As any Facebook developer knows, Facebook has some restrictive ideas about permissions and what apps should be allowed to do on your behalf or even know about you. One consequence of this is that Facebook avoids giving you any information about the user who is interacting with your app in a tab. The session data you are given will contain the page’s id (known as
profile_id in the decoded
signed_request value) but not the user’s id. The user’s id is available when people interact with your app outside of a page tab, but that doesn’t help when it’s in a tab.
Aside: New developers, always remember that Facebook gives you more or less access to the platform depending on how the app is being used. If your code doesn’t seem to work when running in a tab, try running it directly through the canvas at
http://apps.facebook.com/[app-name]/. If it works there, you probably have some permissions weirdness going on.
So, how do you determine the user id of the person who installed your Facebook app as a tab on their fan page?
There are three ways to do this that I’m aware of. If I missed anything, let me know.
- Some confusing combination of access permissions, session keys, and page.info and page.isAdmin. I have no idea how to get this working reliably from a tab without requesting extended permissions. If anyone does, please give me a specific example.
- Maintain a table of installed app state, called something like
app_installs. In there, track page ids that have installed the app, saving all the information you can find about them. Create a setup or edit page, and put that in the
Edit URLfield of your Application Settings. When your app is loaded, check that
app_installstable to see if a record already exists for the page id (
signed_request). If it doesn’t, instruct the user to click the Edit Page link, then find your app and click Edit. Your app will run in canvas, as the user who admins the page, with both the
user_idvariables available to you! Store this information, update the
app_installstable, and you’re good to go! This might also be a good place to do some queries against the
userFQL tables and store the information in your local table.
- Basically the same as above, but use an
<fb:visible-to-owner>>a href="[encoded_secure_edit_url]">Click here to finish setting up the app</a></fb:visible-to-owner> construct to build a secure edit URL (perhaps based on a session key or md5'd profile_id/APP_SECRET combination). Facebook will only show this link to the page admins, and then you will be able to get the rest of the user information after the click.
Hope this helps some struggling Facebook App developers!