I can connect to facebook and check on my users and link their account with their facebook profile. But I a question about logic.
When the user comes back to my site, and then want to login again (using facebook), do they have to also be logged in to facebook at that point?
I am using the PHP SDK
If they are logged in before they get to your site, the users will directly see contents allowed to authenticated users. The identification information can be stored by the client's browser (cookies, cache, session...) for automatic log in.
Whenever a user is connected through fb services within a session, his credentials are the same on all websites using fb services within this session.
Hope it helps.
Related
I'm using HybridAuth with Laravel. How can I allow the user to choose a (different) Facebook account after logging out of my UI?
Currently, when the user logs out then in, it auto logs them into my site because they have received a token previously. They are not given an option to log into a Facebook account. Therefore, the user can only use one Facebook account with my site, ever. I tried deleting session data as well as $hybridAuth->logoutAllProviders(); and it still happens.
I could set the Force Web OAuth Reauthentication setting in Facebook for my app, but I don't want the user to log into Facebook every time they visit my site. I would like them to be able to switch Facebook accounts they want to use with my site.
I get expected behavior when logging as a Google user. Thanks for any advice!
Facebook is blocked by my company firewall but I want to develop an app where in employees can click a link we send it to their email and provide access to their facebook account and update. Firewall blocks facebook.com so I cannot have users type their username and password on facebook.com url. Can I have users type in their username and passowrd on internal website using which the app will login and get access?
it goes against the purpose of oauth to take the user's password and use it to log in as that user. oauth is designed so that the user will never have to disclose their password to your app but still be able to provide your app with some of their own facebook data. this way, only the facebook data which the user chooses to share will be available to your app. also the user may choose to allow your app to publish on their behalf, see here for the details.
my suggestion would be to get the users to authenticate your app from outside the work network (where the facbook.com url is available). this way you can still post on their behalf and your app can get certain information from their profile to relay on to them without you ever needing to know their password.
how can i login my website using facebook credentials that too seamlessly , when i'm already logged in my facebook account in the same session or in another session. For example i'm logged in my fb and when i open website named rottentomatoes.com in the same session or in another session , i can get automatically logged in , without doing anything , as that site use my fb account and automatically get a registered memeber of that site.
i wanna do this things in my website , like things happening with rotten tomatoes.
so far i can use fb account to login in my website using facebook connect .
please help me ....any suggestion will be welcomed.
You need to have a facebook app, then in your site use the facebook js sdk.
You always have different sessions per site, you'll need to make a session for yours, you don't use the facebook session, just the sdk.
When the user loads your page you can use the FB.getLoginStatus to check if the user is logged into facebook and is authenticated with your app, if so then you get the needed user data and can then log the user into your site.
If the user is not logged into facebook, or hasn't authorized your app then you can use the FB.login method to log the user in, when the user comes back from that process you should have the data you need in order to register/log him into your site.
well i have used the facebook api couple of times. But last day i just came across a site which was really new to me. Heres the scenario
If a user is logged in at facebook and comes to my site, he will
automatically be logged in without asking him and also if user logs
out of my site he gets logged out of facebook. But the site i saw
yesterday, they had handled it perfectly, user dose not logs in their
site automatically and even if user logs out from their site, he does
not gets logged out of facebook.
So any help? what is this technique called? or any relevant help?
Best Regards
most site handled the login/authenication by using the login status of the user at facebook ends.
to do what u wants, simply add an additional layer of authentication / login status checking at your own site.
The site level login status is to be retained only for the current session. In other words, once the user went away from the site, the site level login status is gone. With this, when the user returns, you know that he needs to login again.
when the user logged out from your site, you only log him out of your site and do nothing about facebook login
Using the Facebook SDK it will likely tell you the user is logged out when not logged into Facebook, which in theory is the correct behaviour of the whole system, as Facebook want user's to always be connected to Facebook, I quote facebook:
As long as the user is signed into Facebook, they are automatically signed into your site as well.
So if they aren't connected to Facebook, you aren't connected to other sites. In a way it's a deterrant and increases Facebooks market.
But anyhow, it's likely the site you are describing are implementing their own authentican system rather than using Facebook's own SDK, or if they are using the SDK they are using it in moderation and understand about cookies/the above.
The flow to allow the user to be logged into Facebook but out of your site is as so:
When a user logs out of their site, it will unset session data for the site's own application, and also unset Facebook cookies, etc. That way the user is still logged into Facebook but out of your site.
When they try to log in again, Facebook will detect no cookies are available and hence will re-authenticate and pass you onto the url as passed during the authentication process. Your site will then login the user to the site's own application, setting any session variables, etc.
you need to check how you are handling the FB logins and sessions at your end..
my guess is you check the is login at your site and there are some access_tokens which are as per your app id in the cookies of your browser which are helping you to log in ..
and when logging out from your site you are explicitly logging out the user from FB as well
( thats what you are describing atleast )
you seem to be explicitly calling logout or clearing the cookies for fb app id ..
I am building a website and I want it to integrate with Facebook Connect.
I want to restrict the users connecting to only those who are part of a specific Facebook group or let them connect and have an admin approve their account. Is this possible?
This should be quite achievable.
Present an entry page on your site that requires the user to log in with Facebook Connect. (See "Authenticating Users with Facebook Connect"). Once they're logged in, you will be provided with a Facebook session id specific to that user. You can use that session id to query for user information, either inside the page with the Javascript API libraries, or server side (see "Using Facebook Connect with Server Side Libraries").
One of the API calls is groups.get, which will return the groups that the user is in.
You should be able to retrieve the user's associated groups after they've logged in to Connect, and as part of your page load process check to see if they're in the right group. If they're not, simply re-direct them appropriately.