I'm currently building out an API in Python Flask and am working on my authentication layer. Everything seems to be working aside from my request to retrieve an access token from Facebook's API.
I'm redirecting to https://graph.facebook.com/oauth/authorize after my own authorize endpoint is hit and the response is HTML. On browser, this obviously works, but since my intention is to use this API as the backend of an IOS app, I'm looking for an endpoint that returns the url, rather than the html, of the facebook login. Is there another endpoint I should be using?
Any help would be greatly appreciated.
Thanks,
Chris
Okay, nevermind, I realized that I was redirecting my API to the authorization URL when I should be returning the URL so that the user on the client side can then be redirected there.
Related
I managed to develop a Azure Mobile Service and an iOS application which connects to my service using Facebook authentication. Everything works perfectly fine from the app.
Now I'm trying to access my mobile service from a regular HTTP REST client and I'm hitting authentication issues. I tried to get the authentication code from FB and set the code in X-ZUMO-AUTH header but this does not help. I still get the "Authorization has been denied for this request" error.
I would really appreciate if someone could point to the right direction on how to mimic the access to the mobile service just like the iOS app is doing it.
Thanks,
Ruben
The token you must supply as the 'X-ZUMO-AUTH' is not the access token that facebook send back to you; it is the token that your mobile service backend send back to you.
In order to get a valid token, access the following url in your browser 'https://mymobileserviceurl/login/facebook'. Then fill your facebook infos and you should be redirected to a page which url looks like 'https://mymobileserviceurl/login/done......'. This url contains a 'authenticationToken' parameter. This is the value you have to paste in your 'X-ZUMO-AUTH' header. (should begin with 'ey' and avoid copying ASCII chars)
In your application, in order to get the right token, you should call MobileServiceClient.LoginAsync.
im a newbie in graph facebook api. I try to get MY_VERIFICATION_CODE by send http request:
link1: https://facebook.com/dialog/oauth?client_id=APP_ID&redirect_uri=https://www.facebook.com/connect/login_success.html
and then Facebook will redirect to http://www.facebook.com/connect/login_success.html? code=MY_VERIFICATION_CODE
but I cant get code from response. I copy link1 to chrome, it redirects to url with a code appended as parameter, but this url stays just for seconds and then it changes to this: https://www.facebook.com/connect/blank.html#=
My question is how to read the code from the redirected uri in a java desktop application?
It's all described in the docs at
https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/v2.3#login
Quote:
When using a desktop app and logging in, Facebook redirects people to the redirect_uri mentioned above and places an access token along with some other metadata (such as token expiry time) in the URI fragment:
https://www.facebook.com/connect/login_success.html#access_token=ACCESS_TOKEN...
Your app needs to detect this redirect and then read the access token out of the URI using the mechanisms provided by the OS and development framework you are using. You can then skip straight to the Inspecting access tokens step.
We have an fb canvas made from .net mvc that works well via desktop but it doesn't work well in mobile app. We send request then if someone on fb mobile tap on request and opens up the web app, the signed_request returned is different than the desktop counterpart. The payload is missing and it seems shorter than the desktop's. I'm trying to read it as "code" and try getting auth token via https://graph.facebook.com/oauth/access_token?client_id=xxxx&code=[code]&redirect_uri=???. The problem with this is I don't know what the redirect_uri supplied or maybe it's not a code.
Can you guys help me with this or there's no other way but once they click request via mobile app we have them relogin in our web app to grab their fbuserid? And if there's another approach in handling mobile app requests.
Mobile Web URL and the signed_request
This is already outdated so maybe there's a solution already.
Thank you
I'll answer my own question. What you can do is add an extra authorization in your login flow when then access your canvas url via facebook mobile app. You send them to
https://graph.facebook.com/oauth/authorize?client_id=
passing the redirect uri and scope then grab the new generated "code" param and grab the aut token via graph api. Then you can access their facebook detail as you would normally. I've read answers like there's no signed request in mobile web and approach it differently without stating what that approach is. Hope someone can be helped by this answer.
Thanks
I am building a SPA (Single-page application) that is going to consume and REST API. My application will use the facebook login.
Just to clarify my ideas:
I will use Facebook SDK (javascript) to authenticate my new user. Facebook will give me an access token. This will run on client side.
Now, i will make a request to my REST API. Do i need to pass the access token to the REST API? DO i need to verify always to see if the user is logged?
I know it is a newbie question..
As long as you are using the JavaScript SDK (and FB.login), you donĀ“t need to worry about the Access Token - at least not in most cases.
You can verify if a user is authorized already by using FB.getLoginStatus on page load.
TL;DR version:
Can you authenticate with Facebook without having a callback URL for a web application since the web application isn't actually running on a server.
Full explanation:
I'm working on building a connectedTV platform application where the "app" itself is a bunch of HTML/JS/CSS running locally (like File -> Open on your desktop browser) and I'd like to integrate Facebook into this.
The problem is that all of Facebook's OAuth calls for the web require you to have a callback URL to redirect the user to in order to complete authentication. Here's the gotcha -- there is no URL for this application -- it's a locally running webpage on the device.
I know this is what out-of-band authentication was designed for, but I can't seem to find any documentation on how to use this (or how to do a non-callback OAuth flow) with the Facebook OAuth system.
You're describing desktop authentication or any situation where you are authenticating to FB without a server. The redirect URL you pass to the OAuth dialog is https://www.facebook.com/connect/login_success.html When the browser redirects you can get the access token. You can read all about it in the FB documentation, way at the bottom in the Desktop Apps section (https://developers.facebook.com/docs/authentication/)
Just reread your question and since the application runs inside a browser you will need to open another window to authenticate and get the access token from that.
If you're doing HTML/Javascript, use their Javascript SDK. You can log the guy in simply by using FB.login and getting the access token from the callback from that.
I really don't think this is directly possible. Unless there is something totally undocumented, Facebook has no mechanism to send authentication data except by loading a url. I'm sure it's meant at least partly as a security measure, functioning as sort of a "whitelist" of where auth data will be sent.
The only way I can think of for you to work around it might be to set up a url on a server somewhere that could answer the redirect and store the auth data, and have your client-side code poll that server to get it. Kind of a proxy authentication service, in effect. You would probably have to open a second browser window with the Facebook auth screen in it, but in theory it could work.