Home/ Questions/Q 8291841
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T13:16:14+00:00

This may seem like an obvious problem, but I have looked on the facebook

  • 0

This may seem like an obvious problem, but I have looked on the facebook developers site regarding canvas apps, and on the facebook csharp sdk and have not found an answer to my questions.

I’m using the facebook-c#-sdk v5.4x or something abouts, .net 3.5 using webforms.

The canvas app for desktop will have multiple entry points.

https://apps.facebook.com/my_canvas_app/Default.aspx
https://apps.facebook.com/my_canvas_app/Register.aspx?EventID=12345
https://apps.facebook.com/my_canvas_app/SomeOtherPage.aspx

My first question is that from the first request from facebook, I receive the signed_request (which facebook-c#-sdk takes care of), I have the oauth token, which is valid for approximately 2 hours. What is the correct way to re-new this oauth token, and ensure it’s valid before trying to make an oauth request (query the graph, etc.)?

Right now all my links (say from Default.aspx) look like <a href="https://apps.facebook.com/my_canvas_app/SomeOtherPage.aspx" target="_top">Go to Some Other Page</a>, which ends up doing a round trip to facebook, getting a new signed_request, and thus a renewed oauth token.

Secondly, When doing a regular form postback though asp.net to my own site, I ensure the signed_request is on the form with a simple <input type="hidden" name="signed_request" value="<%=Request.Form["signed_request"]%>" />, which seems to work fine for the the application. If I omit this then the postback does not have the oauth information, resulting in things failing. Is this the correct way to perform a postback in a canvas app? From what I can see from viewing the source of the csharp-sdk that nothing is stored in the session to preserve the oauth token between requests, so the hidden input, and target=”_top” links are required for multiple pages / postbacks, am I correct in this deduction?

Thirdly, when developing the mobile canvas app (without the iframe), do all the links on my page still have to go to https://apps.facebook.com/my_canvas_app/MobilePage.aspx, if my first assumption is correct that is.

If anyone could shed some light on these subjects I would be greatly appreciated.

Thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    What I am doing is using the signed_request on a per-page basis. All links in the desktop environment go to http://apps.facebook.com/myappnamespace/MyPageName.aspx with a target="_top", this way every page change gets an updated oauth token. Mobile operates differently as signed_request is not available for the mobile experience. The solution for this is to use server side authentication instead. I am not using http://apps.facebook.com/myappnamespace for the mobile environment as it’s not within an iframe. Mobile operates like any other regular website.

    • 0