My website is using facebook auth to register and login with 'user_link' permission. The url given by fb is something like "https://www.facebook.com/app_scoped_user_id/YXNpZADpBWEhxcDBRa29....."
The problem is that the url redirects to the user's profile, when the user is my friend in facebook. In other situations the url shows an error message.
I create a competition and want user verify that users whom take part in the competition. How I can redirect users to real profile in the social network?
Related
I use OAuth2 login through the Facebook social network for users on the website.
Is it still possible to get the certain user's Facebook profile URL after login(for example by accessToken) or Facebook hides this information right now(after incidents with data leaks) and it is impossible?
It is, if the user grants permission.
You need to ask for user_link permission on login, and then you can request the link field of the user object – that will return a URL that can be used in a browser, to redirect to the actual profile.
This URL contains some form of token, and likely has limited validity - so you should not store those for long-term use, but rather request a “fresh” one when it is needed.
https://developers.facebook.com/docs/facebook-login/permissions#reference-user_link
I and a friend are developing an app and would like to use Facebook as a way of users having their own accounts without us having to ask them to store passwords or make users for security and ease of use.
Passport.js has a facebook plugin but it talks about a redirect URL so my question is: is it actually possible to just send information like email address and password to facebook for authorisation and return the users profile without actually redirecting the user to a facebook login page.
I don't see how i could redirect the user to a facebook login while inside my app and also what on earth would i put as the callback URL? Am i just trying to use passport-facebook in the wrong way?
is it actually possible to just send information like email address and password to facebook for authorisation
No. Users are strongly discouraged from giving this information to any 3rd party app, and you are not allowed to ask users for them.
Login with username/email and password happens on Facebook, not in your app. You will get feedback from the login endpoint then that they logged in successfully.
Well i want to allow Facebook login on my site. I have created the API and user's can login to the website. But for the first time a pop up comes to the users asking for Permission.
https://developers.facebook.com/docs/concepts/login/login-architecture/
Can i just skip the users from this permission page and directly logs them in.
Thanks
Any person must accept the basic permission for getting their Facebook profile data for use in your website
what I need: upload photos to user's fan page as a page, using an app for that
what I have: my website which does uploading, and a user, who created fan page and application, and that app's id and secret
what I do:
call FB.init() with that appId
call FB.login() with manage_pages,publish_stream permissions - this prompts FB login popup where user is asked to login and then to authenticate the app. As the result I get app access token.
Send request to https://graph.facebook.com/oauth/access_token?client_id=APP_ID&client_secret=APP_SECRET&grant_type=fb_exchange_token&fb_exchange_token=TOKEN_FROM_ABOVE to get extended app token valid for 2 months (and therefore page tokens will be extended as well as described here)
Send request to https://graph.facebook.com/me/accounts?access_token=TOKEN_FROM_ABOVE to get a list of pages user manages, and let user to choose the page he wants to publish to.
That gives me PAGE access token I can use to publish photos to user's FAN page using /albumId/photos/ API call.
what is the problem:
the "via" link in the photo redirects user to MY website (where user has authenticated his app to upload to his page):
that is because I had to ask user to enter my website's URL in app settings, otherwise Facebook login dialog will complain:
SO MY QUESTIONS ARE:
Am I doing this right? am I missing something probably?
If I am - then how can I get that "via" link to link to user's website?
Thank you.
how can I get that "via" link to link to user's website?
Not at all, because this always links to the app that was used making a post/upload.
What you could try though is having your website redirect when a user is coming to your site from Facebook. Which post/feed story the user is coming from should be passed to your site as parameters; then you’d only have to figure out which user made that post (look it up in your database), and redirect to their homepage.
I ended up adding client's website URL as a query string parameter into "Site URL" field in the application settings - and then I need to modify my site's backend to do redirects:
http://mysite.com/?redirect=http://client-site.com
The authorization section of this page developers.facebook.com / docs / api contains a good description on how to perform authentication for a user agains my Facebook app. However, in my scenario I cannot get it to work the way I want. Here is how it is supposed to work:
User comes to my login page and clicks a "Sign in with Facebook" link.
User gets redirected to graph.facebook.com / oauth /authorize?[some params] and authorizes my Facebook app to access his/her data. Facebook redirects back to my site.
My site checks the Code parameter, calls Facebook to replace it for an access token, and then lets the user connect his/her account on my site with the account on Facebook. The access token is saved on the user account on my site.
The next time user arrives at my site and want to login, he/she should be able to click the same "Sign in with Facebook" link and directly get signed in with the site account (assuming he/she is still logged into Facebook)
Problem: Each time the code (from graph.facebook.com / oauth/authorize) is replaced for an access token, the token is changed. Since that token is used to look up the user in my site database, the matching failes.
My question is now: How do I solve this problem? Can the Code parameter from graph.facebook.com /oauth/authorize be saved and used over and over again to look up user? Or is there another way to do this? I really would prefer NOT using the Javascript API since it gives me lots of other troubles.
[Sorry about the links, I am a new user and not allowed to post more than one link]
Ah, I solved it: After I got the access_token I just call graph.facebook.com/me to get the id of the user. This is saved to my database. Next time I match against that id.