I've got Facebook login working on my web app. On successful login, I'm getting the users app-scoped id. My question is, how do I pre-identify what a certain user's app-scoped id is, so I can add that id to my users table?
To be clear, if Facebook user "Bob" has a userId of 55512, and has paid for access to my app, how do I look up his app-scoped id for my app, so I can add that ID to my users table, identifying him as a valid user?
Related
Using Facebook API for FB Login, how is possible to know if the user who authorized my application is the application's admin (owner)?
The old days FB return the real FB user id, so it was easy to compare it. Now it returns a number which is not the real FB profile id.
Thank you
The old days FB return the real FB user id, so it was easy to compare it. Now it returns a number which is not the real FB profile id.
That’s called app-scoped user id.
You will have to use that one to identify users within your app. So you need to get your admin user’s app-scoped id once after logging in as that user, and store it somewhere for future comparison.
There is also the /{app-id}/roles endpoint, which you can use to query which users have which role in your app. But that uses app-scoped user ids as well.
If you have multiple apps connected to a business, you can also use the User Ids For Apps endpoint to be able to match app-scoped user ids across different apps. (You will still have to use the app-scoped id for one of your “main” apps to compare against though; the global user id is not available at all any more via API / to 3rd-party apps.)
I am implementing a facebook login, and would want to store the fb data of the user. I just want to be able to check facebook profiles of users, i thought of storing the fb_id rathen than the fb_username, because I assume the username could be changed. If I store the fb_id, how can I pull up facebook profiles by id
According to latest Facebook graph API we cannot fetch user / profile id from Facebook username as
graph.facebook.com/username
Then how these websites are fetching user / profile id from usernames.
https://lookup-id.com/
http://findfacebookid.com/
http://findmyfbid.com/
etc...
They are scraping the profile, which is not allowed. If you need to get a User ID, authorize the User with your App and you will get an App Scoped ID. That´s all you need.
I use Facebook Login on my website, and I want to upgrade it to the last version, with the app-scoped user id. Normally, the ID I should receive from Facebook should be unique.
However, when I test with a new fb account, the id I receive (e.g. 123) is the same as the one on the user public profile URL: https://www.facebook.com/profile.php?id=123
This is not really safe... Anyone could copy the ID of someone else profile URL and login with his ID
How do I force asking the new app-scoped id?
Right now nobody had signed up to my website
P.S. Sorry if my english isn't that good
This is not really safe... Anyone could copy the ID of someone else profile URL and login with his ID
Not possible, Facebook Login wise. If your site is designed to login people just based on ID alone that's not good at all. That's a security weakpoint in your site, not Facebook.
If your application at any point in time used v1.0 then some of the IDs returned will be Global IDs. There is no risk that you should be worried about here.
I just learned that starting with the Facebook API 2.0 , users registering with apps will get a unique facebook id specific to that app.
In my application, I need the user's profile url. The response I get from calling the graph's "/me" path looks like this:
https://facebook.com/app_scoped_user_id/{app_scoped_user_id}
But this will not take me to the user's profile unless I am logged in. Whereas using the real facebook id will take me to the public profile regardless of my logged-in state.
My question is: How to get the public user profile url from the app-scoped facebook id, or how to get the real facebook user id from the app-scoped id?
Thanks.