Access_token in php and javascript with Facebook API

Question

I am having a problem integrating my game into Facebook. Upon reading about the documentation, I read that the best and most up-to-date way to communicate with FB from Flash is via the Facebook API on javascript. I call this to get all the ui dialogs and basic login information. Now, my flash games connects to a php to send and receive highscores like so:

scores.php?action=NEWSCORE&userId=123123123&score=100

scores.php?action=VIEW

scores.php?action=VIEWFRIENDS&userId=123123123

Now, in scores.php, when I set the VIEWFRIENDS action, I want the php to create the facebook query. I do this by adding

// Init the Facebook SDK
$facebook = new Facebook(array(
'appId'  => $app_id,
'secret' => $app_secret,
));

// Get the current user
$user = $facebook->getUser();

$access_token = $facebook->getAccessToken();
$fbresponse = $facebook->api("/me/friends?fields=installed", array('access_token'=>$access_token.$access_token,));

if ($fbresponse)
{
    $friendsData = $fbresponse['data'];
    $friendsString = '';
    $friendCount = 0;
    for ($i = 0; $i < sizeof($friendsData); $i++)
    {
        $friend = $friendsData[$i];

        if ($friend['installed'])
        {
            if ($friendCount > 0)
                $friendsString = $friendsString . ",";

            $friendsString = $friendsString . "'" . $friend['id'] . "'";                    $friendCount++;
        }
    }
    // Get the friends highscores
    $sql = "SELECT * FROM Highscores WHERE FacebookId IN (" . $friendsString . ") ORDER BY Score DESC LIMIT " . $scoresize ;
    $result = mysql_query($sql);
}

When doing this, all appears to work if I test it outside Facebook, but when I integrate it into my app, it throws the following error:

<br />
<b>Fatal error</b>:  Uncaught OAuthException: Invalid access token signature.
  thrown in <b>/home/public_html/mysite.org/games/myGameFacebook/fb-php-sdk/base_facebook.php</b>

on line 1106

I am trying to check whats happening and I have yet to find out what to do about it. I understand the access token is generated on Javascript when logging in by this code.

getLoginStatus:function() {
    log("getLoginStatus");
    FB.getLoginStatus(function(response) {
        if (response.status === 'connected') {

            log("Logged in.");
            F.token = response.authResponse.accessToken;
            F.getCurrentUserInfo();
        } else if (response.status === 'not_authorized') {
            log("User did not authorize app");
        } else {
            log("Not logged in.");
            FB.login(function(response) {
                if(response.session) {
                    log("Logging successful.");
                    F.token = response.session.access_token;
                    F.getCurrentUserInfo();
                } else {
                    log("Logging failed.");
                }
            });
        }
    });
},

How can I resolve this issue? I've been trying to understand how to do it, but I've read its either impossible, or link to some unknown session variable that has never worked.

Answer 1

You're concatenating the access token with itself in the call to $facebook->api

array('access_token'=>$access_token.$access_token,)

should look like:

array('access_token'=>$access_token,)

But I guess you should use an app access token to retrieve what you need, with a function like:

 // Helper function to get an APP ACCESS TOKEN
 function get_app_access_token($app_id, $app_secret) {
   $token_url = 'https://graph.facebook.com/oauth/access_token?'
     . 'client_id=' . $app_id
     . '&client_secret=' . $app_secret
     . '&grant_type=client_credentials';

   $token_response =file_get_contents($token_url);
   $params = null;
   parse_str($token_response, $params);
   return  $params['access_token'];
 }

You'll need to pass it the app secret that you can read on Facebook Developer App Page.