I am developing a chatbot. I want to ping the FB user from my server that requires PSID.
I obtain the PSID using the Account Linking API. Is there any way to link User email and PSID. As we have used email as the unique parameter to recognize user.
Incase the user logs out, does the PSID change on the next Login. Can I take the PSID to be constant for multiple logins.
After some amount of research I discovered PSID ( PageScope User ID ) is constant for a user and corresponding Page.
For the first question, the following link can be used. It involves
obtaining app scope id from login access token,
combining app secret with Page Access Token to obtain AppSecretProof,
using AppsecretProof along with Page AccessToken and PSID to obtain appscopeId which matches with the appscopeId obtained during login.
Related
Just curious,
In case I want to make application using API for login(i.e Facebook of Google+)
What user's unique key do I stored in my database? Do my apps have same user's unique key as them(Facebook or google+), or they generate a new unique key for my user when sign in my apps? And what type of data is it?
Do I duplicate user's information into my database or keep accessing user's information from Facebook or Google+? Like do I have to create table for user's name, gender, birthday,etc and register user's information once user login to my apps or straight access it from Facebook or Google+ every time my apps needs it?
Is it really safe for user to using login with API? Can someone using API to get user's email and password, or make post in user's Facebook or Google+ that user don't want to post, or hijack user's account?
This might be common case, but I have no experience in using API so I have no idea about that.
What user's unique key do I stored in my database? Do my apps have same user's unique key as them(Facebook or google+), or they generate a new unique key for my user when sign in my apps? And what type of data is it?
When you use Google or Facbook signin you really only need to store the information that they return to you.
LoginProvider ProviderKey ProviderDisplayName UserId
_____________________________________________________________________
Facebook 1969950809700159 Facebook 21248583
Google 117200475532672775346 Google 21248582
User Id is the users id from my user table. Where i store there user information my system needs ProviderKey is the users Id on the login providers system.
Do I duplicate user's information into my database or keep accessing user's information from Facebook or Google+? Like do I have to create table for user's name, gender, birthday,etc and register user's information once user login to my apps or straight access it from Facebook or Google+ every time my apps needs it?
You can duplicate some of it when the user creates or links their account to your system but i wouldn't automatically update it without informing the user you are doing so. Some users dont realize how much information you have access to via linking to social media accounts.
Is it really safe for user to using login with API? Can someone using API to get user's email and password, or make post in user's Facebook or Google+ that user don't want to post, or hijack user's account?
I think you are confusing identity for Authentication. Using Oauth2 you request a user to grant you access to see there data though an api this is authorization. If you are using Google+ or facebook signin you are using an identity server and signing in as the user. You should be using signin if you want them to login to your system using their social media accounts. By singing in you are that user. No I dont think they can be hijacked using signin.
A noob question since its my first app to deal with Facebook social sign in. I am developing an app (Flash) which have the ability allow the user to
create normal user account
or
social sign in
The information both store in the same table, but with social sign in off course there is no user password store so i create a account_type which differentiate weather its from the normal user account create or social sign in from Facebook.
Is my appraoch to this correct?
Just wondering what do you need to store in the database in order to authenticate the user, if they come from Facebook social sign in. Because the authentication happen within the Flash application itself rather than going to the server and return result.
So my ulitmate question is what information do i need to store in the database for social sign-in users in order to match with their account and authenticate they are legit user. instead people can just steal email address and access all user's information.
Thanks for any kinda help
The only thing which will identify them uniquely is their Facebook ID. You need to confirm this by requiring them to authenticate, then calling the graph through the ActionScript API to get details of the current user.
Facebook IDs aren't secured in any way (you can look them up with a simple graph call), which is why you need to get the user to authenticate with FB - it's not like ACS, for example, where you set up a relying party and receive a token string that is unique to your application.
After getting the user to authenticate, your code will look something like this:
var auth:FacebookAuthResponse = Facebook.getAuthResponse(); // Gets current authenticated user, or null if no user is authenticated.
var token:String = auth.accessToken; // Access token - only valid for this session, so you can't use this.
var user:String = auth.uid; // Unique identifier of the current authenticated FB user.
Is there a way to get a user's facebook user id from their login email address?
I want an API call where I can provide joe#example.com and get facebook user id 342255534.
I'll use that id to call http://graph.facebook.com/342255534/picture?type=large
The closest thing I've found is https://graph.facebook.com/search?q=EMAILADDRESS&type=user&access_token=ACCESSTOKEN, but that requires an access token, which I'm hoping to avoid.
I know this isn't how it's supposed to work, but is there a way to get a generic access token?
You can use your own access_token for the application, and change it to a long-lived access token so you can make the API call in a cron. The only issue is that you will have to login to the app every so often to update the access token.
UPDATE: The User Search API is now deprecated, so you cannot search using email addresses. But name based searches still work.
You can create an app and get an access token for that app. Instructions are here: https://developers.facebook.com/docs/authentication/applications/
Unfortunately, a search for a user_id by email only works with a user access token.
You don't need to be friends with a user to get their id by email address.
I am working on facebook application in java, and i succeed to retrive the access_token.
Now i want to pull for example the user feed but i dont have the user id https://graph.facebook.com/userid(or me)/likes?access_token=...
Yes, I know user id could be replaced by 'me', but my app is a web app, user just input his user name and password in our frame, not facebook OAuth Dialog which is for user authentication and app authorization, so I think facebook should do not know who is me, so I need user uid. In previous implementation, I could use user email and password to get user id and session key by Facebook Rest API, but how could I get it by Graph API by user name and password?Is there a way to do that?
The Graph API uses OAuth 2.0 for authorisation.
One of the main goals of OAuth is that the user's credentials don't have to be handed out to the 3rd party applications.
So, it's not possible to get the user id and session key using the Graph API with just the users email & password (unless you logged them in manually yourself).
HI, I hava a website in php where i have integrated a Facebook Connect API which enabled the Facebook login button.
I login using the button by providing my Facebook credentials. It gets logged in. I can access my profile picture, full name and some other information. But i can't access the user email id i.e. the Facebook user id. I have checked the FBML page here but i didn't get any tag that may give me the user id. I guess that Facebook might not allow me to get the id.
Please help me how to get the Facebook user id from the Facabook Connect API.
Apparently, Facebook uses an numeric increment ID instead of email addresses to uniquely identify each User entity. By Facebook API policies, email addresses are protected to prevent spam and other issues.
In order for an application to get the email addresses of a Facebook User, you will need special permissions from the User. See the API for such permissions.