/** * For use as part of the login flow for desktop applications. Bind a session * to an auth_token. This can fail if the specified auth_token doesn't exist, * has expired, or already has a session bound to it. * * @param string $auth_token as returned by api_authtoken_create * @return false on failure, true on success */ function api_authtoken_bind($application_id, $auth_token, $session_key) { $info = api_authtoken_get_info($application_id, $auth_token, false); if (!is_array($info) || isset($info['session_key']) && $info['session_key']) { // the authtoken either doesn't exist, is expired, or already has a session bound return false; } else { return _api_authtoken_update($application_id, $auth_token, $session_key); } }
public function auth_getSession($auth_token) { if (!$auth_token) { $this->throw_code(api10_FacebookApiErrorCode::API_EC_PARAM); } $info = api_authtoken_get_info($this->app_id, $auth_token); if (!$info || !$info['session_key']) { // if the auth_token is invalid or hasn't been bound to a session key $this->throw_code(api10_FacebookApiErrorCode::API_EC_PARAM); } $session_info = api_session_get_info($info['session_key'], $this->app_id); if (!$session_info) { // There might be multiple valid auth_token <-> session_key // mappings, but only one of the session_key values is actually // valid. $this->throw_code(api10_FacebookApiErrorCode::API_EC_PARAM); } $session = new api10_session_info(); $session->session_key = $info['session_key']; $session->uid = api_session_extract_uid($info['session_key'], $this->app_id); if ($session_info['session_timeout'] == 0) { $session->expires = 0; } else { $session->expires = $session_info['key_create_time'] + $session_info['session_timeout']; } $app_info = application_get_info($this->app_id); if ($app_info['desktop']) { $session->secret = $session_info['session_secret']; } return $session; }