I currently have a website on Netlify. It has a index, login, and library (which holds my content only users should see). I want to record the users login info, send them a confirmation email afterwards, then allow them to be directed to the library page after successfully logging in.
Related
My application allows for user authentication via Facebook. I am calling FB Graph API to get details on a logged in user like so...
https://graph.facebook.com/<fbUserId>
But sometimes I see that email address is not one of the fields which is returned. I think this is because when the user was prompted to allow my app access to their public profile and email address, the user chose not to provide their email address. However my application needs email addresses. Is there any way I can tell FB through the Graph API to make that "Edit the info you provide" dialog to reappear so the user can subsequently choose to give their email address?
I think you're asking about how to re-prompt users who denied a permission, so that they're asked to grant the already-declined permission?
If so, you can check which permissions were granted and then re-prompt for those which were previously declined - as you noted, users aren't prompted multiple times to accept a permission if they've already declined it
To re-request, use auth_type: rerequest in your call to FB.Login() (javascript) or your call to the Login dialog; I believe the mobile SDKs handle this automatically (e.g. FBSDKLoginManager in the IOS SDK)
Note that with your specific example, it's possible a user won't have an email address accessible via the API even if they do grant you the email permission, as they may have an unreachable address, be a user without a confirmed address, have signed up to Facebook using a mobile phone number, etc
As a result, you may need to build a UI for users to manually supply their email address anyway, if that info is truly necessary for your app
I'm implementing a Log In With Facebook button on my website, and will be using the email field for two purposes:
create a new account if I don't have this email in my user database
match an existing account if I have a user with this email address
Does Facebook guarantee that they verified the user owns this email address when they return the field in their API?
Otherwise, in the (unlikely) event that a user of my website does not have a Facebook account, someone could create a Facebook account with this email, without validating it, to log in to my website with their account.
They are supposed to be but Facebook has had issues in the past of unverified emails being allowed to pass through the API Is it possible to check if an email is confirmed on Facebook?.
If you implicitly allow Facebook accounts to link up via email, then the next time Facebook has an issue they can effectively take control of all your users accounts.
The secure way to link users up is to either:
Ask a normal user to link their facebook account by logging into it.
Ask a Facebook-user to login with your sites normal account.
I have a website where users can log in with the Facebook oAuth API.
Once the user logs in or registers via Facebook it is stored in my database.
But what I'd like to achieve is, once the user goes to his Facebook application settings page and removes my website app permissions, the used should also be deleted from my database.
Is there any work around to this problem, if this is not possible via the Facebook oAuth API?
You can add Deauthorise Callback URL by Navigating to Settings > Advanced section of your application. Whenever a User Deauthorises your Facebook app, Facebook performs a HTTP POST of signed request to your URL. You may use the field user_id to determine which User has deauthorised your app.
Actually, I would do the following:
Add a date to his last log in to your site.
Have cron job check for old, unused accounts.
Send an email to the user's email address (or Facebook message mail) telling him his account is due to expire soon.
Delete account from database.
I'm still new to CI and PyroCMS, and am trying to implement a Facebook login using the Social module in a custom module, which looks like it does everything I want, but I'm clearly missing some basics (I can't find any documentation other than the brief readme)!
So far, I've watched the intro video, and have enabled Facebook successfully. I can connect via FB and see FB listed in /social/linked, but some confusion exists in my mind between the two user groups I've got: admin and user.
The flow I'm trying to construct is:
user arrives at the site and is presented with a survey
user fills in the survey, then is asked to signup (I understand that this is unconventional)
/signup has a facebook connect button, supplied by the social module
user clicks the connect button, and grants permission in facebook's popup window
user should be directed back to /signup, (or maybe redirected to /user/registration) with some details filled in from facebook (eg. email, name)
on submit, user should be added to the users table, as a member of the 'users' group (not admin) with no email activation required
an email is sent, thanks page is displayed
on returning to the site, the user should access their on-site profile using facebook connect.
I've read a bunch of threads on the subject, which have shaped these expectations...
Here's where I'm at:
user arrives, fills in survey, clicks the connect button
user is redirected to the homepage, which displays a standard page (not handled by my module). I need to return to /signup!
Based on this, I've tried setting:
$this->session->set_userdata('redirect_to', '/signup');
in what I believe is the correct controller method (checks to see if the user is logged in before sending the email, then calls template build to display the social buttons), to no avail.
(edit: I now see that the code above relates to the user module, not the social module.. maybe i can transplant some changes...)
My questions:
am i on the right track, or going about this the wrong way?!
am i right in thinking that the FB account will be matched with an existing user if the email addresss exists in the system?
I have only one FB account, which I is authorised for the app, and I'm using to connect with as a user - will this work, or do I need a separate FB account to test as user?
Other notes:
I am testing the site in Chrome, logged in as admin in Firefox.
Facebook is my testcase, I'm looking at supporting FB, LinkedIn, google and Twitter eventually.
Phew! Grateful for any feedback, Tim
I will try to answer some of your questions since i'm currently experimenting with the exact same social module as well and with some addons to it.
am i right in thinking that the FB account will be matched with an
existing user if the email addresss exists in the system?
Yes you are. I checked it myself while troubleshooting the fact that my google (gmail address) could'nt connect while my hotmail (registered email) could. You will have to sync your emails in all your social sites, change the loginsystem (allowing username login for example) or manually connect multiple emails in your account settings..
I have only one FB account, which I is authorised for the app, and I'm using to connect with as a user - will this work, or do I need a separate FB account to test as user?
I suggest u let someone with another FB account test the system (better save then sorry) but in my case I didn't have any troubles using other (normal) accounts to log in.
am i on the right track, or going about this the wrong way?!
This was your first question, but I'll answer this as the last on since I didn't test is myself:
The Facebook App has a setting called "Site URL". This is the url to which will be redirected. Simply change it to the page you wish it to be. You can also try to change the following lines in social/controllers/social.php:
Line 245 (redirect: user is logged in after FB connect)
redirect($this->input->get('success_url') ? $this->input->get('success_url') : 'social/linked');
Line 283 (redirect: user has to fill in some additional fields to complete registration)
redirect('users/register');
Good luck!
The intro video shows off the entire extent of the social module. Frontend registrations, frontend user account linking, and backend account linking for the entire system.
If you wish to integrate custom functionality, custom user flows and other stuff as listed in your question then you will need to do a little custom work with the module. Hack it, extend it, send in some pull requests, whatever, but sadly it cannot do "everything to integrate with everywhere ever" out of the box. :-/
I am integrating Facebook authentication, registration and app requests with our web app, using a combination of the the Javascript SDK (to manage FB buttons, dialogs, client-side API, etc) and the PHP SDK to process signed requests, auto-login facebook-connected users and use the API to process app requests. I have most things working well and the overall workflow is acceptable.
My question is specifically regarding the "email" extended permission and whether I need it to guarantee that the signed request returned during by the registration plugin will contain the user's email.
I am aware of the current limitations of the registration plugin (in that you cannot ask for extended permissions), but I need the email of the Facebook user when they register. This is so that the user can login both with their FB credentials and standard email/password as per non-FB connected users. (Please don't just suggest that I change the registration process to allow users to register without email - this is a hard requirement for several good reasons that I won't go into here).
At the moment, I am attempting to to "shield" the Facebook registration with a login process to force the user to provide the "email" permission before registering. However this is clunky if placed as a pre-step to FB registration, and/or difficult to guarantee that the user will have passed through this step before reaching the FB registration form.
Does anyone know for certain whether the "email" extended permission is actually required to guarantee getting the user's email during the reigstraion? I cannot find any settings in Facebook (for my test users) that would seem to prevent apps getting the email. Does the fact that I have included the email field in the registration form guarantee that I will get it back in the signed request?
Please note that at the moment, we have no other requirements for extended permissions, and as we need them, we plan to ask the user at the point of need.
Any help/confirmation would be appreciated - I have searched, but cannot find the answer to this exact point (although I could of course have missed it!).
You shouldn't need your users to authorise the app before using the registration plugin, the registration plugin exists specifically to avoid apps having to build in their own system for having users authorise an app before their data can be used to prefill a form.
If you use the registration plugin with fb_only specified, and request the email field, you'll receive the user's email address in the signed request callback when they register.
If you allow users to register using the plugin, but without requiring them to use their Facebook data, the email field could contain whatever email address they've entered manually.
The full documentation is at https://developers.facebook.com/docs/plugins/registration/