I'm developing an app on iOS and Andriod. I would like to allow only some Facebook ID to be able to use my app. How can I do that?
Can i put their facebook unique id into my server and when they login, the app will get thier unique id and verify it with the one stored on my server?
But can someone steal other's unique id then loging in random account and use that stoled unique id to get access into my app?
If you are using some sort of official SDK to authenticate and log your users into your system then the FBID the SDK gives you can not be "spoofed".
You as long as you are using supported methods to authenticate your users (ie: via Facebook itself) you can rest assured that only the "allowed" users as you say will be able to use the application.
Keep in mind that using this method you will not be able to prevent other users from installing your application. Your server will only be able to check if the user is "allowed" to use the application after the user has installed and authenticated via Facebook - only then will you have access to their FBID for validation.
If you want to totally prevent anyone who is not in a certain group of users from reaching your application at all then you can setup some roles for your application as long as it is left in "Development Mode": https://developers.facebook.com/docs/ApplicationSecurity/
Using these settings will allow you to define certain groups of users such as developers or testers and only users specifically listed will be able to install and use your application.
Related
We are trying to update Facebook login for a device and found out different uid generated while login via PC browser and device login method. The uid generated by browser can get user feeds, but it return empty for uid generated by device login. Does anyone know why there is different uid for same user?
It's by design so that unrelated apps can't correlate their users.
Straight from the upgrade docs, emphasis mine;
App-scoped User IDs
Facebook will begin to issue app-scoped user IDs when people first log into an instance of your app coded against v2.0 of the API. With app-scoped IDs, the ID for the same user will be different between apps.
No matter what version they originally used to sign up for your app, the ID will remain the same for people who have already logged into your app. This change is backwards-compatible for anyone who has logged into your app at any point in the past.
If you're not mapping IDs across apps, then no code changes should be required. If you need to map the same user IDs across multiple apps or run cross-app promotions, we've added a new API called the Business Mapping API. This lets you map a logged-in user's IDs across apps as long as those apps are all owned by the same business.
I've written a web application which uses Facebook as the main way to authenticate users and collect information. On the home page, there is one button 'Sign in with Facebook', which allows users to sign in to the app.
Is there any way to restrict which users can use the Facebook app, and thus log into my web app, or do I have to handle this separately/manually? My first idea was to add them as 'test users', because my app is still in beta phase, and thus not publicly accessible. But I'm not sure (and I can't find anywhere) how much test users are allowed per app (as this could be up to 1000 users over time).
You have to handle it manually. A good way to restrict access is to deny access in general, store authorized users and activate their access in a backend. You canĀ“t just get their ID before authorization, because the ID is App Scoped.
I have an android app and a web interface for my user to interact with my system. I managed to make the user Login through Facebook LoginButton into my App and now I would like to register it on my own database.
Just to confirm: It is possible to use the same Facebook Application both on the Android App and on the Web, right?
Which user's information(s) should I store on my database so if the user Logins either on my app or my web interface, my system will be able to recognize him? I though about the facebook username, but I was told it may change...
Thanks in advance.
Just to confirm: It is possible to use the same Facebook Application both on the Android App and on the Web, right?
Right. In the Settings tab you can click Add Platform and select the platform where you want to integrate.
Which user's information(s) should I store on my database so if the user Logins either on my app or my web interface, my system will be able to recognize him?
The facebook unique id should be stored in the database. More specifically (considering the recent changes in the API) - app-scoped user id must be stored in the database. This id is unique for a user using an application. So when a user logins to the application using app/web you can recognize him with this id. You can get the user id with : /me API call.
Hope that helps!
I am working on a requirement where I need to collate information from a persons social media profile into the application mainly LinkedIn, Facebook, Google and Twitter.
The app has the email ID provided by the user. Assumption is of course that the person uses the same email ID across all the services.
My initial gut feel is that I need to ask the my user to login into my app using their Facebook / Google / Twitter ID and once he is authenticated, the corresponding API can then give their information. However, I am not sure if this approach would be feasible for multiple providers i.e. I need info both from Facebook AND Google+ for example
Alternatively, is it possible to use the API's of any of these Social Media applications to map the email ID I have to a user in those applications and then to get the user's public information?
Also, is anyone aware of any 3rd party products / API's which can help provide this kind of identification? I have heard of Rapleap (www.rapleaf.com) but the profile data provided by them does not seem to have social media related information that I am interested in.
Note : I have never worked on anything related to social media in the past and hence if there is some faux pas in what I am trying to do, please feel free to point out the same.
I'll start by assuming that when you say "email ID" you actually mean "email address" which in turn is the user id for those social media networks
is it possible to use the API's of any of these Social Media applications to map the email ID I have to a user in those applications and then to get the user's public information?
Yes and No. In order to request profile information from of these social media networks (let's called them just "providers") your app will need to request it on behalf of the actual user. That is, the user will need to authenticate itself with these providers through your app. For this to happen, the user will need to provide a minimum amount of information (email and password) and your app will need to authenticate as well...usually through OAuth or a native API by specifying an already issued "App ID" (or Client ID) and an App Secret. This is information you should receive by these providers once you have successfully registered your app with them.
is anyone aware of any 3rd party products / API's which can help provide this kind of identification?
I'm not too sure and this is out of the scope of Stackoverflow...but, do you really need to add another abstraction layer in your project? Another dependency? Consider interacting directly with these providers, you have more benefits
So, basically, your app will have to get the user to supply his/her credentials in order to request this information. In the case of OAuth, your app will never see these credentials because the authentication process happens outside your app, all your app will receive is an access token to request the information that is available within the scope of the access token. By that I mean, you have to request specific permissions. There's a lot of information available on the developer's site of these providers and I'm sure you'll get around it without any problems, but feel free to ask if something is not clear enough.
There's a way to get user information from sites like facebook,google,linkedin,yahoo etc by using their OAuth service. For this you need to develop your application to include OAUth Service from any of these sites and allow the user to log into any of these services and choose what all data they would be interested to share for using your application.
Again, you will have to configure your facebook/etc application to include options for the users to select while logging in.
It really depends on the social media account. Some sites allow you to search by email, but this assumes that the email address you have is the same address the person used for the account. Others do not. What I would do is identify the sites which allow you to search by email, and go to those sites and search. That is the most straightforward way.
I want to build a Facebook application that will be available only to those who have been invited to it or to a certain list of people (the list will be used for initialization).
How can I achieve that?
Depends what you mean by available. Anyone can install/authorise your application - all it means is that it'll appear in their applications list, and that your application has more access to their profile.
However, whenever someone uses your application Facebook will send you their unique uid which you can then filter on within your own code. Store a list of uids that you consider "invited", and only allow them access.
Probably the neatest way to do this is at the start of a session; the initial exchange between Facebook and your application involves Facebook sending your app a uid and authentication token, with which your app requests a session key - if you filter at that point and simply refuse to request a session key for any uid that's not on your list, you can programmatically restrict access.
There is so called "application sandbox mode". It is intended for development and testing though. But the meaning of this mode - you directly specify what users have access to your app(testers)