We have an FB.login call like this:
FB.login(function (response) {
if (response.status === 'connected') {
responseFunction(response.authResponse.userID);
} else {
responseFunction(null);
}
}, { scope: requiredPermissions.concat(optionalPermissions).join(','), return_scopes: true });
It properly detects a canceled login if the user didn't connect to the app yet. However, if the user is already connected when they cancel the login, response looks like this:
authResponse: {
accessToken: "token",
data_access_expiration_time: 1560437437,
expiresIn: 86963,
reauthorize_required_in: 7776000,
signedRequest: "bababa",
userID: "userid"
},
status: "connected"
Almost exactly like a successful login response. Luckily, there is also a grantedScopes field in the response if the login has been finished properly (because of a return_scopes option). However, using it to distinguish between the 2 seems unreliable and hacky.
Is there a better way?
Thank you in advance!
Update:
Why not use FB.getLoginStatus instead?
For the context: in my case, FB.login is used to be granted access to the user's pages. It is not used to log them into the app, per se.
I'll be happy if someone points at a mistake in my reasoning. Here it is:
Calling FB.login right after FB.getLoginStatus is unreliable due to the modal block in browsers. FB.login needs to be called synchronously within a click handler.
FB.getLoginStatus result may and will expire if called before showing the button calling FB.login. A user may and will spend a lot of time on this particular page before clicking the button.
That's why the button click handler immediately calls FB.login. It helps avoid both of the mentioned issues.
I ended up using the presence of grantedScopes in response as an indicator of a complete login.
Related
I am currently developing an app on Android using phonegap and would like to use Facebook in the app. I have created an app on Facebook called say "Test". When I am not logged into "Test" but I am logged into Facebook (Facebook app on the Android device) and run the getLoginStatus() function I get a response of unknown instead of not_authorized. Thus my first question is this intended? Am I meant to get a response of unknown or is this an error from phonegap and I'm meant to get a response of not_authorized.
The second question is, when I login into the Facebook app called "test" everything runs as it should (Facebook user gets registered for "test"). When I call the getLoginStatus() function it works perfectly fine and says I'm connected with no problems.
BUT
If I go into Facebook and remove the app "test" from my FB account and then run the android app again and run the getLoginStatus() function is STILL says that I have the app "test" registered to my Facebook account but this is no the case!! Note that I do in the code make sure that I call the server every time instead of using a cached result by the JS SDK. Now my Second question is. Is this meant to happen? Or if not is it a Facebook or Phonegap problem (Phonegap either keeps getting the cached response or Facebook doesn't update their side quick enough?)
Here is code:
function getLoginStatus()
{
FB.getLoginStatus(function(response)
{
alert(JSON.stringify(response));
alert(response.status);
if (response.status == 'connected')
{
alert('logged in');
FB.api('/me',function (response) {
if (response.error)
{
alert('There is an error');
}
else
{
alert(response.name);
}
});
}
else
{
alert('not logged in');
}
},true);
}
Any response would really really be appreciated!!
When I am not logged into "Test" but I am logged into Facebook (Facebook app on the Android device) and run the getLoginStatus() function I get a response of unknown instead of not_authorized.
not_authorized: You get not_authorized when the user is logged into facebook but has not authorized your app. If you transfer the guy to facebook homepage, he enters username and password and cancels authorization, thereafter you get not authorized. IF the guy is logged into facebook,and your app hasn't transferred him to fb to authorize yet, you still get not authorized
https://developers.facebook.com/docs/reference/javascript/FB.getLoginStatus/
unknown: If the user is not logged into facebook, you get a status of unknown.
So logged in, not authorized : not_authorized
Not Logged in: unknown
If I go into Facebook and remove the app "test" from my FB account
I am guessing it takes a while for these changes to propogate. If the user has authorized the app in the current context, it will stay authorized for a while(or until he logs off). I don't think there's anything wrong with this personally
This is not a phonegap issue. unknown is one of the valid responses from the getLoginStatus function. See the facebook API documentation for information about this funciton. There, they describe the unknown response as:
the user is not logged into Facebook at this time and so we don't know if they've authenticated your application or not (unknown)
As to your second question, the problem you are seeing is because by default, the getLoginStatus function caches its response for performance reasons. However, they provide you with a way to force a refresh of the status. You can do this by passing a second parameter, Force into getLoginStatus.
FB.getLoginStatus(function(response) {
// this will be called when the roundtrip to Facebook has completed
}, true); // The second parameter, called 'force' by default is False. True signifies that you want to force a call to the server so you can see the latest login status.
You can read more about that Force parameter by looking at the above API documentation link and searching for the 'Force' parameter.
By the way, I had temporarily deleted the answer as I had answered without knowing how to respond to the second question, but undeleted it after finding out the reason behind your issue.
I'm using the following code to subscribe to fb login and logout events.
FB.Event.subscribe('auth.logout', function(response) {
RefreshPageOnFBStatusChange(response);
});
FB.Event.subscribe('auth.login', function(response) {
RefreshPageOnFBStatusChange(response);
});
function RefreshPageOnFBStatusChange(response)
{
alert(response.status);
}
I want to redirect users to different pages when they are logged in or logged out. The function I'm using here gets called only during the actual page load, and never after that. I have a fb-like, fb-share and live stream plugin on a page. When I login and logout of live stream, nothing happens. Help!
Please modify your question and provide all FB-related code.
This may answer you question:
Facebook FB.Event.subscribe event does not fire:(
For User Status you can use if(FB._userStatus == "connected"){} to check user is login or not And for Logout & login you can use following simple code
FB.logout(function(response) { window.location = redriect_uri;
});
It seems like these events don't fire when you use the live chat plugin because it has its own way of handling the login and logout. What I had to do to solve this problem was to set a timeout of 5 seconds and call a javascript function that did a FB.GetLoginStatus, and based on what it was I would refresh the page. Not the best way of doing it, but I was left with no choice.
We have a requirement on our site which forces a user to like a fan page before they can proceed on our site. Since Facebook requires a user to allow access via an app for this type of data, we have an initial call to FB.getLoginStatus which sends the user down three paths, based on the 3 responses (unknown, not connected, connected). Our problem exists in the "unknown" branch. This initial call to FB.getLoginStatus works fine for everyone, if the user is unknown (logged out) we show them the Like Box social widget, then the user clicks on it and logs in (thus liking the page), and then we use the callback of FB.Event.Subscribe('edge.create') to run FB.getLoginStatus again (to check if the user was simply logged out but has previously allowed our app). At that point, if the user previously allowed our app, we allow them to continue, if not we show them an "allow" button and on that user interaction and callback we allow the user to continue. This logic flow works for a hand full of people, including a few of the administrators listed for the app, but not the majority of users. On the second call to FB.getLoginStatus we are using the second parameter "force=true". Can anyone give insight into this behavior and/or point to a thread with a similar glitch? Thanks in advance, this one is a head scratcher!
FB.getLoginStatus(function(response) {
if (response.status === 'connected') {
} else if (response.status === 'not_authorized') {
} else {
}
}, {force: 'true'});
I am using FB's Javascript SDK using the login-button:
<fb:login-button onlogin="onFBLogin();">
How can I detect within onFBLogin() if the user did log in successfully ? Currently it is called everytime, no matter what the user chooses.
Thanks,
Meir
I think the first parameter passed into onFBLogin() is going to be either a response or a session object. So check to see what the value of response or response.session is.
Also, have you played around with FBJS's login event handling?
If using FB.login:
FB.login(function(response) {
if (response.session) {
// user successfully logged in
} else {
// user cancelled login
}
});
But since you're using an fb:login button, you can try to subscribe to the login event:
FB.Event.subscribe('auth.login', function(response) {
// do something with response.session
});
I haven't tried this myself via fb:login button, but hopefully this will get you on the right track.
UPDATED TO BE MORE CLEAR (hopefully :)):
Related to this page, specifically the SSO section: http://developers.facebook.com/docs/authentication/
You've got the option Facebook says to use either that facebook connect button (whatever connect means nowdays with Facebook is a grey fog to me now) or just roll your own image as a button and on click call FB.Login().
So I tried the facebook button route which lead me to a complete brick wall. I mean I can get it working, auth, login, all that but I have no clue how to pass extended permissions through this entire process with the button:
window.fbAsyncInit = function () {
FB.init({ appId: facebookApplicationID, status: true, cookie: true, xfbml: true });
FB.Event.subscribe('auth.sessionChange', function (response) {
...rest of code
Ok, how do I attach extended permissions to this call? Of course you can do it easily if using Login() but why doesn't facebook show any examples or state whether the perms parameter exists in terms of placing it somewhere in this process of using that button!
related links: http://forum.developers.facebook.com/viewtopic.php?pid=248096#p248096
I don't even know why they have that button in here when it looks to me like most everyone is just simply calling Login() inside the Init. I assume then calling Login() still manages the SSO in terms of cookie, etc.?
Is anyone using this button or are you just going with FB.Login() ?
I'm running this in an iframe on our own hosted website...not embedding code into the facebook site itself (which I believe is called canvas right?).
RTFM. Yes, I mean friendly.
Right below the Single Sign-on section is the Account Registration Data section and I've copy-pasted this from there.
<fb:login-button perms="email,user_birthday"></fb:login-button>
Not exactly sure what you are trying to accomplish here. If you want to get information about your user or take actions on their behalf on Facebook, you need the user to tell Facebook it's okay to do so (this only needs to happen once) which is why you need to you call FB.login as described here: http://developers.facebook.com/docs/reference/javascript/FB.login.
FB.login(function(response) {
if (response.session) {
if (response.perms) {
// user is logged in and granted some permissions.
// perms is a comma separated list of granted permissions
} else {
// user is logged in, but did not grant any permissions
}
} else {
// user is not logged in
}
}, {perms:'read_stream,publish_stream,offline_access'});
They need to enter in their password to prove it's really them to authorize your app. If you need extended permissions, the second parameter in FB.login allows you to do this.
If the user is already logged in to Facebook (for example in another tab) then there's no need to log in and the login screen should be skipped. If the user is both logged in an has already authorized your app then there's no need to call FB.login.
You check check the user's login status (and permissions) with FB.getLoginStatus: http://developers.facebook.com/docs/reference/javascript/FB.getLoginStatus before deciding whether or not to call FB.login.