I'm trying to authenticate users with Apple on the web (which is required as we also have an iOS app and have a Login with Facebook option and we have to bring Sign in with Apple too otherwise Apple rejects our app updates on iOS side) and here is my meta tags (with sensitive info redacted) as in Apple's example:
<meta name="appleid-signin-client-id" content="com.myapp">
<meta name="appleid-signin-scope" content="name email">
<meta name="appleid-signin-redirect-uri" content="https://my.return.url">
<meta name="appleid-signin-state" content="x login">
<meta name="appleid-signin-nonce" content="some number">
<meta name="appleid-signin-use-popup" content="false">
When the user taps the button it asks for sharing a name and/or email correctly:
I proceed, and my redirect URL is called as expected. However, when I decode the returned id_token I see only email and email_verified fields in addition to the JWT-related fields. I don't have anything related to the user's name. I know that the name field is populated only on the first auth so this is after a fresh login after removing my app from my Apple ID from the "Apps & Websites using Apple ID" page. If I change appleid-signin-scope on meta tags to name I don't get an email either, so that value is somehow being respected. I also haven't touched anything regarding the name field as in the screenshot (I could proceed by Touch ID without even clicking anything) yet the id_token can only have email, not name. I need to get users' names in addition to email in order to finish registration, and I'm forced to add Sign-in with the Apple option to push any updates to my iOS app. Many people have reported that they get the name only the first time (as clearly stated by Apple), but I'm not getting it even on the first time.
What am I doing wrong?
Unfortunately, it seems this isn't possible. However the name is returned as JSON in the response body from the "authorization" endpoint along with the id token. This is only available the first time a user signs in, when they give consent for your application to access their name and email address, not on subsequent sign-ins.
Apple documentation - Retrieve the User’s Information
If you request the user’s full name, Sign in with Apple collects the information to pass along to your app. The name defaults to the user’s name from their Apple ID, but the user can change their name. The modified name is only shared with your app and not with Apple, and hence isn’t included in the ID token.
Response from "https://appleid.apple.com/auth/authorize" including "user" object:
{
"code": "AUTH_CODE",
"id_token": "ID_TOKEN",
"user": {
"name": {
"firstName": "Jeb",
"lastName": "Kerman"
},
"email": "jeb.kerman#apple.com"
}
}
Apple documentation - Handle authorization Response
The code needs to request the UserI property, as specified in the Sign in with Apple API documentation.
Sample:
<meta name="appleid-signin-client-id" content="com.myapp">
<meta name="appleid-signin-scope" content="UserI">
<meta name="appleid-signin-redirect-uri" content="https://my.return.url">
<meta name="appleid-signin-state" content="x login">
<meta name="appleid-signin-nonce" content="some number">
<meta name="appleid-signin-use-popup" content="false">
Related
I have an access token with the manage_pages scope. Using this token, I call the endpoint specified here (GET /{page-id}/photos?type=uploaded).
The result is for some reason lacking all attributes except id and created_time. This is a part of the response:
"data": [
{
"created_time": "2018-10-30T18:12:31+0000",
"id": "1172525292900120"
},
{
"created_time": "2018-10-30T18:10:08+0000",
"id": "1172524459566870"
}
]
The docs says that data should contain "A list of Photo nodes". Looking at the photo node docs, it seems they have exactly what you'd expect.
My app does not have the permission Page Public Content Access yet. But according to their App Review section, it isn't needed for accessing my own page's content. And then again, I wouldn't even be able to get a list of photos if I didn't have access to the page.
While you are testing your app and before you submit it for review, your app can only access content on a Page for which the following is true: The person who holds the admin role for the Page also holds an admin, developer, or tester role on the app.
Why am I missing some attributes in the Photo nodes?
I had to specify which fields to retrieve like this: GET /{page-id}/photos?type=uploaded&fields=images.
I'm tearing my hair out here.
We've got a web app that is hosted on a bunch of different domains and we have a facebook login on the page. This works just peachy. Most of them run of our root domain eg newsite.ourplatform.com and we reuse the same facebook app and add a new domain in.
We've had a request to set up a new site on a different url. In the past, this hasn't really been a problem. We set up a new facebook app, add the appid to out config and voila, facebook login working. (we don't do this so often, so I've potentially broken it)
This time around. I've set up a new app id and plugged it in, but whenever I call the facebook login, it authenticates me, but I get a useless response from facebook.
eg. On a working site I call
FB.api("/me/", function(response){console.log(JSON.stringify(response));});
and get response
"{id":"12345678910","email":"my#email.com","first_name":"My Name","gender":"male","last_name":"Myname","link":"https://www.facebook.com/app_scoped_user_id/12345678910/","locale":"en_GB","name":"My Name","timezone":10,"updated_time":"2014-01-19T10:44:20+0000","verified":true}
but on the broken site I do the same call and get a response
{"name":"MyName","id":"12345678910"}
Which is sort of good, but I need their email. As far as I can tell, I'm not asking for any permissions beyond email,public_profile and user_friends
Because of the way the app setup works, we have different apps running 2.1, 2.2 and 2.4 and this new one on 2.4 doesn't work. I'm not sure if that's a red herring or if I've got a misconfigured facebook app.
(edit - removed the sites affected to protect the innocent)
As #CBroe said you really need to checkout the v2.4 changelog for the API. In version 2.4 of the API Facebook introduced 'declarative fields'. This means that when you make a base request, like to /me you will only get a small amount of info back, e.g. 'name' and 'id'.
You have two options to get more fields:
Option One
FB.api('/me?fields=first_name,last_name,gender', function(response) {
console.log(response)
});
Option Two
FB.api('/me', function(response) {
console.log(response)
}, {'fields': 'first_name, last_name, gender'})
This will return a response that looks like the following:
{"first_name":"First", "last_name":"Last", "gender":"gender", "id":"ID"}
The key in the request above is specifying the fields URL parameter in your request and is documented in the link #CBroe linked and I have linked above.
I am working on a Joomla site and using myApi to handle most facebook integrations. The like button is working fine and picking up information from the og meta tags inserted by myApi.
On the website, the user can login using facebook - I have added the publish_actions permission to the myApi code, and I know this is being requested because when authorising the app, the oauth dialog says that actions like ordering from restaurants (the action i added to my fb app) will be posted to the timeline.
now, while ordering, I check whether the user has an entry in the myApi user table and if so, I provide a checkbox that lets the customer choose whether she wants the order action posted to her timeline. if ticked, I then use curl to try and post the order action to facebook. I have been using my account to test - I have authorised the app with all permissions requested. I use the myApi interface to get my user access token. I am adding the access_token and object url to the url as querystring parameters and then posting to it through curl.
The curl response I get is:
<HTML><HEAD>
<TITLE>400 Bad Request</TITLE>
</HEAD><BODY>
<H1>Method Not Implemented</H1>
Invalid method in request<P>
</BODY></HTML>
the response I get when going to the generated url in my browser is
{
"data": [
],
"paging":{
"next": "https://graph.facebook.com/me/og_collegekhana:order_from?restaurant=http\u00253A\u00252F\u00252Fwww.collegekhana.com\u00252Fstates\u00252Ftamil-nadu\u00252Fcampus-1\u00252Feat-1&access_token=[the token I got]&offset=25&limit=25"
}
}
I checked the object id of the url using
https://graph.facebook.com/?ids=http://www.collegekhana.com/states/tamil-nadu/campus-1/eat-1
I am not getting an object id. instead I get
{
"http://www.collegekhana.com/states/tamil-nadu/campus-1/eat-1": {
"id": "http://www.collegekhana.com/states/tamil-nadu/campus-1/eat-1"
}
}
I am completely lost and hope someone can tell me what I am doing wrong.
The problem was that instead of doing a cURL POST, one has to add the querystring parameter
method=post to the URL.
So a few months ago my facebook app worked, and now I get a:
{ "error": { "type": "OAuthException", "message": "Invalid redirect_uri: Given URL is not allowed by the Application configuration." }
So I googled about that, and read that the cause might be that I didn't specify a site domain in the app settings. So I did that, but Facebook told me that this won't work unless I also specified a website or mobile device adress. But up to now I had this just set as App and neither Website nor mobile thingy. So now I also have to check "website" in addition to "application?" This is confusing.
Anyway, so I thought "whatever" and set it also as website in the app settings. But I still get the same error.
I read something about a channel file? So I have to create one of those or something?
I'm lost and thankful for any advice.
This error is almost always when you're trying to redirect the user to a URL other than your app or website, check that you're actually redirecting them to the correct place
I don't use Facebook, so at a bit of a loss here, as the API documentation doesn't quite answer this, perhaps someone here knows...
Looking at building a Facebook app to assist publishing from a content-driven web app. Obviously we need authorisation via OAuth to publish an app link to a facebook user's wall, but is authorization for everyone viewing the app within Facebook required? We have no interest in making use of the viewer's facebook data, we just want to show them a page.
If they have to authorise the app, then that's a bit of a barrier - but it's not clear if they can just view the app without anything getting in the way.
"is authorization for everyone viewing the app within Facebook required?"
If you mean having your app post a link to their wall, then yes, you will need to ask for their permission to do so. If you mean can other friends can see the post made by your app to an authorized user's feed? No the friends do not need to authorize your app to do that.
But remember Facebook now has the ability for you to specify which groups can see the post. See https://developers.facebook.com/docs/reference/api/user/#posts and read about the privacy field.
Yes, you can show app without any authentication. If you want user to share content then you can do it like this. Code is few months old, so I don't know if that works.
You cannot set custom text/message for the user. This will display popup window where user must confirm sharing/posting to wall.
<div id="fb-root"></div>
<script src='http://connect.facebook.net/en_US/all.js'></script>
<script type="text/javascript">
FB.init({appId: 'APP_ID', status: true, cookie: true});
function share(object) {
var obj = {
method: 'feed',
link: 'http://apps.facebook.com/your_app_url/',
picture: object.picture,
name: object.name,
caption: object.caption,
description: object.description,
action_links: [
{ text: 'My Cool App', href: 'http://apps.facebook.com/your_app_url/' }
]
};
function callback(response) {
}
FB.ui(obj, callback);
}
</script>
If you're doing a canvas app, you don't need to. You get this generic information in the initial HTTP post:
user A JSON array containing the locale string, country string and the age object (containing the min and max numbers of the age range) for the current user.
algorithm A JSON string containing the mechanism used to sign the request.
issued_at A JSON number containing the Unix timestamp when the request was signed.
You get no actual information about the user, though. You need to authenticate to get that.