On my website, the user can log in through Facebook. I have also created a Facebook canvas app which consists of a small part of my website.
Through the Facebook canvas app, the user can access certain features of the site regarding their site account.
It works great when the user accesses the FB app while already being logged into the site. However, if the user accesses the FB app while NOT being logged into my site - how do I log them into my site through the app?
It would be ideal if I could somehow automatically log them into their account when accessing my site through the FB app.
If that isn't possible, I would like the user to be able to log into my site through the Facebook app. However right now when I redirect to the oauth login I get the following error:
Refused to display 'https://www.facebook.com/dialog/oauth?response_type=code&client_id=…nLpHx7N5X--Q' in a frame because it set 'X-Frame-Options' to 'DENY'.
Summary:
So basically your problem was just how to call the FB login dialog from within canvas. If you use the URL redirect version, then you have to call it in the top window instance – the login dialog can not be shown in any kind of (i)frame, for security reasons¹
top.location.href=…
in JavaScript, or target="_top"
for a simple link can achieve that.
¹ User needs to be able to verify via address bar that they are entering their credentials on facebook.com, to prevent phishing attacks.