I am currently developing an app on Android using phonegap and would like to use Facebook in the app. I have created an app on Facebook called say "Test". When I am not logged into "Test" but I am logged into Facebook (Facebook app on the Android device) and run the getLoginStatus() function I get a response of unknown instead of not_authorized. Thus my first question is this intended? Am I meant to get a response of unknown or is this an error from phonegap and I'm meant to get a response of not_authorized.
The second question is, when I login into the Facebook app called "test" everything runs as it should (Facebook user gets registered for "test"). When I call the getLoginStatus() function it works perfectly fine and says I'm connected with no problems.
BUT
If I go into Facebook and remove the app "test" from my FB account and then run the android app again and run the getLoginStatus() function is STILL says that I have the app "test" registered to my Facebook account but this is no the case!! Note that I do in the code make sure that I call the server every time instead of using a cached result by the JS SDK. Now my Second question is. Is this meant to happen? Or if not is it a Facebook or Phonegap problem (Phonegap either keeps getting the cached response or Facebook doesn't update their side quick enough?)
Here is code:
function getLoginStatus()
{
FB.getLoginStatus(function(response)
{
alert(JSON.stringify(response));
alert(response.status);
if (response.status == 'connected')
{
alert('logged in');
FB.api('/me',function (response) {
if (response.error)
{
alert('There is an error');
}
else
{
alert(response.name);
}
});
}
else
{
alert('not logged in');
}
},true);
}
Any response would really really be appreciated!!
When I am not logged into "Test" but I am logged into Facebook (Facebook app on the Android device) and run the getLoginStatus() function I get a response of unknown instead of not_authorized.
not_authorized: You get not_authorized when the user is logged into facebook but has not authorized your app. If you transfer the guy to facebook homepage, he enters username and password and cancels authorization, thereafter you get not authorized. IF the guy is logged into facebook,and your app hasn't transferred him to fb to authorize yet, you still get not authorized
https://developers.facebook.com/docs/reference/javascript/FB.getLoginStatus/
unknown: If the user is not logged into facebook, you get a status of unknown.
So logged in, not authorized : not_authorized
Not Logged in: unknown
If I go into Facebook and remove the app "test" from my FB account
I am guessing it takes a while for these changes to propogate. If the user has authorized the app in the current context, it will stay authorized for a while(or until he logs off). I don't think there's anything wrong with this personally
This is not a phonegap issue. unknown is one of the valid responses from the getLoginStatus function. See the facebook API documentation for information about this funciton. There, they describe the unknown response as:
the user is not logged into Facebook at this time and so we don't know if they've authenticated your application or not (unknown)
As to your second question, the problem you are seeing is because by default, the getLoginStatus function caches its response for performance reasons. However, they provide you with a way to force a refresh of the status. You can do this by passing a second parameter, Force into getLoginStatus.
FB.getLoginStatus(function(response) {
// this will be called when the roundtrip to Facebook has completed
}, true); // The second parameter, called 'force' by default is False. True signifies that you want to force a call to the server so you can see the latest login status.
You can read more about that Force parameter by looking at the above API documentation link and searching for the 'Force' parameter.
By the way, I had temporarily deleted the answer as I had answered without knowing how to respond to the second question, but undeleted it after finding out the reason behind your issue.
Related
We are developing a website at www.bodecanada.com. One of the login methods we provide is facebook. We also try to keep track of whether the user is logged into facebook or not when refreshing the page or opening the site in a new tab. We do this by calling FB.getLoginStatus() (from the Facebook js sdk). However, we are finding that in a few cases--for example, when opening the site in a new tab in Safari--the response status that comes back from FB.getLoginStatus is 'unknown'. The Facebook SDK documentation says this about the 'unknown' status:
FB.getLoginStatus() allows you to determine if a user is logged in to
Facebook and has authenticated your app. There are three possible
states for a user:
The user is logged into Facebook and has authorized your application. (connected)
The user is logged into Facebook but has not authorized your application.(not_authorized)
The user is either not logged into Facebook or explicitly logged out of your application so it doesn't attempt to connect to Facebook
and thus, we don't know if they've authenticated your application or
not. (unknown)
We are dealing with #3 in this case. However, when I visit facebook, I find I am not logged out. But at the same time, I am not "explicitly logged out" (meaning FB.logout() is called) from my site. So why is it returning 'unknown'?
One solution I found on google says to add cookies: true to FB.init() in order to enable 3rd party cookies, so I did so:
FB.init({
appId : process.env.FB_APP_ID,
cookie : true,
xfbml : true,
version : 'v2.2'
});
But this doesn't change anything.
So why does FB.getLoginStatus() return 'unknown' for the response status when I open the site in a new tab?
Thanks.
I had the same issue when I closed and reopened the browser again. What I did is put the fb.login function if the status is unknown. But, emergent windows must be enabled in the browser:
function statusChangeCallback(response) {
if (response.status === 'connected') {
userId = response.authResponse.userID;
accessToken = response.authResponse.accessToken;
var userinfo = getUserInfo(userId);
} else if (response.status === 'unknown') {
FB.login(function(response) {
statusChangeCallback(response)
}, {scope: 'public_profile,email'});
}
}
I'm getting the same issue, also using "cookie: true". But.. if I put the call to FB.login into the "status === 'unknown'" block, I get a blocked FB oauth popup - that is an empty window. I know I'm logged into Facebook (it's in the next tab over), I just don't understand why FB.loginStatus always returns "unknown".
In my mobile app made with the meteor js, when the user login with facebook and try log out, when the user access the app again he has logged automatically. By the way, the user was not logged out.
This is my log out code:
Meteor.logout(function () {
// redirect to login page
});
Try removing the meteorlogintoken from local storage. You may also need to remove the resume token from a user in the users collection (if one exists).
Can’t say for sure as I don’t use Facebook with meteor but the above works for a standard meteor user
To further help diagnose the problem, you can test if the call to Meteor.logout returned an Error in the callback, something like:
Meteor.logout(function(err) {
if(err) {
console.error(err);
} else {
// Re-direct to login page
}
);
See: https://docs.meteor.com/api/accounts.html#Meteor-logout
Perhaps I am going about this the wrong way but I have a website that allows facebook login.
If the user has already registered on my website
and is logged into facebook but not logged into my site
when visiting the login page i check for their facebook login status and get response.status === 'connected' via-
FB.Event.subscribe('auth.authResponseChange', function (response)
{
if (response.status === 'connected')
{
var s = JSON.stringify(response.authResponse);
LogMeIn(s, function(response)
{
HandleAjaxError(response, function(msg)
{
window.location = '/_/';
});
});
}
}
I then want to pass their authResponse object to the server and confirm that this userid works with this token before I log them in as this user
I have read to simply grab the json contents of -
https://graph.facebook.com/{userID}?access_token={accessToken}
and if it does not return an error then it is good! But when testing this method I noticed that the same access_token worked for two different user ids (meaning it did not return an error for the userid that was not logged in on my computer). Instead it returned the facebook user object with name , location etc.
This really surprised me, as I expected the access_token to work only with a single user id.
In an effort to prevent someone from simply changing the user id before continuing the script I need to authenticate via server side. What is a way to accomplish this?
Proof, go to these links to see profile information
My profile-
https://graph.facebook.com/1233822590?access_token=CAACCBJJZBgjABAOGmvmsou8gMYGulLHTgAr5ZCHZAU7pKEp0cMAeX8r4qHLpiVuZCOT1v0ulMZAxX5YfLJkcZBr9l6qJQoPxWS5Fs5ndohDnH6ZAPPfZCZCTQtwWgAZAg6I1PAOIpdtCc0OUaMmBZAvGiMm9gQhmNXRbocZD
Another userid with same access_token-
https://graph.facebook.com/100000116781159?access_token=CAACCBJJZBgjABAOGmvmsou8gMYGulLHTgAr5ZCHZAU7pKEp0cMAeX8r4qHLpiVuZCOT1v0ulMZAxX5YfLJkcZBr9l6qJQoPxWS5Fs5ndohDnH6ZAPPfZCZCTQtwWgAZAg6I1PAOIpdtCc0OUaMmBZAvGiMm9gQhmNXRbocZD
Nothing to be surprised. You can fetch the basic details of any user of the facebook using the access token of any user of the facebook.. So this isnt really good way to validate the token. Moreover, that confirmation of token part isnt required.
If you want the authorization through server side go through.this link
I created an Android App with PhoneGap:Build and the FB Connect Plugin. The app works fine and the FB Plugin, too. Just one tiny thing isn't working yet. I won't to post something after submiting a button which works, too. At the first time the user has to login and grant permissions to the FB App and them the post is published. That's the way it should be. And the next time the user submits the post should be published without the whole permission thing but this isn't working!? FB shows a message like "You already granted permission ... to the app." and the user has to push the Ok-button before the post is published???
Because I still haven't found an answer for my question, maybe I just do something wrong in my FB Javascript call? Here is the current code:
FB.login(function(response) {
if (response.authResponse) {
var data = {
...
}
FB.api('/me/feed', 'post', data, function(response) {
// Callback
if (!response || response.error) {
// ERROR
}
});
} else {
// ERROR
}
}, {scope: 'publish_stream'});
Well, to better understanding here a picture of the screen that apears every post:
http://i.stack.imgur.com/bZrde.png
Thx,
Daniel
I think the solution to this problem is to not include the login request every time you want to post something. You can check login status, and/or permissions, without performing a login. Then, if the user is not logged in, do the login first, and come back to the new post action.
UPDATED TO BE MORE CLEAR (hopefully :)):
Related to this page, specifically the SSO section: http://developers.facebook.com/docs/authentication/
You've got the option Facebook says to use either that facebook connect button (whatever connect means nowdays with Facebook is a grey fog to me now) or just roll your own image as a button and on click call FB.Login().
So I tried the facebook button route which lead me to a complete brick wall. I mean I can get it working, auth, login, all that but I have no clue how to pass extended permissions through this entire process with the button:
window.fbAsyncInit = function () {
FB.init({ appId: facebookApplicationID, status: true, cookie: true, xfbml: true });
FB.Event.subscribe('auth.sessionChange', function (response) {
...rest of code
Ok, how do I attach extended permissions to this call? Of course you can do it easily if using Login() but why doesn't facebook show any examples or state whether the perms parameter exists in terms of placing it somewhere in this process of using that button!
related links: http://forum.developers.facebook.com/viewtopic.php?pid=248096#p248096
I don't even know why they have that button in here when it looks to me like most everyone is just simply calling Login() inside the Init. I assume then calling Login() still manages the SSO in terms of cookie, etc.?
Is anyone using this button or are you just going with FB.Login() ?
I'm running this in an iframe on our own hosted website...not embedding code into the facebook site itself (which I believe is called canvas right?).
RTFM. Yes, I mean friendly.
Right below the Single Sign-on section is the Account Registration Data section and I've copy-pasted this from there.
<fb:login-button perms="email,user_birthday"></fb:login-button>
Not exactly sure what you are trying to accomplish here. If you want to get information about your user or take actions on their behalf on Facebook, you need the user to tell Facebook it's okay to do so (this only needs to happen once) which is why you need to you call FB.login as described here: http://developers.facebook.com/docs/reference/javascript/FB.login.
FB.login(function(response) {
if (response.session) {
if (response.perms) {
// user is logged in and granted some permissions.
// perms is a comma separated list of granted permissions
} else {
// user is logged in, but did not grant any permissions
}
} else {
// user is not logged in
}
}, {perms:'read_stream,publish_stream,offline_access'});
They need to enter in their password to prove it's really them to authorize your app. If you need extended permissions, the second parameter in FB.login allows you to do this.
If the user is already logged in to Facebook (for example in another tab) then there's no need to log in and the login screen should be skipped. If the user is both logged in an has already authorized your app then there's no need to call FB.login.
You check check the user's login status (and permissions) with FB.getLoginStatus: http://developers.facebook.com/docs/reference/javascript/FB.getLoginStatus before deciding whether or not to call FB.login.