So I've seen many related questions but they all date from years ago (Facebook SDK changes constantly) and mine is more specific.
I'm building a web app which requires authentication and Facebook API is one of its auth solutions and I'm trying to catch some scenarios. So as I asked earlier, what happens when someone removes my app from Facebook via the "Apps and websites" settings and tries to reconnect in my app ?
It might seem obvious to some that the user wouldn't get logged in because as far as I know in 2021, FB SDK uses an app specific ID for each user which gets generated when logging in for the first time and is useless when the user removes the app from his settings because there's no more mapping between the ID and the user.
But I've experienced in an app that I used (ometv kinda similar to omegle) that they log you in even after you delete them from the Facebook settings.
Thanks for considering my question.
EDIT: This is the edge case that I'm referring to from facebook dev
Someone removes your app from Facebook via app settings and revisits your app. Your app should detect this and prompt the person
to log back in. Go to your app and tap on the "Log in with Facebook”
button Tap OK to accept the read permissions (and OK again to accept
write permissions where applicable) Go to app settings on Facebook and
remove your app Repeat steps 1-2 and verify that Facebook Login works
A more specific question that I might ask would be whether or not a user can bypass this behavior ?
Related
Last night Facebook disabled our app with the following justificative:
Developer Policy 6.1: Verify that you have integrated Login correctly. Your app shouldn't crash or hang during the testing process.
During Login, your app is crashing or hanging excessively, creating a broken experience for people trying to use your app. To make sure this flow runs smoothly, check that you've integrated Facebook Login correctly. We recommend that you test Login on all integrations. If you have not already done so, please:
• Here's our quickstart guide for implementing Facebook Login for Android: https://developers.facebook.com/docs/facebook-login/android
• We encourage you to test your Login integration following these steps here: https://developers.facebook.com/docs/facebook-login/testing-your-login-flow/
• Best Practices for Login can be found here: https://developers.facebook.com/docs/facebook-login/best-practices
After going through the app options for Facebook Login, I found out that our public_profile permission is in "Standard Access." To allow our users to use Facebook Login, I will need to upgrade to "Advanced Access."
The documentation says that "Business apps created before February 16, 2021, were automatically approved for Advanced Access for the email and public_profile." I should be able to move our public_profile permission to "Advanced Access" because our app was created way before 2021. The problem is that after I click on the "Get Advanced Access" button and type my password, the page reloads, and the public_profile permission is still on the "Standard Access" mode.
So, these are my questions: what I am doing wrong? Is my app unable to upgrade our permissions to "Advanced Access" while being in this "Disabled" state? How can I debug my app to make it work again?
Some additional info about my app:
It passed through the Facebook App Review in 2019, and we already got permission to manage Pages and read connected Instagram accounts;
Everything was working fine until Facebook warned us that our Login integration was not working correctly;
In response to the Facebook notification and before Facebook disabled our app, we enabled the "Login with the JavaScript SDK" and updated the "Allowed Domains for the JavaScript SDK" (such as "https://www.example.com/").
I can't switch back our app to "Dev Mode" because the option is not showing up (is it due to being "Disabled"?)
For anyone landing here from google: I had the same issue, it is a brand new Facebook app, it's not blocked nor disabled. I needed to enable login through Facebook, thus needing advanced access to public_profile. When I tried that, it sometimes asked for my FB password, sometimes not, but it did nothing. There were no errors in the javascript console in the browser, nor any failed requests. I managed to make it work by simply waiting 10-30 seconds after each click (Request advanced access -> wait -> check the box -> wait -> write password -> click submit) to let the JS in the browser finish whatever was going on and then click the next button etc.
I discovered that it is not possible to modify your permission settings while your app is blocked.
I recovered my app using the appeal form, saying that I can't correct it while it is blocked because I need to change the permission settings. In case anyone needs an example, this was the exact text I sent to Facebook on the appeal form:
To get our app into compliance, we still need to upgrade our
permissions from "Standard Mode" to "Advanced Mode", but we can't do
this while our app is disabled. I would like to ask Facebook for an
Extension of the deadline and to re-enable our app, to allow our team
to change the permissions to "Advanced Mode" and properly test and get
our app into compliance. In case it is not possible to make an
extension to the deadline, we ask Facebook to revoke all permissions
given through the App Review process and then re-enable our app, in
Dev Mode. This way, we would be able to make all the required changes,
properly test our app, and submit it again to the App Review.
for me it was not possible to get a reply from facebook with the text of #lgfischer. All the time only chatbots answered. After 2 weeks of writing we decided to remove the facebook login from the app.
the end result is: no more facebook login in our app. 😁 thanks to all facebook chatbots and to the intelligent metaverse. ;-)
I had the same issue, it is a brand new Facebook app, it's not blocked nor disabled. I needed to enable login through Facebook. It asked me to enable advanced access to public profile setting When I tried that, it sometimes asked for my FB password, sometimes not, but it did nothing.
There was no errors, the setting was just not turning on to advanced. this problem was faced by some others too, who have posted their answers under this same topic
I have been able to access the advanced setting now.
All I had done was change from brave browser (Tried with chrome also, but didn't work) to Mozilla Firefox
It just worked like magic. make sure you enter the right password for that account.
If this helps, hit an Upvote. or comment your experience below
When a user is not logged in and they navigate to a page tab made with our app, they get an obtrusive dialog asking them to log in:
This has nothing to do with http vs https, the app is not in sandbox mode, there is nothing in the tab asking for a login or user information, etc. I've gone through the app settings at least a half dozen times now, and nothing is wrong there. Aside of urls, the settings are identical to another app I have that does not suffer from this problem. I'm stumped!
Edit: here is an affected tab: https://www.facebook.com/StaticHtmlThunderpenny/app_203351739677351
This message is not about login to your app, but Facebook in general.
So my guess would be that the page your app is installed as page tab app on is restricted in some way – by age, location, or for having alcohol-related content. And then of course Facebook asks for login, because otherwise they can not determine whether or not the (as of now still “anonymous”) user qualifies to see the page.
So go check the page settings.
This is actually not app related question.
This is thumb rule!! To access any app on Facebook, you need to log in to Facebook. You can see Facebook page without log in. But for facebook apps, you should be authentic user.
with this issue in my own experience that I came across some years back with a facebook app that I was running, if this doesn't relate to any of your other social networking apps then am aligning two set of possibilities and solution.
The user might have not properly logged out as "written" in the app for the users logout stage.
Solution would be that the user logout as expected before closing the app.
The user might have set up an automatic login prompt which was removed by the app when it was been updated automatically. (If you do get me???)
Solution would be to monitise your app on updates and login informations or better still just login and logout ask intended by the app and for security reasons.
Lastly I would say that automatic bookmark database should be added to the server part so current pages as the user uses the app would be saved after logout or login stage. Thank you, hope this helps and if not let me know what am missing.
I'm building a public installation using an iPad, built as an iOS web app (using the "Add to Home Screen" functionality) which is going to allow users to share content on Facebook.
I'm currently logging the user in to Facebook and getting them to authorize my Facebook app when they click my custom share button. On a successful login, I open Facebook's Feed dialog and allow them to share. Once they have shared (or clicked cancel) I automatically log them out, making sure that the next user that uses the public installation won't be able to share to the previous user's Facebook account.
This all works well, but things get tricky if someone was to hit my custom share button, log in to Facebook and then not allow my app. This would mean that they have logged in, but as they haven't authorized the app, I don't have an access token, and so can't log them out (FB.logout() requires an access token).
Is there a way around this?
Or is there another way that I can log a user out?
Or is there a safe way to allow a user of a public installation (built in HTML) to share on Facebook and be automatically logged out afterwards? Would building a native obj-c app, and using Facebook's iOS SDK help?
The best I can think of is that if the user logs in but doesn't allow the application, they are told that they need to log out, and redirected to Facebook to be able to do this. However this offers them the chance to browse Facebook and (through shared links in their feed) the whole Internet - this isn't acceptable for our installation.
I solved this problem by creating a native iOS app, where the Facebook share link opened in it's own UIWebView. And once the sharing was complete, I deleted all session & cookie information, effectively logging the user out.
I have Facebook's SSO working properly in my iPhone app and most of my users have not been experiencing any issues. However, a small number of them have been reporting errors with Facebook Connect and not being able to create an account. After an email exchange with one, we determined that the app permission toggle under Settings->Facebook was somehow set to disallow my app from using Facebook.
I have since added an error message telling the user this might be the case but my question is how did this switch get toggled in the first place? It would seem that a user would have to manually toggle this switch, right? I also looked for an API method that might do this e.g. rejecting Facebook SSO the first time a user saw the dialog asking for permission; I could not find any such code.
Any ideas? I'm hoping this problem will solve itself with the error dialog I've put in but if possible, I'd like to remove this issue altogether.
As far as I know, using the native dialog with iOS6 and rejecting the permissions request (the first one, at least, not sure about requests which are asking an existing user for more permissions) will toggle that switch
If you need to debug, try uninstalling the app from your facebook profile (a HTTP DELETE request to /<USER ID>/permissions will do this, or you can do it in the facebook app settings), remove the iOS app, then install it and try to connect for 'the first time' again
I have seen many web apps supporting Facebook Connect...
But when i login through those apps sometimes the authentication is successful but nothing is returned to the app and the login page just goes to a blank page in that new windows and stops... The whole process fails... And this has not occurred once but many times...
So my question is:
Is Facebook Connect a good solution to use in apps or should i use something like Google Login or Twitter Login or OpenID or just a simple password based login or all of the things and let users choose what they want?
And if your answer is app the solutions then wont my database become messy and the app slower because it has look for more data now?
I know it depends on various factors but I just want your opinion, what would u choose and why?
Supporting Facebook connect as login function make sense only if your app has something to deal with Facebook (which is the most of our app today ;-)).
The behave of some app when sucessfully Authenticated and then Authorized is up to these app.
FB login give you all the tools to build you own user experience.
The things become a bit more difficult when you want to introduce FBConnect within already existing login base, while you have to find a way to bind the Identified FB user with your user account.