I am adding facebook authentication to my website. Is there a way for me to know whether the user checked "stay logged in"?
FB.login(function(response) {
if (response.authResponse) {
FB.api('/me', function(response) {
// logged in
KNOW HERE: Did user check 'stay logged in'?
});
}else {
}
});
The answer seems to be that it is not possible to determine.
Related
I am using a Facebook app to authenticate my users, but if the user is not logged in to Facebook (I am checking it with FB.getLoginStatus()) I show him a button to log in with. The problem is that the pop-up gets blocked all the time. I have no idea why, since I am registering the Facebook log in action on ng-click.
<button type="button" ng-click="login()">Log in via Facebook</button>
...
$scope.login = function() {
FB.getLoginStatus(function(response) {
if (response.status === 'connected') {
$scope.userId = response.authResponse.userID
loginSuccess()
} else
FB.login(function(response) {
if (response.authResponse) {
$scope.userId = response.authResponse.userID
loginSuccess()
} else {
alert('You need to log in and authorize the app, otherwise you won\'t be able to take the quiz!')
}
})
})
}
Any help?
FB.getLoginStatus should be used on page load to check if the user is authorized and to refresh the User Token. You can use it right after FB.init and store the User ID if he is logged in.
FB.login must be used directly on user interaction, you are using it in the asynchronous (!) callback function of FB.getLoginStatus and not directly when the user clicks on the button.
Example: http://www.devils-heaven.com/facebook-javascript-sdk-login/
After your get your response from getLoginStatus, is the idea to then call FB.login? Currently when I do that, the code stops.
Here's the code for when they hit the FB button to login, which correctly gives me the response...
function facebookConnectBtnLogin()
{
FB.getLoginStatus(function(response)
{
CL();
if (response.status === 'connected') {
logFacebookUserIn(response);
} else if (response.status === 'not_authorized') {
// alert('not_authorized...');
facebookLoginInit();
} else {
//alert('not logged into Facebook...');
facebookLoginInit();
}
},true);
}
And the code that deals with FB.login, which alerts 'here4', but not 'here5'...
function facebookLoginInit()
{
alert('here4');
FB.login
(
function(response)
{
alert('here5');
CL();
if(response.authResponse)
{
alert('here6'); logFacebookUserIn(response);
} else alert('not connected');
},
{ scope: "email" }
);
}
Do I have the right idea?
Thanks for your time and help.
You should never call FB.login in an asynchronous callback function, ONLY on direct user interaction (mouse click). Browsers block the FB.login popup if you don´t call it on user interaction.
With FB.getLoginStatus you just check if the user is authorized, if not: present a Login Button where the user can click to login. It´s not a good idea to show the login dialog right when the user enters your App anyway, tell him what the App is about first.
I have an app in a page tab that uses the facebook javascript sdk. When a new user comes to the app, I get the expected "Log in with facebook" pop-up. I also have some extended permissions that I've put in the scope parameter of FB.Login. After the users logs in with facebook I see the expected extended permissions pop-up. The only problem is if the user skips the extended permissions, the dialogue returns back an access_token, but it's not valid for the extended permissions. Code example below.
window.fbAsyncInit = function () {
FB.Canvas.setAutoGrow();
FB.init({
appId: facebookAppId,
status: true, // check login status
});
function updateFBInfo(response) {
console.log('updateResp:');
if (response.authResponse) {
//user is already logged in and connected
FB.api('/me', function (info) {
displayUserInfo(info, response);
});
}
else {
FB.login(function (loginResponse) {
if (loginResponse.authResponse) {
FB.api('/me', function (info) {
displayUserInfo(info, loginResponse);
});
}
}, { scope: 'email,manage_pages,offline_access,publish_stream' });
}
}
FB.getLoginStatus(updateFBInfo);
};
I guess my question is either, what am I missing (this has got to be something easy), or is there a way to check and see if the returned acces_token is actually valid?
You need to check explicitly for the permission before proceeding. If they haven't provided the necessarily permissions, you need to display FB.login() with the necessary scope again.
Here is the code for checking permissions:
FB.api('/me/permissions', function (response) {
var perms = response.data[0];
// Check for publish_stream permission in this case....
if (perms.publish_stream) {
// User has permission
} else {
// User DOESN'T have permission. Perhaps ask for them again with FB.login?
}
} );
Let's say I have an facebook application running using the JS SDK.
First user clicks on LINK A, and I do a call to FB.login() asking for the "email" permission.
<a href="#" onclick="doLogin();>LINK A</a>
<script>
function doLogin() {
FB.login(function (res) {
//res contains authResponse, i.e. the user is logged in.
}, { scope : 'email'} });
}
</script>
Then I will do a check on authResponse to check if user logged in or not.
if(res.authResponse) {
//User logged in
} else {
//User NOT logged in
}
NOW let's say that on LINK B, I want to ask for the "user_birthday" permission:
FB.login(function (res) {
//Now res.authResponse is set even if user did NOT grant access to the "user_birthday" permission
}, { scope : 'user_birthday'} });
However when the request for "user_birthday" is made the user is already logged in to the application - and therefore authResponse will be set regardless if user granted access to the additional permission, or clicked cancel.
Is there a way to check if user gave the additional permission?
I know I can do a lookup on the api on /me/permissions - but I wonder if there's a way to do it in the FB.login() callback?
Yes, using that user access token, query me/permissions.
FB.api('me/permissions',function(permsArr){
var canGetBirthday = PermissionExists(permsArr, 'user_birthday'); // write your own PermissionsExists parser....
});
We let users/companies add their facebook accounts to our system, and we let them authenticate those accounts after they are added, so that we can get details which are not public otherwise. so we need tell user which account to authenticate against, is this possible ?
Lets say user is already logged into facebook with account x, then he logins to our app and choose to authenticate account Y, so he will click on the authenticate link for Y and proceed to authenticate, is there anyway to enfore user to authenticate Y.
For me, the solution was, first check if user is already logged into facebook, and logout them using FB.logout. Then open the login dialog (FB.login) so that they can log into the desired account. On successful login, check that the logged in user is same as the link that was clicked on.
The overall code is some thing like this
$('.fb-login').live('click', function() {
var accountName = $(this).attr('id');
//if user is already logged in, logout him so that he can authenticate correct account
FB.getLoginStatus(function(response) {
console.log(response);
if (response.status === 'connected') {
FB.logout(function(resp) {
console.log("Logged out of facebook")
});
}
}, true);
FB.login(function(response) {
if (response.authResponse) {
var accessToken = response.authResponse.accessToken;
console.log(response);
console.log('Fetching FB account information.... ');
FB.api('/me', function(response) {
console.log('Account name, ' + response.username + '.');
//validate that user authenticated the same account as the link he clicked on
if(accountName == response.username || accountName == response.id) {
//save token
} else {
//show error
}
});
} else {
console.log('User cancelled login or did not fully authorize.');
}
}, {scope: 'perms'});
});
Yes, you will want to have logout functionality on your page. Since it's unclear as to how you've implemented your login button, I'll give one example:
Do a server-side 302 redirect the user to https://www.facebook.com/logout.php?next=YOUR_URL&access_token=ACCESS_TOKEN
The next= will be the location where the user can click to log into account Y
For your specific needs you can research here: https://developers.facebook.com/docs/authentication/