How to track facebook password change and profile changes? - facebook

I am integrating facebook iOS SDK 4.0 in my mobile app. I came into scenario where user logged into our mobile app with facebook credentials, after some time the user changed his password and Firstname in facebook. Now How do I track this change in mobile app? and redirect user to validate facebook credentials in mobile app?

In both v3 and v4 of the SDK, the access token is cached locally on the device (by default), and the only way to know if it's still "valid" is to make a graph request.
You can make a /me or /permissions request during app start if you have a cached token, and check for errors, and prompt the user to re-log in if the token is no longer valid. There are also some auto-error recovery mechanisms built into the SDK, see https://developers.facebook.com/docs/ios/errors.

Related

Facebook SDK Login

We have an app that integrated the facebook login, recently we had received an email from Facebook stating the following:
"1. Your Android or iOS app does not use our native SDKs to initiate Facebook Login. We suggest you implement our native SDKs so that people who are already logged in to their Facebook accounts don't have to log in again. Note that starting October 2, using our native SDKs for login will be required by Facebook Platform Policy I.3. For more information on this, visit:https://developers.facebook.com/docs/facebook-login/using-sdks/"
But the fact is, our app uses the following for login
session openWithBehavior:FBSessionLoginBehaviorForcingWebView
Which obviously is a function PROVIDED WITHIN Facebook's SDK
And also the app does not require the user to re-log in if he/she is already logged in. We tried to contact FB for clarification but they had not replied since. So can someone tell if our app's facebook login needs to be changed? Or has FB "wrongfully accused" us?

Facebook API Authenticate on a different machine

Assuming it is possible to transfer the Facebook API access token from some web app to my mobile app (via physical storage or network), will my mobile app be able to use that token as a regularly acquired token (as if the mobile app itself requested the token from Facebook)?
Is this procedure allowed in the Facebook API's terms of service?
Will the mobile app be able to cache that transferred token and use it as its own?
Basically, what I want is for the user to do Facebook Login and authenticate on one machine, and use the acquired token on a different one (e.g mobile app).
Is there a better way of doing this?
You can set your mobile app to go through facebook's oauth steps onload and if the user has already authenticated the app, he will get logged in right away, since you'll get an access token at this point of time, save that in the mobile app.
Automatic login triggers are now being used on both stackoverflow and quora. (if you sign up here through facebook, when you visit the site, you'll get signed in again - same for quora).
Also, access tokens grant access to a particular 'facebook app'. If your mobile app uses the same app id, then you can certainly reuse the same access token on the mobile device.
yep, we can reuse it. I got an access token from mobile app then it's applicable on web browser.

IOS SDK Facebook SSO - User logs out from Facebook outside app?

The instructions on using Single Sign-On (SSO) with the Facebook IOS SDK are to save the access token and expiration date in fbDidLogin and use them on subsequent calls to avoid unnecessary logins.
But what if the user logs out of Facebook outside the app (e.g. in the Facebook app or in Safari)? The app doesn't know about this, so it tries to use the saved token and expiration date, and to my surprise - they are still valid and the app can access the user's data even though the user has logged out.
Any way around this?
no, there is no way to do this. each FB login a user makes is specific to the client they logged in with. A FB login is not universal across all clients. The FB token you get from the SDK is a token for that user with your app. So if a user logs out of FB in their browser or another app, they have not logged of FB from your app so the token will remain valid until it expires or the app or user explicitly logs out from the context of your app.
Not sure why you are concerned about this. Generally you would want your users to remain logged in. If you have a reason you don't want this don't request "offline_access" permission when you authorize a FB user and you can also logout and de-authorize the user via the FB API based on whatever criteria you deem appropriate.

Facebook SDK Login for iOS

Using Facebook's iOS SDK, how does a developer figure out if a user has signed out of his/her account in either Safari/Facebook app? If a developer is saving the access token and expiration date in the app between app launches, is there any flag within the SDK to let the developer know that the phone user has actually signed out/changed accounts? I want a user of my app to have to sign in with the new account if they have changed accounts from a third party app.
The Facebook SDK has a 'isSessionValid' method that you can call, but that method's implementation only checks to see if there is an accesstoken and if the expiration date is past a certain point. It does not check to see if the user has signed off or changed accounts from a different app.
Any ideas?
The current design is that once a user has logged into an ios client app and the app has an auth token, the user is in until the auth token expires or the user uninstalls the FB app (or deletes the app from their device). Suppose you have a server involved where your ios client hands the auth token to the server (they're the same FB app). That server would never know that another FB app on that device had logged out. Your user will probably have to use the logout method in Facebook.m.

Facebook SDK iOS Login

Using the Facebook SDK for iOS, how does one figure out whether or not a user is already signed in so the app does not have to go through a login process?
Currently during the login process, I am saving the access token and expiration date to the user defaults and then reading those back out when I initialize a facebook object at the start of my application's run time.
But what happens if a user backgrounds the app, goes into Safari, changes to a different Facebook account or signs, then comes back into my own app. Shouldn't the Facebook app return that the stored session isn't valid anymore? How would I figure this out? Currently, my facebook object maintains that the session is valid, but unfortunately when I try to publish something, I see nothing on the appropriate Facebook page.
Am I missing something here? Thanks for your help!
You are doing the correct thing saving and restoring the facebook access token & expiration date. Any FB API that requires a valid token will fail with an error if you call it with an expired token. Handle the error and logout locally from FB then ask your user to login again.
In regards to Facebook's login on an iPhone (SDK v3.0+), it ranks the System Level Login 1st, Facebook native iOS app 2nd, and mobile Safari Facebook login 3rd. But if the user logged into your app using mobile safari, backgrounded the app, logged into a different Facebook account using mobile safari, then returned to your app, the access token and session in your app will be valid until you log out of your iOS app. Typically you log out using this line:
[FBSession.activeSession closeAndClearTokenInformation];
Login is initiated by some variation of this line:
[FBSession openActiveSessionWithReadPermissions:
If you're using Facebook iOS SDK 3.2+, you can call the following to see if an authenticated Facebook session is open:
[[FBSession activeSession] isOpen]
Also, you don't have to save the access token or expiration date locally. You can access them with these calls:
[FBSession activeSession].accessTokenData.accessToken
[FBSession activeSession].accessTokenData.expirationDate
Here's a link to some relevant Facebook iOS docs:
Facebook Login - iOS SDK