[Plugin: Simple Facebook Connect] access_token no longer in FB cookie | WordPress.org

John Kleinschmidt
(@johnkleinschmidt)

12 years, 7 months ago

Otto,

I was testing Simple Facebook Connect 1.1 and found another issue that you might want to know about it.

Right now in the sfc_login_check method in sfc-login.php, if there is a FB cookie set, the plugin checks to see if there is a user with that fbuid by querying usermeta.

If the user doesn’t exist, there is a call to sfc_remote to try to find the user by email address.

However, the call to sfc_remote tries to use the access_token from the FB cookie, but there is no longer an access token in the cookie.
Instead there is a “code” field which can be used to obtain an access_token.

I think there are two options for resolving this issue:
1) Use an app access token to get the users email from FB. It appears that if Publisher is turned on for the plugin, the plugin stores an app access token, but otherwise it doesn’t. If the plugin was changed to always store an app access token, then it could use the token in this scenario even if Publisher is turned off.

2) Make a call to https://graph.facebook.com/oauth/access_token to get an access token and then make another call to get the user’s email from FB.

http://wordpress.org/extend/plugins/simple-facebook-connect/

Viewing 1 replies (of 1 total)

Plugin Author Samuel Wood (Otto)
(@otto42)

WordPress.org Admin

12 years, 7 months ago

You’re right. I missed that bit when converting to oauth2. I’ll correct it.

Viewing 1 replies (of 1 total)

The topic ‘[Plugin: Simple Facebook Connect] access_token no longer in FB cookie’ is closed to new replies.

In: Plugins
1 reply
2 participants
Last reply from: Samuel Wood (Otto)
Last activity: 12 years, 7 months ago
Status: not resolved