I have a web app in which users can sign up via many auth providers among which Facebook Login (using facebook SDK).
Everything works fine but I was wondering if there's a way banned users (ToS violators) can get to access the web app?
For example, can they do that using the remove app functionality from their FB account settings or some other way where they could seamingly change their identity making them look like new users from the FB API (new IDs because of some change they made to their account,...) thus being able to sign up again on my app with the same technically banned facebook account?
Related
Our is a very old app and the developers who did the Facebook login integration are no longer working with us. So we can’t get into our Facebook Developer account because no one in the team has access.
Can we just create a new Facebook Developer account and update our integration ID to match the new account ?
Are there any risks? One thing I’m wondering about is if we do make this change if all the users who have previously registered via Facebook login need to register with us again because it is a new ID. But on the other hand, it might work since it is still the same App Id and the same Facebook user account.
Please help.
I need to login via facebook to my application. I am trying to use facebook test accounts, as making fake accounts is both impractical and not allowed. I've seen that people usually have email attached to their test users, while mine dont have it. Any reason why?
I have a facebook messenger bot that sends a webhook to my web app. People can login to my app via facebook login.
The first user contact is normally with my facebook bot on which they can create a profile. When they make contact I take their facebook id, name, profile pic, etc.
Users can then login with facebook to my web app to enhance their profile.
My problem is facebook uses different scoped ids for messenger and their login.
How can I recognise if a user has already been on my facebook bot if they use my web app, and vice verca.
I think it has something to do with the business mapping api: https://developers.facebook.com/docs/apps/for-business but I'm struggling to understand how it works.
I am sending a get request using:
GET /me?fields=token_for_business
But the docs do not specify the full url to use. I'm also unsure if you can use this in developer mode.
facebook provides an id-matching api
for the app and pages owned by the same business manager. More informations:
https://developers.facebook.com/docs/messenger-platform/identity/id-matching
I'm implementing the FB login/logout in my web apps. Each of my web apps serves a different purpose thus having different domains. But they share the same user database.
User's Facebook sign-up comes from one web app. I pass the access token returned by the client side JS-SDK login function to the server. At server side I used the Facebook email and ID (retrieved with graph API /me) as the user's username and password, respectively.
At first, I created a unique Facebook App for each of my web sites. In this case, in my other web apps, when logging in with Facebook, the graph API /me returns a different ID for the same user, so the user cannot login.
It turns out that the response.authResponse.accessToken returned by Facebook login is also different. Then I tried to add all the domains under Settings->Advanced->Valid OAuth redirect URIs in one Website App, but the access token and ID are still different for each domain.
I wonder what is the problem here. Why Facebook returns different IDs for the same user. And why the access token is different even if the web domains are all in one App (same app ID and secret). Thanks.
As #WizKid suggested here, you need to map users between different apps. Usually you will need to create a Business Manager and add your apps to that manager. Then you'll have access to all the apps' info, including their scoped user IDs, by calling API /me/ids_for_business
I'm going to be using the Facebook Open Graph API on my website to allow users to log in, upload information from their profile, and interact. I won't be publishing this app on Facebook's App Center.
My question is, is the Developer Roles section able to be private if the user navigates to the app's page? I don't want the names of the developers publicly listed. If it's not by default, is there a setting to hide that information?
I know Facebook does not want separate accounts created for the purpose of using the API, but I don't want users finding the personal accounts of those developing the site.
No, the list of admins of a Facebook app isn't displayed anywhere on Facebook or retrievable via the API unless your app is acting on behalf of one of the existing admins of that app