thanks for reading! Here's what I'm up to.
I'm writing a WordPress plugin that makes use of the PHP SDK (latest version 3.1.1) that Facebook provides. My application is registered with Facebook as a website because it infact acts like a website, even though it's embedded in WordPress.
This SDK comes with an example.php that is very straightforward and easy to understand. If I put this file on my server, it just works. I made sure that the certificate file and the SDK files are in the right place and accessible by the script.
However, if I do the exact same thing from within a WordPress plugin (from the admin page of the plugin), the Facebook backend won't return the user id but will always return 0 instead. The problem with FB returning 0 is pretty common, but the reasons for it seem to vary a lot.
I have to mention that this behavior wasn't always like this. It began just a few weeks ago. I'm suspecting that the FB backend somehow checks for indirect API calls and that calling it from within a WordPress plugin seems to violate FBs auth rules in some way (CSRF issue?). But I'm not sure.
Has anybody got a clue what's going on here?
Here's my guess:
Facebook will not be able to access the backend of your WordPress blog since it requires authentication. So the example.php code will not be visible to it from a WordPress admin panel.
When served raw on your server, there are no such access controls and Facebook is able to reach the page.
If this is the case, my suggestion would be to turn this into a non-admin plugin, perhaps by adding a rewrite rule using the WP_Rewrite class.