I develop a robot which is connected to the user Facebook profile. If the user receives a message, the robot tells the user to check his inbox (or it can even read the message aloud).
For that, I want to create a website where my users can register, and where they can connect their accounts with Facebook profiles. The website communicates with Facebook to receive any new information. And the robot connects to the user page on the website to get that information.
My question - is it possible to make it that way? Does the API rules allow it?
EDIT: Especially, I want to know if API rules allow it.
You could make use of the Realtime Update API (https://developers.facebook.com/docs/graph-api/real-time-updates).
Therefore, you need to setup an endpoint (service) with handles the push notification from the Facebook platform.
Once you did that, you can "listen" to the inbox connection of the user object. FB will tell you if something changed, but not what exactly has changed. So you need to implement an active pull of /{user_id}/inbox and compare the actual result to a cached past result.
Be sure to gather the "read_mailbox" permission with your app.
Related
The scenario
Suppose there is a mobile app connected to a backend API (nodejs, though not that important), and you can "register with Facebook".
Registering with Facebook implies a couple of steps: on the mobile part the user authorises FB access, FB provides the app with a token, that token is sent to the server and (let's suppose using a passport-facebook strategy) that token can be sent again to FB along with app credentials so that FB can transform that token into a User object.
Suppose on the backend side you use that User object to create your own App User entry, fetch the profile picture and store it, etc. And by manually testing you can see that the User object has a specific structure: an id field, an emails field (which is an array with a complex structure), etc. You end up writing you registration steps based on that.
The problem
While I know that the FB returned User object looked in a certain way at a certain point in time I cannot be sure it will be the same in the future and I won't get an "cannot access something of undefined" error message when they decide to change the structure of that. On the other hand I would really like to have integration tests that include third party integrations, like FB.
I know that you can have (virtual) FB test users and I checked out their documentation for testing, it only shows example of Mobile app testing as far as I know, no backend oriented testing.
I would ideally need to be able to either fetch a (test or not) FB User with which I can test out my registration process or even better a token that can be used in the whole API flow, so that the whole process is covered. Any ideas where I should look or if it is worth investing in this direction?
Everything I have read (e.g. https://api.slack.com/docs/oauth) makes it seem as though I can only build an app that integrates with a Slack team I manage. E.g. I have to create my Slack Client ID .. etc ... and then I can oAuth users for my team.
What I want to do is allow my app's users to login to my app using their Slack login (for their Slack team I do not control or have access to.) I don't want to force my users to generate a Client ID to use my app. I want them to login the same way Google Login or Facebook Login works.
The closest thing I have found is a "login with slack" HTML button, but I'd like to do it in iOS using Swift.
Is that possible?
Sadly, that's not possible. For google or facebook, the way authentication works is that they provide you a mobile API which handles the communication between your app and their web service. So you task is simply adopt that API, make simple function call and retrieve information for user from the API. For example, the facebook button is provided by the API.
However from a look at slack site, they only have RESTful API documented. So in this case, you have to handle the passing and storing of parameters by yourself, and send HTTP request manually. You can have a look at Alamofire framework, which is the best choice for making HTTP request. Basically, you have to send needed parameter with the specific url though HTTP request to perform a log in action, and you have to parse the respond data and then see if the login is successful or not, etc
Thanks to some help from friends it looks like the answer is yes.
You must first make sure you "Distribute App"
Then set up the permissions you require and "install app" (which is a bit not "smart" since you can accidentally add conflicting permissions and get an error when trying to install).
Once that is done you will get an Auth Token and can make requests for any user to login using oAuth.
You can also trigger a sign in request like so:
https://slack.com/oauth/authorize?client_id=[client id]&scope=identity.basic
Edit: For future Googlers, Slack now also provides a specific documentation page for this type of OAuth grant/login: Sign in with Slack
I am currently working on an application that allows the user to register and login via regular email and password. It also allows the user to login via Facebook. Both of these functionalities are working.
The problem is that - when a user registers via email and later tries to log in via facebook ( assuming he/she has the same email for facebook) the application treats him/her as a new user. A new record is created in the database.
I'm new to swift and parse. I tried to take the information that comes from facebook and get the user's email and compare it to the users already in parse....but then, how do I merge the two accounts? If you have successfully implemented this functionality I really would appreciated if you walked me through it.
Thank you so much.
I don't think you can. Instead you would need to use cloud code to intercept the new user before it's saved and check if the e-mail address is already associated with another account. If it is you can return an error from the cloud code and handle it in your app.
I want to create a Facebook app to be used in live events (ie: concerts, conferences, etc).
So the guests would enroll to the event connecting with Facebook Login and asking the publish_actions permission.
The guest will have an Access Card (RFID chip) that identifies himself and links in our database to his Facebook Access token.
Then, during the event, I would like that some actions made by the guests in the event to trigger some actions on Facebook, this actions will be triggered by different applications that communicate with our servers, our servers will comunicate with Facebook API to trigger actions on Facebook.
So when the guest does check in at the event, his Access Card is scanned by the event staff, and then should automatically post a message on his timeline indicating that he is at that event, sharing a link with more details about that event.
We also want to have a physical Photo Booth where the guest has his Access Card scanned, and then takes a picture that should be automatically posted on his timeline too.
So this is not the typical Facebook app flow, as the content is posted automatically by actions made by the user, but managed by our software instead of actions directly triggered by the user himself.
I'm not sure if this kind of application is allowed on Facebook and if it's allowed, how would the review process be done, as this can't be tested using a website or phone app.
Did someone make something similar or knows the best approach in getting this approved on Facebook?
Thank you!
The user MUST login with Facebook and authorize your App. People have tried those things with a specific device where people could login, but Facebook detects multiple logins on one device and may block your App. So the only way is to let people use their own device/smartphone to authorize your App. For example, you could offer them a QR tag with a link to the login flow.
The problem with authorizing before the event and storing a Token is that an Extended User Token is valid for 60 days. So if a user enrolls and the event is 61 days later, the Access Token will not work anymore - unless the User refreshes the Token by visiting your App. So before letting him do this before the event, you can just as well let him authorize the App at the event date.
A specific App for the event is surely the safest way, of course.
I want to build a Facebook application that will be available only to those who have been invited to it or to a certain list of people (the list will be used for initialization).
How can I achieve that?
Depends what you mean by available. Anyone can install/authorise your application - all it means is that it'll appear in their applications list, and that your application has more access to their profile.
However, whenever someone uses your application Facebook will send you their unique uid which you can then filter on within your own code. Store a list of uids that you consider "invited", and only allow them access.
Probably the neatest way to do this is at the start of a session; the initial exchange between Facebook and your application involves Facebook sending your app a uid and authentication token, with which your app requests a session key - if you filter at that point and simply refuse to request a session key for any uid that's not on your list, you can programmatically restrict access.
There is so called "application sandbox mode". It is intended for development and testing though. But the meaning of this mode - you directly specify what users have access to your app(testers)