Simple Authentication for Symfony using Facebook Login

A few days ago I set about the task of writing an authentication system for DropoutUK based around Facebook Connect / Facebook Login Button. I was pleasantly surprised to learn just how simple it seems to be these days, compared to the first implementation I played with back in 2009. Which, OK is 2 years now, but the new social plugins make life so much easier.

So what is involve? Just 4 simple actions

  1. Create a new facebook application
  2. Add your website URL to it
  3. Add the facebook Login Button to the page
  4. Check for the facebook cookie and process a login action if possible.

1 .Create a new facebook application.

Start off by creating a new facebook app, if you do not already. Make a not of the App ID, we’ll need this later.

2. Add your website URL

Next you need to add your Site URL so that social plugin will work, because facebook only allows you to process an authentication if the referrer URL matches that of the Site URL saved to the app.

3. Add the facebook Login Button to your page

Now we can add some code to the page.

  <title>My Facebook Login Page</title>
  <div id="fb-root"></div>
  <script src=""></script>
    appId: '0000000000000', cookie: true,
    status: true, xfbml: true
  <fb:login-button v="2"
    perms="email">Login with Facebook</fb:login-button>

What you need to do is replace 0000000000000 with you App ID in the above JavaScript block. This will then tell the Login Button which application use to on facebook. You also need to change the onlogin target to where ever you plan to process the facebook cookie. Depending on what information you need from the facebook user, you can specify these in the perms attribute of the fb:login-button tag. In the above I just ask for them users email, in addition to the basics. For a full list of permissions see the facebook documentation on permissions.

When the user clicks on the Login Button, they will be taken to facebook and asked to grant your application permission to access the permissions you have specified. If you have come from the wrong referrer URL then you will see an error message. If you’ve done all of the above correctly then the user will authenticate with their facebook login details and the onlogin action will execute. In the above example you would be redirected to

4. Check for the facebook cooke and process a login action if possible.

OK, so at this point we will have to check for the facebook cookie. The cookie name will called fbs_0000000000000 where the App ID is prefixed with fbs_ and will be available to your website when the user is authenticated on facebook. The contents of the cookie will a json object which contains a value called access_token. This access_token will allow you to access the facebook graph api as the user who has authenticated with your application.

You can access all of the information about the user via the graph api by calling the api with

$cookie_data = $request->getCookie('fbs_0000000000000');
if ($cookie_data) {
  $params = null;
  parse_str(json_decode($cookie_data), $params);

  if (array_key_exists('access_token', $params)) {
    $url = sprintf('', $params['access_token']);
    $user_data = file_get_contents($url);

    if ($user_data) {
      // authenticate the user and save some data into the session
      $user = $this->getUser();

Obviously you’ll want to process the $user_data and maybe push some of the user information into the session data, or even into a database table, but that’s pretty much all there is to it. I’ll leave you to implement the parseUserData( ) code.

4 thoughts on “Simple Authentication for Symfony using Facebook Login”

  1. nice tutorial but not working ! let’s fix that – first there is no creation of the cookie that start with fbs but fbsr and also after i change that it still not working – there is no parsing of the cookie and i dont get the access token… what to do ???

  2. The above tutorial was correct at the time of writing, but Facebook changed the way they process the authentication. I’ll have a look at the new way of doing this and post a new page on how it all works.

Leave a Reply

Your email address will not be published. Required fields are marked *