I want to test the log-in flow for my website that uses Facebook auth.
Unfortunately, after the first time I log into my site with Facebook, I am never shown Facebook's auth window or flow again. I' just automatically logged in.
How can I remove my permission to a particular website so I am presented with Facebook's login flow again?
just remove your app from https://www.facebook.com/settings?tab=applications
afterwards it will ask for all permissions again.
Related
I'm using HybridAuth with Laravel. How can I allow the user to choose a (different) Facebook account after logging out of my UI?
Currently, when the user logs out then in, it auto logs them into my site because they have received a token previously. They are not given an option to log into a Facebook account. Therefore, the user can only use one Facebook account with my site, ever. I tried deleting session data as well as $hybridAuth->logoutAllProviders(); and it still happens.
I could set the Force Web OAuth Reauthentication setting in Facebook for my app, but I don't want the user to log into Facebook every time they visit my site. I would like them to be able to switch Facebook accounts they want to use with my site.
I get expected behavior when logging as a Google user. Thanks for any advice!
I'm new to Facebook App development and I got this Problem:
I've created a Facebook Page (so I'm the administrator). Now I would like to have an external Webpage with a simple textarea and a "send" button. So everybody who has the link to this page could update this Facebook Page even without a Facebook account. This status update should be send by my page administrator account.
I thought I could write an app and authorize this app to publish_streams on the page and after the authorization I could switch $fbuser = $facebook->getUser(); to $fbuser = IDOFMYACCOUNT.
So the fbuser would be always my account wich is allowed to post to the Page.
If I try to use this application with an other browser (wich isn't logged in to my fb account) I get this error: (#200) The user hasn't authorized the application to perform this action
So this is the way I thought I could solve my problem.
Do you guys have an idea how I (and other people who don't have a FB account or don't wan't to login or I don't want to add them to Facebook Page administrator) could update the Facebook Status of a Page from an external website?
You will need your token "baked in" to your code and some sort of admin back end to update the access token before it expires.
Also you need manage_pages permission and the token of the page if you want to post as the page.
This can be accessed from /me/accounts
how can i login my website using facebook credentials that too seamlessly , when i'm already logged in my facebook account in the same session or in another session. For example i'm logged in my fb and when i open website named rottentomatoes.com in the same session or in another session , i can get automatically logged in , without doing anything , as that site use my fb account and automatically get a registered memeber of that site.
i wanna do this things in my website , like things happening with rotten tomatoes.
so far i can use fb account to login in my website using facebook connect .
please help me ....any suggestion will be welcomed.
You need to have a facebook app, then in your site use the facebook js sdk.
You always have different sessions per site, you'll need to make a session for yours, you don't use the facebook session, just the sdk.
When the user loads your page you can use the FB.getLoginStatus to check if the user is logged into facebook and is authenticated with your app, if so then you get the needed user data and can then log the user into your site.
If the user is not logged into facebook, or hasn't authorized your app then you can use the FB.login method to log the user in, when the user comes back from that process you should have the data you need in order to register/log him into your site.
I'm trying to write application for user login to website via Facebook. When user is logging in, he's redirected to http://www.facebook.com/dialog/oauth/?client_id=APP_ID&redirect_uri=REDIRECT_URL&state=STATE, then sees confirmation dialog to use permissions and all goes well. But then FB somehow remembers this application and never asks for permissions confirmation again when user opens this url. Is there any way to always show this dialog? I could do it in Twitter, but couldn't found the answer for Facebook.
If you really want this for some reason, uninstall the app from the user's account with a HTTP DELETE request to /USER_ID/permissions using your app access token.
The next time they come back they'll need to re-authorise the app.
Otherwise, no, there's no way that I'm aware of apart from the reauthentication flow to force the auth dialog to appear, but bear in mind that the reauthentication flow may prompt the user to re-enter their Facebook password even if they're already logged into Facebook, so it adds extra friction to the process
Instead of showing the Facebook OAuth dialog, you could also show the user a page on your application that has some information about the Facebook account that is going to be used (picture/name etc), to log into it. That way, if they like they can choose to log out and re-authenticate or continue knowing they have the right account.
well i have used the facebook api couple of times. But last day i just came across a site which was really new to me. Heres the scenario
If a user is logged in at facebook and comes to my site, he will
automatically be logged in without asking him and also if user logs
out of my site he gets logged out of facebook. But the site i saw
yesterday, they had handled it perfectly, user dose not logs in their
site automatically and even if user logs out from their site, he does
not gets logged out of facebook.
So any help? what is this technique called? or any relevant help?
Best Regards
most site handled the login/authenication by using the login status of the user at facebook ends.
to do what u wants, simply add an additional layer of authentication / login status checking at your own site.
The site level login status is to be retained only for the current session. In other words, once the user went away from the site, the site level login status is gone. With this, when the user returns, you know that he needs to login again.
when the user logged out from your site, you only log him out of your site and do nothing about facebook login
Using the Facebook SDK it will likely tell you the user is logged out when not logged into Facebook, which in theory is the correct behaviour of the whole system, as Facebook want user's to always be connected to Facebook, I quote facebook:
As long as the user is signed into Facebook, they are automatically signed into your site as well.
So if they aren't connected to Facebook, you aren't connected to other sites. In a way it's a deterrant and increases Facebooks market.
But anyhow, it's likely the site you are describing are implementing their own authentican system rather than using Facebook's own SDK, or if they are using the SDK they are using it in moderation and understand about cookies/the above.
The flow to allow the user to be logged into Facebook but out of your site is as so:
When a user logs out of their site, it will unset session data for the site's own application, and also unset Facebook cookies, etc. That way the user is still logged into Facebook but out of your site.
When they try to log in again, Facebook will detect no cookies are available and hence will re-authenticate and pass you onto the url as passed during the authentication process. Your site will then login the user to the site's own application, setting any session variables, etc.
you need to check how you are handling the FB logins and sessions at your end..
my guess is you check the is login at your site and there are some access_tokens which are as per your app id in the cookies of your browser which are helping you to log in ..
and when logging out from your site you are explicitly logging out the user from FB as well
( thats what you are describing atleast )
you seem to be explicitly calling logout or clearing the cookies for fb app id ..