Is there a way to leave the publication (not Share) on the wall of the user visiting the website.
I know about graph api (FB.api ('/me/feed', 'post', {message: 'test'}, ...)
But such a challenge requires the rights to publish at the user's authorization.
I want the right to publish on the user's wall requid not at authorization, but when user push the button "Send message to my Wall". And when user press the button (for posting), show window(Fb api confirm) appears to confirm an action
Is that possible?
There are always hacks, but as one who has utilized hacks to make something work that shouldn't on facebook, I'm going to advise against it. When they catch you they will delete all accounts associated with that hack which may make some very unhappy customers. Doing what you are asking is forbidden by platform policy's.
https://developers.facebook.com/docs/php/howto/postwithgraphapi
Related
I want to create a Facebook app to be used in live events (ie: concerts, conferences, etc).
So the guests would enroll to the event connecting with Facebook Login and asking the publish_actions permission.
The guest will have an Access Card (RFID chip) that identifies himself and links in our database to his Facebook Access token.
Then, during the event, I would like that some actions made by the guests in the event to trigger some actions on Facebook, this actions will be triggered by different applications that communicate with our servers, our servers will comunicate with Facebook API to trigger actions on Facebook.
So when the guest does check in at the event, his Access Card is scanned by the event staff, and then should automatically post a message on his timeline indicating that he is at that event, sharing a link with more details about that event.
We also want to have a physical Photo Booth where the guest has his Access Card scanned, and then takes a picture that should be automatically posted on his timeline too.
So this is not the typical Facebook app flow, as the content is posted automatically by actions made by the user, but managed by our software instead of actions directly triggered by the user himself.
I'm not sure if this kind of application is allowed on Facebook and if it's allowed, how would the review process be done, as this can't be tested using a website or phone app.
Did someone make something similar or knows the best approach in getting this approved on Facebook?
Thank you!
The user MUST login with Facebook and authorize your App. People have tried those things with a specific device where people could login, but Facebook detects multiple logins on one device and may block your App. So the only way is to let people use their own device/smartphone to authorize your App. For example, you could offer them a QR tag with a link to the login flow.
The problem with authorizing before the event and storing a Token is that an Extended User Token is valid for 60 days. So if a user enrolls and the event is 61 days later, the Access Token will not work anymore - unless the User refreshes the Token by visiting your App. So before letting him do this before the event, you can just as well let him authorize the App at the event date.
A specific App for the event is surely the safest way, of course.
I am not sure I fully understand the "Login with Facebook" mechanism, and I need to make sure my understanding is correct (or perhaps it is not):
In order to deploy a "Login with Facebook" in my website, I must also have a Facebook application (?)
The first time anyone uses "Login with Facebook" in my website (assuming they are already logged in Facebook itself), they must go thru the Facebook dialog of approving the application. There's no way around that (?)
Anyone who successfully uses "Login with Facebook" in my website has his/her public Facebook data available to my website (?)
And the last one:
Legally speaking, do I have to name the button (or whatever) "Login with Facebook" (or similar), or can I name it any way I want (say, "Go ahead and work")?
Correct. That Facebook application is how Facebook tracks information about you to provide to the users, where to redirect users after authorizing your application, etc. It's essentially the integration point between your application and Facebook.
Correct. They may also be prompted to re-approve again in the future.
You would have access to anything which they permit you to have access. By default this includes basic profile data, but there are lots of other permissions available as well. Keep in mind that, if you request additional permissions, they may allow basic permissions but then pick-and-choose which additional permissions. So it's not always a safe assumption that just because they've logged in with Facebook to your application that they've authorized everything.
And the last one:
"Legally speaking..." - Not our department, sorry. For any legal advice you'll want to consult an attorney.
1.) Yes you must have and App ID and App Secret from your Facebook App. (Facebook Developers)
2.) And yes again, you can not work around that dialog, a user must grand your app the permission to go ahead.
3.) You will get the data that you Required via your Application. Then in turn this request is shown in the Dialog when a user log's in to your Website, if they grand you the access, its all yours :).
4.) You can name the button anything you want :)
I'm trying to write application for user login to website via Facebook. When user is logging in, he's redirected to http://www.facebook.com/dialog/oauth/?client_id=APP_ID&redirect_uri=REDIRECT_URL&state=STATE, then sees confirmation dialog to use permissions and all goes well. But then FB somehow remembers this application and never asks for permissions confirmation again when user opens this url. Is there any way to always show this dialog? I could do it in Twitter, but couldn't found the answer for Facebook.
If you really want this for some reason, uninstall the app from the user's account with a HTTP DELETE request to /USER_ID/permissions using your app access token.
The next time they come back they'll need to re-authorise the app.
Otherwise, no, there's no way that I'm aware of apart from the reauthentication flow to force the auth dialog to appear, but bear in mind that the reauthentication flow may prompt the user to re-enter their Facebook password even if they're already logged into Facebook, so it adds extra friction to the process
Instead of showing the Facebook OAuth dialog, you could also show the user a page on your application that has some information about the Facebook account that is going to be used (picture/name etc), to log into it. That way, if they like they can choose to log out and re-authenticate or continue knowing they have the right account.
I'm new to all this. This is what i'm after and i'm sure it's possible.
I've got a script where people can register/login in to as members. What i'd like to do is tie it in so that it just uses Facebook users details for the registrations. I've managed to set it up to sign up and and complete a registration using a user's name and email.
What i'd like to do now is automatically log the user in if they're logged in on facebook, is this possible or will they need to click a login button that then takes them to their page? If they need to click a button to login, how do I go about getting the button to take their facebook details and log them in? Also what happens in regards to passwords on my site? Is that stored in the app somehow?
Ideally i'd like to use the popup version of verification rather than the iframe that i've got set up at the moment.
Cheers in advanced for any help for a n00b!
This is in fact possible. Although I for my part was never a fan of such things here's some human-readable (simplified) theory:
Facebook uses a system called OAuth ( http://de.wikipedia.org/wiki/OAuth ). That means, when you want to have the user login onto your site using Facebook you'll of course need to provide a button/facebook-login-frame (see documentation) that says "Log me in with Facebook" or so. You then access Facebooks API (more here: https://developers.facebook.com/ ) and basically tell Facebook who you are ("Hi I'm website XY"). While that happens your user is redirected to Facebooks "permission-landing-page". On that page he needs to confirm whether he is fine with your website accessing certain information (like his name). If he confirms your website receives an access-token granting you access to a subset of his user information which you can then use to personalize his expeirence on your website.
Check out facebooks documentation because they explain exactly your usecase in detail.
(here: https://developers.facebook.com/docs/authentication/ )
PS: You'll of course never have any access to his Facebook login/password. That's kind of the idea behind "delegating" the authentication via OAuth to Facebook. Facebook only provides you with an access token (bound to that particular user who logged in and granted your app/website permissions)
We have users that logged in to our website through Facebook Connect. Now we'd like to contact those users about changes as we indicated in the signup process, but we don't have their email addresses. Only their Facebook ids.
How can we contact them? I understand Facebook removed 3rd parties' ability to send notifications through Facebook's API. We can send them a message through the API either.
So I guess we're left with posting to their wall from a user account of ours. I assume there's a low limit to how often we're allowed to do that and is that even permitted? Or we can make an application request from this designated facebook user account which would show up in their notifications.
Finally, we could manually go to the user's profile page and then click the "send a message" button from our facebook user account... A lot of manual work and I assume this is frowned upon as well. Is there an easy way to find out the profile page URL from a Facebook id?
What's the best approach here where we don't break any rules?
If you are getting stream_publish extended permission in your profile then you can simply post on there wall see this http://developers.facebook.com/docs/reference/rest/stream.publish/
Alternatively this can be a better solution if the user do not granted any extended permission
http://developers.facebook.com/docs/reference/rest/livemessage.send/
you should get "offline_access" from the facebook user requests to post at anytime.