Making it mendatory to get email with facebook oAuth with Socialite - facebook

I am trying to use facebook oAuth for my users to login/register to my website. For this, i require user's email address
Facebook oAuth dialog has option to provide / not provide email but even if the user's doesn't provide their email, I cannot re-request authorization from facebook again as it considers the user as logged in and simply redirects to call back url.
I am using Laravel and Socialite package.
Any solutions??

Socialite allows you to get user information directly after the successful authorization by using
$user = Socialite::driver('facebook')->user();
$user->email;
I would expect $user->email to contain the users email address if he accepted to share her with the app and to be empty if the user denied the email address sharing.
And if $user->email is empty throw an error and ask the user to re-authorize. If it's not working you could try to de-authroize the user, a guide can be found here.
A convenient way to avoid any issues is to display a warning that the user should allow email sharing if he wants to log in with Facebook.

Related

Facebook API: is the email field guaranteed to be validated?

I'm implementing a Log In With Facebook button on my website, and will be using the email field for two purposes:
create a new account if I don't have this email in my user database
match an existing account if I have a user with this email address
Does Facebook guarantee that they verified the user owns this email address when they return the field in their API?
Otherwise, in the (unlikely) event that a user of my website does not have a Facebook account, someone could create a Facebook account with this email, without validating it, to log in to my website with their account.
They are supposed to be but Facebook has had issues in the past of unverified emails being allowed to pass through the API Is it possible to check if an email is confirmed on Facebook?.
If you implicitly allow Facebook accounts to link up via email, then the next time Facebook has an issue they can effectively take control of all your users accounts.
The secure way to link users up is to either:
Ask a normal user to link their facebook account by logging into it.
Ask a Facebook-user to login with your sites normal account.

Can I used passport.js to login to Facebook from an app?

I and a friend are developing an app and would like to use Facebook as a way of users having their own accounts without us having to ask them to store passwords or make users for security and ease of use.
Passport.js has a facebook plugin but it talks about a redirect URL so my question is: is it actually possible to just send information like email address and password to facebook for authorisation and return the users profile without actually redirecting the user to a facebook login page.
I don't see how i could redirect the user to a facebook login while inside my app and also what on earth would i put as the callback URL? Am i just trying to use passport-facebook in the wrong way?
is it actually possible to just send information like email address and password to facebook for authorisation
No. Users are strongly discouraged from giving this information to any 3rd party app, and you are not allowed to ask users for them.
Login with username/email and password happens on Facebook, not in your app. You will get feedback from the login endpoint then that they logged in successfully.

facebook login form on third party website

Facebook is blocked by my company firewall but I want to develop an app where in employees can click a link we send it to their email and provide access to their facebook account and update. Firewall blocks facebook.com so I cannot have users type their username and password on facebook.com url. Can I have users type in their username and passowrd on internal website using which the app will login and get access?
it goes against the purpose of oauth to take the user's password and use it to log in as that user. oauth is designed so that the user will never have to disclose their password to your app but still be able to provide your app with some of their own facebook data. this way, only the facebook data which the user chooses to share will be available to your app. also the user may choose to allow your app to publish on their behalf, see here for the details.
my suggestion would be to get the users to authenticate your app from outside the work network (where the facbook.com url is available). this way you can still post on their behalf and your app can get certain information from their profile to relay on to them without you ever needing to know their password.

Customized facebook login page

Can we customize facebook login/authentication page?
I want to use my own customized pop up for receiving 'Email' and 'Password' input from user so that it is consistent with the GUI of my application. Is there a facebook API to which I can pass the Email/Password details received from user?
Looking at https://developers.facebook.com/docs/reference/api/user/#permissions you cannot "create" new permissions. This has to go through Facebook so they know what permissions have been granted. This ensures that you're not just granting permissions on behalf of a user without them having actively granted them. This therefore stands to reason that you cannot style their page.
Alternatively, you could just make sure users register via an account on your site (You want a password so I assume you don't mean their facebook password) and then ask them to connect their facebook account to it. You would need to ask for their email in your form, get them to login, then connect via facebook and associate their facebook id with their account on your site.

Facebook Connect api in php

HI, I hava a website in php where i have integrated a Facebook Connect API which enabled the Facebook login button.
I login using the button by providing my Facebook credentials. It gets logged in. I can access my profile picture, full name and some other information. But i can't access the user email id i.e. the Facebook user id. I have checked the FBML page here but i didn't get any tag that may give me the user id. I guess that Facebook might not allow me to get the id.
Please help me how to get the Facebook user id from the Facabook Connect API.
Apparently, Facebook uses an numeric increment ID instead of email addresses to uniquely identify each User entity. By Facebook API policies, email addresses are protected to prevent spam and other issues.
In order for an application to get the email addresses of a Facebook User, you will need special permissions from the User. See the API for such permissions.