I am developing an App with Meteor and asking for extra permissions from Facebook with the following code...
Accounts.ui.config({
requestPermissions: {
facebook: ['user_likes', 'user_education_history', 'user_hometown', 'user_location', 'user_website', 'user_work_history']
},
passwordSignupFields: 'USERNAME_AND_OPTIONAL_EMAIL'
});
I as an Admin is allowing for those permissions to be published but when the user is created, these permissions do not get added to the Meteor.user.
Is there something extra I need to do to add them to the DB?
Thanks
According to this
On the client, this will be the subset of the fields in the document that are published from the server (other fields won't be available on the client). By default the server publishes username, emails, and profile (writable by user). See Meteor.users for more on the fields used in user documents.
Meaning you need to create publish to return extra fields to client
Related
This is driving me cray. I am trying to retrieve the Facebook id after logging in. I am assuming I have to use the attribute mapping in order to achieve this? Any thoughts?
Heyo, Just thought I'd reply here too in case anyone else has questions about this.
I looked at the Facebook scopes reference page, and it says that public_profile is the scope that contains the user ID. So, I went to my Facebook Directory, and under 'Provider Configuration' on the 'Scopes' tab, I added public_profile. Under the 'Attribute Mappings' tab, I added id as the Attribute Name and set customData.id as the 'Stormpath Field Name'.
When users log in to my web app using their Facebook credentials, their ID is saved directly to their account's customData:
{
"id": "1260737122323"
}
To grab this data from the Account's customData and display it on the profile page of the React-Express sample project, you need to do two things:
Ensure that the web.me.expand.customData config is set to true in order to have the custom data fields populated,
Add a new field on the profile page with name="customData.id", like this:
This is covered in the docs under the Access custom data fields by prefixing field names with customData section.
The documentation of these Facebook scopes is a little confusing, the properties on "public_profile" are actually available on the root of the Facebook user object, so in Stormpath you want to map id to customData.public_profile.id.
How do I check and get the username from the facebook login?? I successful get the account-facebook to work but I don't know how to access to the username?
Meteor is cool but not much documentation. Or I am to new for must of the server side javascript. Thanks!
There is an object (services) where facebook info is stored on Meteor users. You can get accessToken, id, username, etc.
You can use onCreateUser to modify the user document and add the username on creation.
# on server
# coffeescript
Accounts.onCreateUser (options, user) ->
if user.services.facebook
data = user.services.facebook
user.username = data.username or "generateOne"
return user
You can use user.profile to add other fields.
I created a Meteor app that allows users to sign on using Facebook. To do this, I'm using the accounts-ui and accounts-facebook packages. This works fine.
How do I retrieve the user's email address once they've signed on? I understand that this requires special permission, and so I added email as a "User & Friend's Permission" in the app settings on the Facebook developers site. Following the Meteor documentation, I also set up Account.ui.config like this:
Accounts.ui.config({
requestPermissions: {
facebook: ['email'],
},
passwordSignupFields: 'USERNAME_AND_EMAIL'
});
As expected, when a user of my app signs on using Facebook, it correctly asks them to share their email address. But how do I retrieve it? The user document has only the _id and profile.name.
The Facebook user's email address is stored in [userDocument].services.facebook.email, which is not published to the client, but can be accessed from the server or from the client using Meteor.methods and Meteor.call.
this will add the Facebook profile info to the client side user object.
Accounts.onCreateUser (options, user) ->
if options.profile
user.profile = options.profile
# get profile data from Facebook
result = Meteor.http.get "https://graph.facebook.com/me", {
params: access_token: user.services.facebook.accessToken}
if !result.error && result.data
#if successfully obtained facebook profile, save it off
#the user can access the profile object on the client
user.profile.facebook = result.data;
return user
on the server side the facebook.accesstoken can be accessed... so use it to get the full FB info and save it to the client user object..
ping a Meteor.user() in the console now to get the FB info.
dont think this is exactly best practice in terms of having FB info on the client..
I've been doing user authentication with everyauth and Facebook and all works well. Now, I want to integrate an ability to post to Facebook. Since my app asks only for email scope when users first login, I'll need to get a larger FB scope, and am trying to follow the FB guidelines and only ask for this additional scope when I need it.
I added the following code to my everyauth configuration as per the docs:
everyauth
.facebook
.appId(conf.fb.appId)
.appSecret(conf.fb.appSecret)
//TODO add custom redirect for when authentication is not approved
.scope(function (req, res) {
console.log('Setting FB scope');
console.log('Session: ' + util.inspect(req.session));
var session = req.session;
switch (session.userPhase) {
case 'share-media':
return 'email,user_status';
default:
return 'email';
}
})
All is well when an unauthenticated user logs into the application. The problem is that when I want to "up the ante" on FB scope, which I do by setting req.session.userPhase to 'share-media', and then present a link to /auth/facebook to confirm they want to allow posting to FB. When this happens, I get an error that req.session is undefined from the above code (all of req is undefined).
I assume this is since a previously logged-in user is essentially re-authenticating, but isn't that how I would get more scope from Facebook? Am I going about this the wrong way?
Thanks!!!
Using the Facebook API, you can get back the post ID of a Facebook share, even if the user has not authorized your app.
The post ID is prefixed by your user ID, and separated by an underscore.
FB.ui({
method: 'feed',
name: 'People Argue Just to Win',
link: 'http://www.nytimes.com/2011/...',
}, function( response ){
// Response gives you :
// { post_id: "[fbUserId]_346759642059572" }
});
To me it looks like Facebook is using this programmatically, rather than with the idea of providing us the userId out of the kindness of their hearts. But it's extremely tempting to use.
I'm a little rusty on permissions - if there is a way to get back all the users that have liked/shared a specific URL, and not just a count, then this should be okay.
But the question remains, is it acceptable to use?
EDIT:
Now that I think about it, you can access the user ID by making an anonymous call to https://graph.facebook.com/[postId] but ONLY if the post was made public.
If you get a response from FB, it means that you have already ask the user for the required permissions,
so yes you can use the data returned from Facebook as you like, but you always have to inform the users how you use those data.
You can only cache user data if you have permission or it is necessary for the function of your app. Using the like button you can subscribe to edge.create and cache the response from the like.
refer to: http://developers.facebook.com/docs/reference/javascript/FB.Event.subscribe/
II. Storing and Using Data You Receive From Us
You will only request the data you need to operate your application.
You may cache data you receive through use of the Facebook API in
order to improve your application’s user experience, but you should
try to keep the data up to date. This permission does not give you any
rights to such data.
in my app i store the id of every page or user that is viewed to speed up page load times and count page views. Seems with in the scope of Policy as long as i am not sharing the info with 3rd parties or making public what a user has set to non public.