I want to add a "Login to Facebook" button to my page. However, I don't want to have the user prompted to grant my app access. I don't need any of the user's personal info so they shouldn't need to grant me access. Is this possible?
I don't need any of the user's personal info
So why to use the facebook API?
You must be fetching at least the ID of the user right? That's the part of just the basic information; so in the least case the user will be prompted to grant the permission to your app to fetch the basic info. You shouldn't bother much, since most of the users don't hesitate sharing just their basic information.
Related
I'm creating a website that use facebook connect, and I need the publish_action permission for each user, unless, user can't get access to my website.
But when a user register with Facebook connect, the publish_action permission can be skipped ; the request is separated from the read permissions.
This is an example of what I dont want: http://i.stack.imgur.com/mbz8g.png
Is there a way to ask to people to allow publish_action and read permissions in the same text box, without "skip" button ?
You cannot require the publish permission to use your app.
No. People must be able to login to your app without granting publishing permissions.
I am working with integration of a website with facebook.
I have a specific requirement where-in the user should get logged-out from facebook if he/she doesn't grant permissions to my facebook-app (on first use).
Now, If user denies access for my facebook-app, I am redirected to the redirect_uri, but the problem is that on the page that handles the redirection, I cannot log the user out from facebook since my app won't have permission to perform logout.
Can anyone please tell me what is the workaround I could try?
I have a specific requirement where-in the user should get logged-out from facebook if he/she doesn't grant permissions to my facebook-app (on first use).
Is this in a very special environment (like a kiosk application or something) …?
Because otherwise, I’d hate it if random apps logged me out of FB while I’m browsing on my own computer, just because I don’t want to connect to them.
Now, If user denies access for my facebook-app, I am redirected to the redirect_uri, but the problem is that on the page that handles the redirection, I cannot log the user out from facebook since my app won't have permission to perform logout.
Can anyone please tell me what is the workaround I could try?
I don’t know any workaround – to perform a log out on behalf of the user, you need a valid access token – doesn’t matter, if you’re trying to do it client-side or server-side.
If that wasn’t the case, any website I’m visiting could log me out of Facebook, and that would be really annoying to users.
We have exactly the same problem. We've developed a kiosk application used to checkin and post HD photos.
If the user does not accept the permissions we need to reload the application because we can't logout the user in another way.
We've tried different ways but no one was successful
Can we customize facebook login/authentication page?
I want to use my own customized pop up for receiving 'Email' and 'Password' input from user so that it is consistent with the GUI of my application. Is there a facebook API to which I can pass the Email/Password details received from user?
Looking at https://developers.facebook.com/docs/reference/api/user/#permissions you cannot "create" new permissions. This has to go through Facebook so they know what permissions have been granted. This ensures that you're not just granting permissions on behalf of a user without them having actively granted them. This therefore stands to reason that you cannot style their page.
Alternatively, you could just make sure users register via an account on your site (You want a password so I assume you don't mean their facebook password) and then ask them to connect their facebook account to it. You would need to ask for their email in your form, get them to login, then connect via facebook and associate their facebook id with their account on your site.
I'm trying to create an app for closeted and questioning youth on facebook, and an important feature would be the ability to be anonymous on the app. I've been trying to find out if people can be anonymous on facebook, but this sounds like it's not allowed. Could facebook users make a new user account within a facebook app to protect their identity?
Thanks,
Colby
No, they cannot create a new facebook account from facebook app. And facebook has nothing to do with making a user anonymous, if user has given your application required permissions then you can have all the information about user, its up to you either you want to make that user an "Anonymous user" or show his profile pic/information.
Some suggestions:
In App Settings > Auth Dialog there is the setting Default
Activity Privacy which you should set to Only Me.
When a user authorizes your app store as little information as is
necessary, and prominently display your privacy policy explaining
what type of information you store, why, and how you will never
share it with anyone.
(optional) Store userids in your database as md5 hashes so that even if someone gains access to that database, they won't know who
the users are.
I'm trying to implement facebook connect to my website, and i have couple questions.
1: Is it possible to register user in my website using his current facebook email/password.
Let's say user clicks on link Register via facebook and then he have to give me permisions to access his password, email, etc... and after that is done i put that info in my own database and he will be able to login with that account any time he wants without needing to give me permisions any time in the future.
2: If that kind of registration is not possible, what's other solution would be the best for me? Because i need to somehow keep track of that user who logged in with facebook, because he can upload photos, send messages etc.
Anyways, i'm quite new with facebook and similar things, so i'm really lost here, hope some one can help me :)
EDIT Thank you all for wonderful answers it helped me a lot, now all that's left is to read documentation :)
Yes it is, it is possible to get the information of the user. But it is rather complicated, when you have never dealt with it.
First you need to send the user to the following link:
https://m.facebook.com/dialog/oauth?client_id=your-client-id&redirect_uri=xxx&scope=listof-information-you-want
Facebook will then return your client to the uri specified, if the user rejected it will give a reason. If it is not you will get an code in urlencoded format.
This code is needed for the following step, the request of the access token:
https://graph.facebook.com/oauth/access_token?redirect_uri=xxx&client_id=xxx&client_secret=xxx&code=xxxx
This will give back an access token, if the authorization didn't fail.
After that you can ask for the information you want:
https://graph.facebook.com/me?method=GET&metadata=true&format=json&access_token=access_token
This will include a facebook uid, which is unique for all users. Store it and you can discern between a register and login.
This is roughly the process for any oauth2 application.
Facebook will not ask repeatedly for permissions after the user granted them to you. So you can store the access token and reuse it for backend stuff and also use the same procedure you use for register for login.
You can never access the user's password from Facebook even with his/her permission, so the user will always have to authenticate via Facebook and have Facebook pass you the user id of the logged in user once authentication succeeds. You can store all kinds of other data locally, but not enough to authenticate the user yourself.
Once the user is authenticated, you'll have access to the user's Facebook user id via the API, which should be enough to connect all kinds of information to that specific user.
Facebook does not provide access to accounts when passwords are taken from your controls. It provides it own canvas for login information. Therefore you cannot use your first approach to store passwords in your databases. Check this out.
You can however store email addresses once user logins into his account using the facebook sdks. Check this out link for the example of C# SDK sample code.
You can use the Facebook APIs to fetch user email-id, photos, friendslist and other information and then play around accordingly.
You don't get access to the users password - only email if you ask for it.
Best way would be to have a table of users and their Facebook account id's.
If you want to allow users to sign up without Facebook then have a nullable field for their password and facebook id, and also have a field for username - which you could populate from Facebook if they register via that route.