I am embedding a Facebook app https://example.com into the Facebook app canvas so that it is available at https://apps.facebook.com/EXAMPLE . My application sends notification emails that contain links like https://example.com/messages/123 and that should open the page embedded into the Facebook canvas. How do I achieve this? My current thoughts:

1. User opens https://example.com/messages/123
2. Application checks for signed_request parameter
3. Application redirects user to https://apps.facebook.com/EXAMPLE/?requested_page=/messages/123
4. Application checks for requested_page parameter and redirects to this page
5. User sees https://example.com/messages/123 URL and is embedded into canvas

Is there a better pattern out there to get this working?

My final working solution (with Ruby on Rails)

1. User opens https://example.com/messages/123

2. Application checks on client-side if app is embedded in canvas:

   if(window == top){
       top.location = "https://apps.facebook.com/#{Settings.facebook.app_id}#{request.fullpath}";
   }
   

3. User is redirected to https://apps.facebook.com/EXAMPLE/messages/123

4. Application middleware converts POST into GET if signed_request is present (code and idea borrowed from https://github.com/dekart/facebooker2/blob/master/lib/facebooker2/rack/post_canvas.rb)

5. Application parses signed_request with fb_graph gem

   FbGraph::Auth.new(app_id, app_secret, :signed_request => params[:signed_request])
   

I'd just update the link to point to http://apps.facebook/example/messages/123 off the start.

When you check for authentication just set the redirect after authorization/login to the same page.

Redirecting a user around multiple pages for no reason is just not a good practice.