graph-sdk/autoload.php'; // start the session session_start(); $appCreds = array( // array to hold app creds from fb app 'app_id' => MY_FB_APP_ID, 'app_secret' => MY_FB_APP_SECRET, 'default_graph_version' => 'v3.2' ); if ( isset( $_SESSION['fb_access_token'] ) && $_SESSION['fb_access_token'] ) { // if we have access token, add it to the app creds $appCreds['default_access_token'] = $_SESSION['fb_access_token']; } if ( isset( $_SESSION['fb_access_token'] ) && $_SESSION['fb_access_token'] ) { // we have an access token, use it to get user info from fb $isLoggedIn = true; } elseif ( isset( $_GET['code'] ) && !$_SESSION['fb_access_token'] ) { // user is coming from allowing our app // create new facebook object and helper for getting access token $fb = new \Facebook\Facebook( $appCreds ); $helper = $fb->getRedirectLoginHelper(); try { // get access token, save to session, and add to app creds $accessToken = $helper->getAccessToken(); $_SESSION['fb_access_token'] = (string) $accessToken; $appCreds['default_access_token'] = $_SESSION['fb_access_token']; $isLoggedIn = true; } catch(Facebook\Exceptions\FacebookResponseException $e) { // When Graph returns an error echo 'Graph returned an error: ' . $e->getMessage(); exit; } catch(Facebook\Exceptions\FacebookSDKException $e) { // When validation fails or other local issues echo 'Facebook SDK returned an error: ' . $e->getMessage(); exit; } } else { // user is no logged in, display the login with facebook link // create new facebook object and helper for getting access token $fb = new \Facebook\Facebook( $appCreds ); $helper = $fb->getRedirectLoginHelper(); // user is not logged in $isLoggedIn = false; } if ( $isLoggedIn ) { // logged in // create new facebook object $fb = new \Facebook\Facebook( $appCreds ); // call facebook and ask for name and picture $facebookResponse = $fb->get( '/me?fields=first_name,last_name,picture' ); $facebookUser = $facebookResponse->getGraphUser(); // Use handler to get access token info $oAuth2Client = $fb->getOAuth2Client(); $accessToken = $oAuth2Client->debugToken( $_SESSION['fb_access_token'] ); // display everything in the browser ?> <div><b>Logged in as <?php echo $facebookUser['first_name']; ?> <?php echo $facebookUser['last_name']; ?></b></div> <div><b>FB User ID: <?php echo $facebookUser['id']; ?></b></div> <div><img src="<?php echo $facebookUser['picture']['url']; ?>" /></div> <br /> <br /> <hr /> <br /> <br /> <b>User Info</b> <textarea style="height:200px;width:100%"><?php echo print_r( $facebookUser, true ); ?></textarea> <br /> <br /> <b>Access Token</b> <textarea style="height:200px;width:100%"><?php echo print_r( $accessToken, true ); ?></textarea> <br /> <br /> <b>Access Token Expires</b> <textarea style="height:100px;width:100%"><?php echo print_r( $accessToken->getExpiresAt(), true ); ?></textarea> <br /> <br /> <b>Access Token Is Valid</b> <textarea style="height:50px;width:100%"><?php echo print_r( $accessToken->getIsValid(), true ); ?></textarea> <br /> <br /> <?php } else { // not logged in $permissions = ['email']; // Optional permissions $loginUrl = $helper->getLoginUrl( 'https://www.justinstolpe.com/blog_code/facebook_login_php/index.php', $permissions ); ?> <a href="<?php echo $loginUrl; ?>">Log in with Facebook</a> <?php } ?>
In our index.php file we determine if the user is logged in with Facebook by checking for a valid access token. We save the access token to our session so we can get the users information if they come back to our site. We do this because calling the actual Facebook get access token function over and over again fast enough will produce an error. The access token also lives on for a while anyways so once the user has accepted our app, there is no need for a new access token until the old one has expired.
Links
That is going to do it for this post! Leave any comments/questions/concerns below and thanks for stopping by the blog!
In today’s fast-paced world, staying informed about the latest advancements both locally and globally is more crucial than ever. With a plethora of news outlets struggling for attention, it’s important to find a trusted source that provides not just news, but insights, and stories that matter to you. This is where [url=https://www.usatoday.com/]USAtoday.com [/url], a leading online news agency in the USA, stands out. Our dedication to delivering the most current news about the USA and the world makes us a go-to resource for readers who seek to stay ahead of the curve.
Subscribe for Exclusive Content: By subscribing to USAtoday.com, you gain access to exclusive content, newsletters, and updates that keep you ahead of the news cycle.
[url=https://www.usatoday.com/]USAtoday.com [/url] is not just a news website; it’s a dynamic platform that empowers its readers through timely, accurate, and comprehensive reporting. As we navigate through an ever-changing landscape, our mission remains unwavering: to keep you informed, engaged, and connected. Subscribe to us today and become part of a community that values quality journalism and informed citizenship.