I don't use Facebook, so I had to create an account in order to integrate a Facebook Login into our project. I setup the developer account and took down the App Id and App Secret. The response when I try to connect to Facebook currently is:
Can't Load URL: The domain of this URL isn't included in the app's
domains. To be able to load this URL, add all domains and subdomains
of your app to the App Domains field in your app settings.
So I would like to try updating the domains listed. However when I attempted to login I was prompted to provide a picture of myself (which I did) then given this message:
You Can't Log In Right
Now Thanks for sending your photo. We'll get in
touch with you soon after we've reviewed it. Right now, your account
has been disabled as a security precaution.
No timeline, no further information. Any ideas?
Facebook cleared me for access, without notification.
Related
I have a mobile app that allows logging in with facebook, when a user logs in I pull their email from the graph api but I just got a couple of logins with email addresses with #tfbnw.net domains which I guess is for test users while developing on facebook. I didnt generate these so is this someone doing something shady to login to my app or just expected behavior for some users given their settings?
Mobile app coded in react-native, using expo
Those seem to be the internal facebook QA team going through your APPs and manually checking if you're following all facebook's guidelines.
Facebook auditing your app basically.... or at least they did to mine because right after those #tfbnw.net email registrations came in, I checked my facebook app settings and sure enough, I got an alert and an email shortly after. But never received those #tfbnw.net emails before today on any other facebook logins.
I have checked my account and it looks like a generic test user Open Graph Test User gets created automatically, according to which product you enable in your app. It gets created for example, if you enable facebook login or messenger platform.
not something shady IMHO
We are currently adding Facebook integration to our product. I have set up our product as an app in the developer portal and have added myself as an administrator of that app. I am logging in to Facebook using the OAuth functionality for devices i.e. I'm posting to the "https://graph.facebook.com/v2.6/device/login" endpoint.
We specifically want to be able to upload videos using our app. I am therefore requesting the "publish_actions" permissions. Everything seems to work i.e. Facebook provides a device authentication code and I am able to poll until the user has accepted the request to add our app and once that is done, I receive back an access token.
The problem I am having is when I attempt to initiate a video upload by posting to the "https://graph-video.facebook.com/v2…/1533641336884006/videos" endpoint, I receive the error 200: "Subject does not have permission to post videos on this target". I can't find any information about what could be causing this in the developer documentation.
I understand that once the app integration is completed, I need to obtain permission to use "publish_actions" to allow it to work with Facebook accounts that are not administrators of the app, however I am trying to upload a video to my Facebook account, which is the administrator of the app.
It is my understanding that as long as you are the app administrator, Facebook does not need to approve "publish_actions" and I should be able to upload a video to my page. Indeed I need to be able to do this in order to complete the integration.
Can you advise on what might be going wrong?
Many thanks,
Damien
I have a website where users can log in with the Facebook oAuth API.
Once the user logs in or registers via Facebook it is stored in my database.
But what I'd like to achieve is, once the user goes to his Facebook application settings page and removes my website app permissions, the used should also be deleted from my database.
Is there any work around to this problem, if this is not possible via the Facebook oAuth API?
You can add Deauthorise Callback URL by Navigating to Settings > Advanced section of your application. Whenever a User Deauthorises your Facebook app, Facebook performs a HTTP POST of signed request to your URL. You may use the field user_id to determine which User has deauthorised your app.
Actually, I would do the following:
Add a date to his last log in to your site.
Have cron job check for old, unused accounts.
Send an email to the user's email address (or Facebook message mail) telling him his account is due to expire soon.
Delete account from database.
I got my app removed by Facebook last week.
Now I'm trying to build a new one correcting the problems, but I always get an error authenticating the user.
SECURITY WARNING: Sharing the above URL with anyone is the same as
sharing your Facebook password with them - it will give them access to
your Facebook account. Despite what you may have been promised, you
will not receive cash, a gift card, or free airline tickets in
exchange for this URL.
I'm calling the API this way:
https://www.facebook.com/dialog/oauth?
client_id=MY_APP_ID
&display=popup
&redirect_uri=http://www.my-url.com/823/
&scope=user_about_me
My Facebok app config is:
http://i.stack.imgur.com/s9WSW.png
I'm trying to use the same domain used in that removed app.
Does Facebook has a domain blacklist? I can't create a new app with that domain anymore (in the example "www.my-url.com/823/")?
Or am I just missing something in the settings?
Yes , they probably block all the information related to your App and website.
I know that facebook allow me to specify multiple domains for my app.
But in the "Website with Facebook Login" i can only specify one url.
Is it possible for me, to authenticate users on domain.se, domain.dk and domain.net with the same App ? Or should i still create one app, for each domain ?
It is technically possible to use Facebook Connect on multiple domains, there are some limits (5 domains max).
So the key to doing this is adding all domains in the App Domain field under your app settings.
The PROBLEM, however, is that Facebook only lets you add domains that are derived from your Canvas URL or Site or Page tag URLs, so if you try to enter anything else you get an error that looks like this:
The SOLUTION is to create App on Facebook, Website, and Facebook Tab using the ADD PLATFORM button and then put in URLs that point to your other domains. Here is an example of what I mean:
If you use a unique domain for each field you can max out with 5 different domains. I have tested this technique with up to 3 domains, but i think it should work for all 5.
Note: Facebook admin features change from time to time, so all of this is subject to change
As long as you listed all the desired App Domains in application settings you should be able to authenticate users on any of them.
"Website with Facebook Login" is really only intended to be used as link to your site/application.
Update 2 (July 2016):
App domains must match the domain of the Secure Canvas URL, Mobile Site URL, Unity Binary URL, Site URL or Secure Page Tab URL.
Update (December 2013):
At the time of writing original answer it was possible to list any domains in application settings but from that time the UI of Application Settings (as well as way of handling Application Domains) changed at least couple of times, at some point you could only list domains that derive from one of application's canvas pages.
As of December 2013 it is possible (again) to list domains that do not derive from application canvas URL.
Assuming your domains are being served by the same web server and you have access to that web server, you can use the manual login procedure: https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow to login from as many domains as you wish.
Assume your domains are site1.com,site2.com.... Instead of using the Facebook javascript API, you will simply place a plain old Log In with Facebook button on each site which will redirect the browser to the facebook login page as described in the above article. In the state variable you can specify a code which indicates which of your sites is requesting a login. In the redirect you will use a single service domain which you assign to your web server (e.g. fb.mywebserver.com) and which you specify as the verified redirect url in the facebook login settings page. All the sites will redirect to this same url, avoiding the problem of supporting multiple domains.
Once the user has logged in, the browser will redirect to fb.mywebserver.com and pass it the state, which tells you which site is requesting login and a code which you can use on the back end to retrieve the user's info using the Facebook graph apis. You store this info with a uid in your data store then using the info in state, you redirect to to the appropriate site including a parameter that indicates a Facebook login (e.g. site1.com?fbc={some uid}). The browser will obediently then call site1.com?fbc... Your web server will receive this request and detect the fbc parameter which tells it to associate the corresponding Facebook logged in user with this site. It can then retrieve the logged in users info using the uid and, for example, return a session cookie for this user along with the page. If you generate the page on the server you can, of course, also include a welcome "user" or alternatively, your client code can do an ajax call to retrieve that information.
From the user's standpoint they press the Login with Facebook button, are redirected to a Facebook login page where they login and then are redirected back to your site in a logged in state. Not quite as nice as having the login popup but likely acceptable.
A similar process can be used for google logins as well
Best thing I've found to do in the development/production scenario is add a "Test App", then add a platform for your development web site - as you have to provide where the "page tab url" lives if you use that as a platform.
Facebook requires your "page url" to be live / accessible if you need to apply for status or permission review.
This got me around the "login in development" / "login in production" scenario.