I’m going to get geeky on you here again. I’ve been working on a few things with SocialToo to enable Facebook Connect on the site – more on that to come. What I’ve been surprised by though is that this long after the launch of Facebook Connect the main Perl libraries for Facebook, WWW::Facebook::API, still do not support Facebook Connect. The main difference between making API calls from a native Facebook app and a third-party Facebook Connect app is that in the native app, you verify the signature via the URI parameters, via parameters that begin with “fb_sig_”. In Facebook Connect, those variables are set in Cookies by the Facebook Client-side Javascript libraries, and begin with your applications API key, so they’d start something like “(api key)_”, and come from the cookies instead of the URI. You can read more about that here.
So for full compatibility in your preferred Facebook API libraries, both the URI parameters have to be checked along with the Cookies in the event the developer is trying to connect from a third-party website. In the PHP libraries this is already done for you. Surprisingly, Perl has not yet implemented this.
So I got to work on it, and through a couple simple lines of code added to WWW::Facebook::API::Canvas I was able to make get_fb_params check your cookies when the URI parameters are not presence. I’ve submitted the patch to the library’s owner, Clayton Scott, but in case you want to integrate it sooner you can apply it to the 0.4.14 version of Canvas.pm by downloading this patch.
I hope you’re able to get as much out of this as I am – please let me know if you see any potential bugs with the changes.
