In my mobile app, users are allowed to login over facebook (standard azur mobile service facebooklogin).
Now i want to take that to a next step. Based on the users facebook login, i want to access his profile over the facebook .net sdk.
After the login i want to call a "getUserInfo"- Method which returns the info from facebook. So the whole facebook access should happen on the backend side.
Is this possible with azure and if so, whats the best way to do so?
In your Mobile Services .NET backend, you can always get the Facebook token by calling (within a controller):
ServiceUser user = (ServiceUser)this.User;
FacebookCredentials creds = (await user.GetIdentitiesAsync()).OfType<FacebookCredentials>().FirstOrDefault();
string accessToken = creds.AccessToken;
Then you can communicate with the Facebook Graph API using that token.
If there is a particular set of capabilities you want to be able to access beyond the public profile, you may want to add permissions to your login request via the MS_FacebookScope application setting. The value is just a comma-separated list of the scopes you wish to use.
You may find this blog post helpful in explaining the above in more detail:
http://azure.microsoft.com/blog/2014/10/02/custom-login-scopes-single-sign-on-new-asp-net-web-api-updates-to-the-azure-mobile-services-net-backend/
Related
I'm implementing the FB login/logout in my web apps. Each of my web apps serves a different purpose thus having different domains. But they share the same user database.
User's Facebook sign-up comes from one web app. I pass the access token returned by the client side JS-SDK login function to the server. At server side I used the Facebook email and ID (retrieved with graph API /me) as the user's username and password, respectively.
At first, I created a unique Facebook App for each of my web sites. In this case, in my other web apps, when logging in with Facebook, the graph API /me returns a different ID for the same user, so the user cannot login.
It turns out that the response.authResponse.accessToken returned by Facebook login is also different. Then I tried to add all the domains under Settings->Advanced->Valid OAuth redirect URIs in one Website App, but the access token and ID are still different for each domain.
I wonder what is the problem here. Why Facebook returns different IDs for the same user. And why the access token is different even if the web domains are all in one App (same app ID and secret). Thanks.
As #WizKid suggested here, you need to map users between different apps. Usually you will need to create a Business Manager and add your apps to that manager. Then you'll have access to all the apps' info, including their scoped user IDs, by calling API /me/ids_for_business
I'm trying to build a Facebook-authenticated native mobile app (Windows Phone) that connects to a web service I am creating in Node.
I'd like for a user to:
Log in to Facebook on the mobile app via a native UI or web window
If logged in successfully, create or access server-side user account data tied to that identity
Use the authenticated session to make subsequent authenticated requestsvto that user's data via the native mobile app
My question is: What's the best approach here?
Should I...
Log in the client to facebook locally in the mobile app and pass the Access Token to the node service, and then somehow map the user to my service data based on their facebook account id? That seems grossly insecure if I just pass that token in the URL.
Log the user in via a mobile browser window inside my app, and then redirect back to my Node service in the same window? How do I then make subsequent authenticated requests natively in my app?
Do something else entirely?
Sorry this is so open ended but this is the first time I have tied these things together and although there's a lot of info on each part I've yet to find something that describes the overall pattern / best practice for this design.
Your question is quite opinion based...but still I will try to help.
First of all, you can pass access token in url, its not insecure if you use https. Even if logged into facebook from your mobile app, than also its going to pass a access token in url only. If you mean having the token in http://something.com/access_token, than its not how its should be done.
If you look into the Oauth 2.0 draft you will understand that its done through setting a header Authorization with the value being the token and token_type. Take a good look at the draft.
As your solution I think its fine if you just use the first method mentioned in the question by sending the access token in header as I mentioned in your app and in turn authenticating that token from facebook on each request.
If you think this is just too long a flow for authenticating every request from facebook, than you can get access token by sending request from your mobile app to server and let the server handle the access token and store it in database which you can authenticate each request.
In any case take a look at Passport module, it has facebook and other auth built-in and should be sufficient for your needs.
For this task I have already created my own facebook application to get the API key and secret key. Can anyone explain the next steps that should be done to
1) Read from facebook API
2) Write my own database
by using web services
Thanks in advance!
A high level answer:
I'm assuming you want to use the authorization code OAuth flow (this means you want Facebook users to give you access to their profiles so you can grab data from there). If so, you need to bring up a web server and an application that will run your users through the Facebook OAuth flow. In case you just want to access Facebook with your own credentials you don't have to have a web server, simply use the client credentials OAuth flow.
So, Once you have a valid access token, you simply make calls to Facebook API using this token. using Facebook Graph API is simply a matter of calling URLs and getting the data as JSON.
You can test-drive the API here.
BTW, according to Facebook's platform policy, you're only allowed to store Facebook data for caching purposes.
Let me know if this helps.
I am using the Graph API for Facebook on my iPhone application. The problem is, I don't want the user to have to re enter their email address each time they want to login to integrate Facebook with my app. Is there a way to save and auto fill the login information using the Graph API?
Using the Graph API, there is no need for you to store the credentials, more than that, you should NOT store the credentials. As explained in the API dedicated help page the authentication process is handled by a secure token.
Meaning that if the user is already authenticated on Facebook using another application, it might be ( based on authentication process used ) already authenticated within your app.
You might check the token validity by using the isSessionValid method from the Facebook class.
Have a look to the iOS Facebook SSO link, it explains everything you need.
I am trying to understand, how facebook authentication works and how the flow should look like. I am working with Google App Engine and I have managed to obtain first the code and then access token. Using it I can for example retrieve user's friends list. This is all cool.
However, how can I store this access_token? I wan to allow my user to access different pages in my facebook app and I will need this access token on those pages. How can I store it and how can I retrieve it? Or maybe no matter which page user accesses I first need to get the code and then access token and only then can I perform some operations on his behalf?
I don't want to use javascript sdk for now. Is it possible to do it all from server side?
how can I store this access_token? I
wan to allow my user to access
different pages in my facebook app and
I will need this access token on those
pages. How can I store it and how can
I retrieve it?
just store the access_token in the datastore.
https://github.com/facebook/python-sdk/blob/master/examples/appengine/example.py
line 50.
It is from the facebook python sdk.
https://github.com/facebook/python-sdk/
If you don't want to use javascript sdk, you need to see this document. It has all details for facebook Oauth.
http://developers.facebook.com/docs/authentication/
While facebook redirect your user to your page assigned by redirect_uri. It will give your the code (A_CODE_GENERATED_BY_SERVER), then your server can get the user's access_token/facebook id with server side facebook api + code. Then you can login your user (set the session/cookie) and do whatever you want.