Id like to somehow be able to authenticate programatically using javascript, without filling a login form every time, because its unwanted behaviour in requirements for my app...
When I use Deezer javascript api I usually do:
DZ.login(); //to login, which pops up a login form
//then somewhere else calling
DZ.getLoginStatus(function(){callback});
//and in callback function I call the api or something
What I would like to do might be something like this:
once call DZ.login()
once fill in login form and approve rights for my app
once get access_token(never expiring, with offline access permission) from response
Still good...
and then:
somehow use that token from javascript everytime I need to access that account to do some action..
No matter whether Im logged in or not I want to be able to access that account with that offline access_tokenand
f.e. load my playlist to the player.. I want to do that action everytime without prompting login form, even after power failure or even if some earthquake comes and logs me out...
I want to use javascript because of that player......
Is there any possible workaround?
If not, why is it not possible?
No matter whether Im logged in or not I want to be able to access that account with that offline access_token and
What you want to do can be set up in your app settings as explained here: http://developers.deezer.com/api/permissions
Related
I have a website and I want users to register and login via Facebook connect. What I can't find out is how to FORCE a registration before logging in. I need all users in my database but it's possible to click the Facebook Login button without registering... I just don't get it, how do I FORCE a registration? Is there any good example on this?
Thanks for your help.
When you say you need all users in your database, what exactly do you mean?
With the facebook login button, you can still supply a redirect url after they authenticate for the first time and you can then capture their user_id, or potentially forward them to another page that has your own registration form. You could then have a flag in your database that indicates if they are a confirmed user (much like when you send email confirmations) that only gets set to true once they have submitted your extra form.
Check this flag on page load and forward them to your form if they haven't entered those details. Then control access to your site based on that flag.
Or are you saying you're trying to use the registration plugin https://developers.facebook.com/docs/plugins/registration/ but that isn't working correctly?
I want to implement a facebook like login on my app. The idea is I have a web service and a web page that has the login forms.
Now, I would like to have my web page pop-up when a person clicks on login button from my iphone app. If the authentication is successful I would to close the iPhone popup window. There is also a possibility wherein after a successful login there will be a token that will be returned and I should be able to get this token from my iPhone app.
How can I implement this?
You'll want to use a standard UIWebView to load a login form on your website (UIWebView class reference). You'll probably want to set a delegate and wait for either webViewDidStartLoad or webViewDidFinishLoad - at these points you'll be able to check the status of the request.
What I would try is for the webservice to render the same form back on failure, and on success render a minimal "loading..." form with some hidden attributes that you will be able to pull out of the UIWebView directly in your app (say, a token, or other login information for making future requests). That way the user can auth as many times unsuccessfully, but you will only continue into the application when they successfully authenticate and have some identifier.
If you don't want to hide the token in the actual HTML your web service returns, it's also possible to create an identifier on the device itself and include that in your form when the user is POSTing to your web service. On a successful auth, you may need to make a second request to get some sort of unique token for any other requests you intend on making, but this is getting a little more complicated.
The best bet is probably to try the simplest thing that will work, then ask a security expert how to improve your interaction/protocol.
I'm implementing facebook connect for my iPhone app. The current facebook SDK would keep you logged in unless you log out explicitly, which is fine with me as stay logged in is actually the requirement. However, I don't want the users to go press the log in button if they never logged out. In this case, I won't be able to grab the facebook object, which I'll need in other parts of my app. So I was planning to simulate the log in event anyways, but that led me to another problem: even though permissions are granted to my facebook app before, it will still pop up the authorization dialog to my users saying they have granted permissions to my app. My question is, how do I hide this? Or, is there a way that I can grab the valid facebook object without calling authorize on my facebook object when my app is restarted and the user stayed logged in?
Any suggestion would be appreciated.
You could redirect the user to https://www.facebook.com/login.php?api_key=<YOUR_APP_ID>. (This is the URL that the PHP Facebook SDK returns when you call getLoginUrl()).This will avoid the dialog and still allow users to authorize your app.
So I have stored the "access_token" and marked it as "offline_access". All that is fine. Now, what I am trying to do is: I want a PHP page to "refresh"/be executed every minute, and then use that token that I stored (which I want to change at anytime manually, say from a field in the database) and then change the status of the user. Say I have the tokens for 3 of my facebook accounts.
I know how to post and all that, but when I try it without a session, it is telling me I need to create a session to do it. However, this is server-side. I don't know how to do the session without seeing the "login" button of Facebook on the server side.
How to do this? Any thoughts on how to make my PHP page, when executed, create a new Facebook object from the Facebook PHP class, and then plug in the whatever Access Token and UID maybe, and then post to the wall of the user?
Thanks!
Answered here:
Facebook offline access step-by-step
I am trying to get users' permission for 'offline_access' in an iFrame Facebook application coded with the Facebook Java API. I understand that I need to obtain an 'indefinite session key' after the users approves my application. Currently, I can accomplish what I want, but in a very awkward way that is probably not correct. There must be a better way to do this. Any thoughts/ideas would be appreciated!!
What I've done
In a servlet of my app, I check to see if the user currently has 'offline_access' permission. If they do, I get the url by Permission.authorizeUrl(Permission.OFFLINE_ACCESS). I then call response.redirect to get to the permissions page. Two problems I'm having are:
The redirected permissions page is displayed within the iFrame. Hence, the Facebook book home menu bar etc. are displayed twice. i.e. looking like an app is embedded in another app.
The user will be 'stuck' on the permission page once redirected there. I won't be able to obtain the 'indefinite session key' (by calling client.getCacheSessionKey) unless the user goes back to a page in my app manually.
Possible Work-arounds??
Is there a way to open/redirect to the permissions page in a new window? That way maybe I can have a thread in my servlet to keep checking whether the permission is set after the redirection. And then I can get the 'indefinite session key' once I have it and store it somewhere?
Is there a way to set an URL for Facebook to go to after permission is set? (much like the pre-auth and post-auth URL settings?) Or somehow take control after the permission page is hit?
Any other ways to setup my app maybe?? Being a newbie, I might've totally gotten the idea wrong...
Have you tried using the fb:promot-permission tag in XFBML? That would seem the simplest way of getting the permission granted, and XFBML is fairly easy to set up.