I am implementing a facebook login, and would want to store the fb data of the user. I just want to be able to check facebook profiles of users, i thought of storing the fb_id rathen than the fb_username, because I assume the username could be changed. If I store the fb_id, how can I pull up facebook profiles by id
Related
Using Facebook API for FB Login, how is possible to know if the user who authorized my application is the application's admin (owner)?
The old days FB return the real FB user id, so it was easy to compare it. Now it returns a number which is not the real FB profile id.
Thank you
The old days FB return the real FB user id, so it was easy to compare it. Now it returns a number which is not the real FB profile id.
That’s called app-scoped user id.
You will have to use that one to identify users within your app. So you need to get your admin user’s app-scoped id once after logging in as that user, and store it somewhere for future comparison.
There is also the /{app-id}/roles endpoint, which you can use to query which users have which role in your app. But that uses app-scoped user ids as well.
If you have multiple apps connected to a business, you can also use the User Ids For Apps endpoint to be able to match app-scoped user ids across different apps. (You will still have to use the app-scoped id for one of your “main” apps to compare against though; the global user id is not available at all any more via API / to 3rd-party apps.)
Just curious,
In case I want to make application using API for login(i.e Facebook of Google+)
What user's unique key do I stored in my database? Do my apps have same user's unique key as them(Facebook or google+), or they generate a new unique key for my user when sign in my apps? And what type of data is it?
Do I duplicate user's information into my database or keep accessing user's information from Facebook or Google+? Like do I have to create table for user's name, gender, birthday,etc and register user's information once user login to my apps or straight access it from Facebook or Google+ every time my apps needs it?
Is it really safe for user to using login with API? Can someone using API to get user's email and password, or make post in user's Facebook or Google+ that user don't want to post, or hijack user's account?
This might be common case, but I have no experience in using API so I have no idea about that.
What user's unique key do I stored in my database? Do my apps have same user's unique key as them(Facebook or google+), or they generate a new unique key for my user when sign in my apps? And what type of data is it?
When you use Google or Facbook signin you really only need to store the information that they return to you.
LoginProvider ProviderKey ProviderDisplayName UserId
_____________________________________________________________________
Facebook 1969950809700159 Facebook 21248583
Google 117200475532672775346 Google 21248582
User Id is the users id from my user table. Where i store there user information my system needs ProviderKey is the users Id on the login providers system.
Do I duplicate user's information into my database or keep accessing user's information from Facebook or Google+? Like do I have to create table for user's name, gender, birthday,etc and register user's information once user login to my apps or straight access it from Facebook or Google+ every time my apps needs it?
You can duplicate some of it when the user creates or links their account to your system but i wouldn't automatically update it without informing the user you are doing so. Some users dont realize how much information you have access to via linking to social media accounts.
Is it really safe for user to using login with API? Can someone using API to get user's email and password, or make post in user's Facebook or Google+ that user don't want to post, or hijack user's account?
I think you are confusing identity for Authentication. Using Oauth2 you request a user to grant you access to see there data though an api this is authorization. If you are using Google+ or facebook signin you are using an identity server and signing in as the user. You should be using signin if you want them to login to your system using their social media accounts. By singing in you are that user. No I dont think they can be hijacked using signin.
I've got Facebook login working on my web app. On successful login, I'm getting the users app-scoped id. My question is, how do I pre-identify what a certain user's app-scoped id is, so I can add that id to my users table?
To be clear, if Facebook user "Bob" has a userId of 55512, and has paid for access to my app, how do I look up his app-scoped id for my app, so I can add that ID to my users table, identifying him as a valid user?
According to latest Facebook graph API we cannot fetch user / profile id from Facebook username as
graph.facebook.com/username
Then how these websites are fetching user / profile id from usernames.
https://lookup-id.com/
http://findfacebookid.com/
http://findmyfbid.com/
etc...
They are scraping the profile, which is not allowed. If you need to get a User ID, authorize the User with your App and you will get an App Scoped ID. That´s all you need.
A noob question since its my first app to deal with Facebook social sign in. I am developing an app (Flash) which have the ability allow the user to
create normal user account
or
social sign in
The information both store in the same table, but with social sign in off course there is no user password store so i create a account_type which differentiate weather its from the normal user account create or social sign in from Facebook.
Is my appraoch to this correct?
Just wondering what do you need to store in the database in order to authenticate the user, if they come from Facebook social sign in. Because the authentication happen within the Flash application itself rather than going to the server and return result.
So my ulitmate question is what information do i need to store in the database for social sign-in users in order to match with their account and authenticate they are legit user. instead people can just steal email address and access all user's information.
Thanks for any kinda help
The only thing which will identify them uniquely is their Facebook ID. You need to confirm this by requiring them to authenticate, then calling the graph through the ActionScript API to get details of the current user.
Facebook IDs aren't secured in any way (you can look them up with a simple graph call), which is why you need to get the user to authenticate with FB - it's not like ACS, for example, where you set up a relying party and receive a token string that is unique to your application.
After getting the user to authenticate, your code will look something like this:
var auth:FacebookAuthResponse = Facebook.getAuthResponse(); // Gets current authenticated user, or null if no user is authenticated.
var token:String = auth.accessToken; // Access token - only valid for this session, so you can't use this.
var user:String = auth.uid; // Unique identifier of the current authenticated FB user.