I'm developing a Web app that has a Facebook group associated with it. I want only authorized users of my app to be able to join this group, and I don't want them to have to be manually approved by a group admin.
My first thought was to use the game_group_join dialog from the JavaScript SDK, and display this dialog only to authorized users. But this seems to have a few problems; no way to keep track of which Facebook accounts are associated with which accounts in my app, doesn't work with JavaScript disabled, there seems to be no way to stop an unauthorized user from joining the group by making the underlying HTTP requests to Facebook themselves, etc. A server-side solution would seem to eliminate these problems, but I'm not sure if there is one for Facebook app groups.
Can anyone offer advice on how I should be handling this?
Tayman,
Your first thought is pretty much the way and yes there is a server side solution (with app id and app secret).
You'd have to record something when they do the join dialog or you check if the logged in user is a member of your app group and record it's app-scoped userid in it's website user record.
In summary:
use the app (php?) to create a closed group.
https://developers.facebook.com/docs/graph-api/reference/v2.3/app/groups#publish
Users can only join the group through the app, they cannot request to join just from inside fb.
Here is a test group I've been playing with:
https://www.facebook.com/groups/879916105406758/
you can do much with js, however the "add me to the group" has to be done with the javascript join dialog.
https://developers.facebook.com/docs/games/app-game-groups#join
Facebook only allows php 'joins' for test users, not for normal facebook users.
https://developers.facebook.com/docs/graph-api/reference/v2.3/group/members/
Once a user has authorised you, you can check which groups they belong to and record their app-scoped user id with your website user record.
Taymon, here is the solution I think would fit in your case:
-Have the user login to your app with public_profile permission. From here you can capture the user's app_scope_id
-Check if the user is allowed to join the group, display Javascript dialog 'game_group_join' and invite the user to join.
- You have to link existing users with their Facebook app_scope_id after they login/connect with Facebook.
Related
Having searched through this section many times, I am struggling to find an answer to what I thought would be simple:
Having created an app, I cannot add other facebook verified developer accounts as administrators of the app without first friending them.
This is a professional app (we are using it to provide login through Facebook services), and I cannot find a way to add other colleagues without making them into facebook friends.
I have tried:
Roles > Administrators > Add:
Email address
UID
Link to Profile URI
Name search
I either get back nothing, or a notice that the user is not a facebook user (though they patently are, I can add them as a friend after all).
1) You must acess the apps via: https://developers.facebook.com/apps and select your app. The UI has recently been updated:
2) If the user is not your friend you must add them using facebook User Id otherwise it will not work.
This can be obtained via http://findmyfacebookid.com/ which wil turn thier profile url into an id.
3) The user must also have verified their account. However it will tell you this when you try to add them.
4) They will then receive a request which they must accept.
Did you check with the user to see if they got the notification? (e.g. you should receive a request from me)
This is how a pending request looks.
How does my website know when users are logging in with their facebook account for the first time - so that if they arent registered with me i can then create the same.
I think to know the first time user logs in with facebook would have to be controlled on your side.
You'll want to build some sort of logic to store the user's FB info like FB UID and email perhaps, in your DB when they login through FB. Additionally, you'll want to do a lookup for the user's UID and email in your DB on each time the user logs in through FB.
You might also want to consider if the user ever decides to "disconnect" their account from FB / revoke access to your app through FB. In this case, you'll want to remove their UID and email from the DB since they've chosen to revoke access.
If they decide to come back, then treat them as a new user and repeat the steps above.
A majority of your code will be checking the response from FB.getLoginStatus https://developers.facebook.com/docs/reference/javascript/FB.getLoginStatus/
You can experiment with FB.Event.Subscribe and 'auth.authResponseChange'.
Check the documentation
I work for an organisation that is partnering with another group. Each of us will have a body of users logged into Facebook. What we want to do is to make it possible for a user who is signed in under my group's app id to see all his/her friends some of whom will also be logged in under that id, some of whom will be logged in under the partner org's app id.
The idea we had in mind was that it might be possible to grant permissions on auth to both app ids in one go. Is that possible? If not, does anyone have any idea how we could share this kind of presence data without also sharing all other user details?
No, that's not possible, though I don't see why you can't just use the same App to have multiple pieces of functionality
My website has accounts that are often accessed by multiple users. For example, a company might create an account under a generic company email address, and have different interns, etc update it.
We also have normal users that are the only people accessing their account.
We know we could make registering / signing in so much easier and more effective by utilizing various third party services like Facebook, Twitter, OpenID, etc, but we can't think of how to handle those services when multiple people want to create / sign into a single account.
How do we know which users authenticated with FB/Twitter should be allowed to access the company account on our website?
Facebook doesn't let you sign in as a Page yet, right?
You can let the users log in with their normal company account, and then give them a facebook Connect button. The only important thing you need to keep for facebook connect is their facebook id. I would add a new table, or a new entry in the users table with all the ids that have connected to that account. There would be no difference between single user and multiple user accounts, only in the number of ids connected to that account.
I use a sql table with two values, user_id and remote_id, and every time a user connects you add an entry. The same can be done with other open ids and twitter, the same able can be used.
Technically, no you can not log in as a page. But, once you get an install from a user, you can easily tell which page they are administrators of. If you create your company organizational unit around the entity of a page (or allow users to do this) then you could allow your users to log in with their Facebook accounts and once you have their Facebook session, you can access the /me/accounts graph endpoint and look at the pages they're administrators of and cross reference that with your company->Facebook Page definitions.
You could allow Facebook Page Administrators to invite users who do not have access to their Facebook Page. Once the lesser-privileged (intern) user gets to their invite URL endpoint, they could click a Facebook connect button to link their FB account with the Company/Page that the Administrator invited them to. This way, the Administrator wouldn't have to add a bunch of users to their Facebook Page as Administrators (thereby keeping their page more secure).
I was thinking that for Facebook Connect, can we rely solely on using it to log users in, and show "Log in / Sign up" vs "Logged in as [Michael] / Log out" and not needing to handle users on the web server (such as using Ruby on Rails) so there is no users table, no authentication system at all, but just let Facebook handle everything?
But as it turned out, looks like it is not so feasible? Because somehow, we still need to use the user_id to save in some of our records in the DB, such as, when a user add an item to a "Save to list", or post a message, we still need to use the user_id in that row of the user_item_junction_table or messages table. We can use Javascript so that the POST will actually contain the Facebook user_id, by using Facebook's Javascript SDK and just add the user_id to the form's hidden variable... but is it a workable solution or is it recommended?
I see a typical website having its own authentication, and then just letting the Facebook account be "one of their users"... so each Facebook user still has a user record in the legacy system.
For our FB Connect application, we are using our own user record that is linked up to the Facebook user ID. You could always maintain your own user table and have Facebook user ID be the unique identifier, but that locks you in to FB Connect. Using a separate, internal user ID will allow you to link other type of shared login scheme (e.g., OpenID) to your user accounts.