Using Facebook API for FB Login, how is possible to know if the user who authorized my application is the application's admin (owner)?
The old days FB return the real FB user id, so it was easy to compare it. Now it returns a number which is not the real FB profile id.
Thank you
The old days FB return the real FB user id, so it was easy to compare it. Now it returns a number which is not the real FB profile id.
That’s called app-scoped user id.
You will have to use that one to identify users within your app. So you need to get your admin user’s app-scoped id once after logging in as that user, and store it somewhere for future comparison.
There is also the /{app-id}/roles endpoint, which you can use to query which users have which role in your app. But that uses app-scoped user ids as well.
If you have multiple apps connected to a business, you can also use the User Ids For Apps endpoint to be able to match app-scoped user ids across different apps. (You will still have to use the app-scoped id for one of your “main” apps to compare against though; the global user id is not available at all any more via API / to 3rd-party apps.)
Related
We are trying to update Facebook login for a device and found out different uid generated while login via PC browser and device login method. The uid generated by browser can get user feeds, but it return empty for uid generated by device login. Does anyone know why there is different uid for same user?
It's by design so that unrelated apps can't correlate their users.
Straight from the upgrade docs, emphasis mine;
App-scoped User IDs
Facebook will begin to issue app-scoped user IDs when people first log into an instance of your app coded against v2.0 of the API. With app-scoped IDs, the ID for the same user will be different between apps.
No matter what version they originally used to sign up for your app, the ID will remain the same for people who have already logged into your app. This change is backwards-compatible for anyone who has logged into your app at any point in the past.
If you're not mapping IDs across apps, then no code changes should be required. If you need to map the same user IDs across multiple apps or run cross-app promotions, we've added a new API called the Business Mapping API. This lets you map a logged-in user's IDs across apps as long as those apps are all owned by the same business.
I have two facebook apps in the same business.
I want to get same scoped ids for both apps when users are logging in (because I use the same database).
I've read the facebook upgrade guide, but I don't get how to use the token_for_business to get same id when the user is logged.
Graph api returns different tokens for business for every app (which is strange).
The only useful thing so far is the /me/ids_for_business call to get list of the user scoped IDs for every busines..but it only returns them if they were logged at least 1 time..
My second app is new and if user logs in to it (without logging in to the first app) I can't get his first app ID to store and use it.
Thanks
There will always be differend app-scoped user ids per app. That's the whole purpose of them.
Have you followed the steps at
https://developers.facebook.com/docs/apps/business-manager#create-business and/or
https://developers.facebook.com/docs/apps/business-manager#update-business
If so, according to the docs, the field token_for_business of the user should contain
A token that is the same across a business's apps. Access to this token requires that the person be logged into your app. This token will change if the business owning the app changes
I have a website running on my localhost and I want to test the Facebook integration.
I have created 2 Facebook apps, one for the live site, the other one for the localhost site.
They works both, but when I login to the local app, my returned user id is
10204483432301440
When I login to the live app, my returned user id is
1101244663
The weird thing is that both ids brings me to my facebook page:
https://www.facebook.com/10204483432301440 --> sends me to https://www.facebook.com/francesco.eandi
https://www.facebook.com/1101244663 --> sends me to https://www.facebook.com/francesco.eandi as well!
Is it right? So do we have on facebook different user ids?
https://developers.facebook.com/docs/apps/changelog
App-scoped User IDs: To better protect people's information, when people log into a version of your app that has been upgraded to use Graph API v2.0, Facebook will now issue an app-scoped ID rather than that person's orginal ID. However, for users that have previously logged into your app, the user ID will not change.
Btw, if you need to map user IDs between Apps, this may help you: https://developers.facebook.com/docs/apps/for-business
Although i would not use this for dev/live. you can use "Test Apps" for that: https://developers.facebook.com/docs/apps/test-apps
Since the introduction of Graph v2.0, apps are now granted app scoped ids instead of users' real profile ids. What this means is that if I run FB.getLoginStatus, the user id of the logged in user is now the app scoped id rather than the main one.
However, what if I want to work out if a user is an admin of my app? I need to use an app token, and query app/roles. However, the id returned here in the admins section is the actual profile id of the user, not the app scoped id.
My question is - is it even possible to work out if a user is an admin of an app anymore?
A noob question since its my first app to deal with Facebook social sign in. I am developing an app (Flash) which have the ability allow the user to
create normal user account
or
social sign in
The information both store in the same table, but with social sign in off course there is no user password store so i create a account_type which differentiate weather its from the normal user account create or social sign in from Facebook.
Is my appraoch to this correct?
Just wondering what do you need to store in the database in order to authenticate the user, if they come from Facebook social sign in. Because the authentication happen within the Flash application itself rather than going to the server and return result.
So my ulitmate question is what information do i need to store in the database for social sign-in users in order to match with their account and authenticate they are legit user. instead people can just steal email address and access all user's information.
Thanks for any kinda help
The only thing which will identify them uniquely is their Facebook ID. You need to confirm this by requiring them to authenticate, then calling the graph through the ActionScript API to get details of the current user.
Facebook IDs aren't secured in any way (you can look them up with a simple graph call), which is why you need to get the user to authenticate with FB - it's not like ACS, for example, where you set up a relying party and receive a token string that is unique to your application.
After getting the user to authenticate, your code will look something like this:
var auth:FacebookAuthResponse = Facebook.getAuthResponse(); // Gets current authenticated user, or null if no user is authenticated.
var token:String = auth.accessToken; // Access token - only valid for this session, so you can't use this.
var user:String = auth.uid; // Unique identifier of the current authenticated FB user.