Prompt for Permissions in iFrame App

I'm embarrassed to say so, but it took me several hours to figure out how to do this. I guess I should blame the obscurity of the existing documentation.

If you're building a Facebook Application using the iFrame method you may find that you need to prompt the user for special permissions. In my case, I needed the publish_stream permission in order to be allowed to post items to the users wall.

I accomplished this simply by re-directing the user (in my iFrame) to the Facebook prompt_permissions script. Here are the lines of code to do so.

	// If the user doesn't have permissions, send them to get those
	if (!$facebook->api_client->users_hasAppPermission("publish_stream")) {
		// Redirect for permissions
		$url = "http://www.facebook.com/connect/prompt_permissions.php?api_key=$appapikey&v=1.0&next=http://www.joeldare.com/facebook/daddy/index.php?xxRESULTTOKENxx&display=popup&ext_perm=publish_stream&enable_profile_selector=1&profile_selector_ids=1234%2C5454";
		header("Location: $url");
		exit;
	}

Keep in mind that this only requests the publish_stream permission. You must be authenticated before you request that permission. I used the following code to authenticate. This comes before the other.

	// Include the facebook platform
	require_once 'facebook-platform/php/facebook.php';
 
	// Initialize this facebook application
	$appapikey = 'api_key_goes_here';
	$appsecret = 'app_secret_goes_here';
	$facebook = new Facebook($appapikey, $appsecret);
	$uid = $facebook->require_login();

You can find more information about how this works in the Authorization and Authentication for Desktop Applications (link no longer active) article on Facebook.

One key item in this URL is the “next” parameter. That tells Facebook the page to re-direct back to after granting (or not granting) permissions. In my case, I send it right back to the app that requested those permissions. The gotcha, however, is that Facebook requires that the page either A) exist on the www.facebook.com domain, or B) use your applications “connect URL”. So, you will probably want to edit your application preferences in Facebook and set that connect URL to wherever your pages exist (http://www.joeldare.com/facebook/daddy/ in my example).