/**
* For use as part of the login flow for desktop applications. Bind a session
* to an auth_token. This can fail if the specified auth_token doesn't exist,
* has expired, or already has a session bound to it.
*
* @param string $auth_token as returned by api_authtoken_create
* @return false on failure, true on success
*/
function api_authtoken_bind($application_id, $auth_token, $session_key)
{
$info = api_authtoken_get_info($application_id, $auth_token, false);
if (!is_array($info) || isset($info['session_key']) && $info['session_key']) {
// the authtoken either doesn't exist, is expired, or already has a session bound
return false;
} else {
return _api_authtoken_update($application_id, $auth_token, $session_key);
}
}
public function auth_getSession($auth_token)
{
if (!$auth_token) {
$this->throw_code(api10_FacebookApiErrorCode::API_EC_PARAM);
}
$info = api_authtoken_get_info($this->app_id, $auth_token);
if (!$info || !$info['session_key']) {
// if the auth_token is invalid or hasn't been bound to a session key
$this->throw_code(api10_FacebookApiErrorCode::API_EC_PARAM);
}
$session_info = api_session_get_info($info['session_key'], $this->app_id);
if (!$session_info) {
// There might be multiple valid auth_token <-> session_key
// mappings, but only one of the session_key values is actually
// valid.
$this->throw_code(api10_FacebookApiErrorCode::API_EC_PARAM);
}
$session = new api10_session_info();
$session->session_key = $info['session_key'];
$session->uid = api_session_extract_uid($info['session_key'], $this->app_id);
if ($session_info['session_timeout'] == 0) {
$session->expires = 0;
} else {
$session->expires = $session_info['key_create_time'] + $session_info['session_timeout'];
}
$app_info = application_get_info($this->app_id);
if ($app_info['desktop']) {
$session->secret = $session_info['session_secret'];
}
return $session;
}
