We can get user profile info after user can authenticates out app.
Is there any way/possible so that we can get any fb profile info without authenticating? like when user click's on login button.
No, you can't retrieve a user's data without them authorising your app to do so using one of the Login methods.
If you ever find a way to get a user's data without their consent you should report it via Facebook's Whitehat security program, possibly for a cash bounty
Related
I have created a Yammer app wherein the user is able to make posts and obtain messages using an open graph feed. The user is asked to authorize the Yammer app the first time he/she logs in, in order to obtain an access token. My question is, is it possible that the user does not have to login every time he/she uses the app, in order to obtain this token?
Currently, the container where the feed is supposed to show, shows a "Login to Yammer" button. Only after the login, is the feed visible.
Is there a way to automatically login the user in the background without using impersonation? (If an encrypted version of the username and password is stored in the system.)
Thank you!
You can't log in the user without either the user interacting to authorize the app, or the authorization being performed through impersonation. You can use the setAuthToken() method from the JavaScript SDK for Yammer to inject an existing token, even if you are doing the full impersonation laid out in the linked article.
I'm using HybridAuth with Laravel. How can I allow the user to choose a (different) Facebook account after logging out of my UI?
Currently, when the user logs out then in, it auto logs them into my site because they have received a token previously. They are not given an option to log into a Facebook account. Therefore, the user can only use one Facebook account with my site, ever. I tried deleting session data as well as $hybridAuth->logoutAllProviders(); and it still happens.
I could set the Force Web OAuth Reauthentication setting in Facebook for my app, but I don't want the user to log into Facebook every time they visit my site. I would like them to be able to switch Facebook accounts they want to use with my site.
I get expected behavior when logging as a Google user. Thanks for any advice!
I have a website where users can log in with the Facebook oAuth API.
Once the user logs in or registers via Facebook it is stored in my database.
But what I'd like to achieve is, once the user goes to his Facebook application settings page and removes my website app permissions, the used should also be deleted from my database.
Is there any work around to this problem, if this is not possible via the Facebook oAuth API?
You can add Deauthorise Callback URL by Navigating to Settings > Advanced section of your application. Whenever a User Deauthorises your Facebook app, Facebook performs a HTTP POST of signed request to your URL. You may use the field user_id to determine which User has deauthorised your app.
Actually, I would do the following:
Add a date to his last log in to your site.
Have cron job check for old, unused accounts.
Send an email to the user's email address (or Facebook message mail) telling him his account is due to expire soon.
Delete account from database.
today I've an hard question that it causes me some problems.
I'm beginning to implement, for the first in my life, the Facebook Login/Connect in my iOS application.
What's strange? Nothing so far, except I want that the users can ONLY login in the app with Facebook Login, not signup. I explain better: only the users that are already registered in my website can use Facebook Login for logging in.
Website: users can signup with Facebook Connect
iOS app: users can use Facebook Connect only if they're already connected in the website with Facebook Connect.
Is it possible or is an illusion? For example if there's a way to get the facebook uuid of the logged user before show the permission popup it would be great, because I check for this uuid in my database and if exists I'll allow to connect the user.
On the website side
Your user logs in, then authorizes to use your app. As soon as she is authorized, add her user id to your database.
On iOS side
Your user logs in. As soon as she logs in you have access to her user id. So, before showing the main app screen display a loading graphic. Send a request with the user id to your server. The server replies that she is authorized and you proceed to show your main app screen. OR, the server replies that she is not authorized and you proceed to show an error message that instructs the user to first authorize on the website (maybe this screen should have a retry button).
if i get your question .. you can build an Api_service on your website through it you can send the user email from the application and check if this mail registered on your website .. so before the user login to Facebook you make a request to call this api > you returned a value to your app tell you that the user is registered in your site or not .. so then you can allow just the user's you want to login fb.
I am creating an app in which you can login via Facebook, Twitter, or our own internal mechanism. The issue is the following scenario:
I open the app and login using Facebook
I logout
I open the app and login using Twitter
The above scenario will result in me as a user having two accounts in the system. How do I prevent this from happening so that I have one account and it doesn't matter whether I login using Facebook/Twitter?
Every time a user login using Facebook I am as well creating an internal account, with the Facebook username and Facebook id as password. The same thing when I login using Twitter I am creating an internal account with the Twitter user name and id as password.
An idea came in my mind to solve this:
When a user logs in using Twitter check the name and email if a user with that information already exists in the database. However, the name and email they use in both Facebook and Twitter might not be the same, so this might not work all the time.
You can't make this work with your current flow (when the user logs in then logs out again). Instead you should allow a user to login with either their Facebook or Twitter credentials and then, whilst they're still logged in, get them to associate their account with their other service with that user.
So, the flow would be something like:
New user arrives at site User logs in with Facebooks oauth2
mechanism
Your server receives their FB ID and generates a new user
in your systems. Stores their FB ID against that user.
You prompt
the user to add their twitter auth credentials. User logs in with
Twitter oauth2 mechanism
Your server receives their twitter ID,
checks to see if a user is currently logged in with your
application. Because there is, you save the twitter ID agains the
current user.
Later, the user can log out and then log in with either service.