I have a website where users can log in with the Facebook oAuth API.
Once the user logs in or registers via Facebook it is stored in my database.
But what I'd like to achieve is, once the user goes to his Facebook application settings page and removes my website app permissions, the used should also be deleted from my database.
Is there any work around to this problem, if this is not possible via the Facebook oAuth API?
You can add Deauthorise Callback URL by Navigating to Settings > Advanced section of your application. Whenever a User Deauthorises your Facebook app, Facebook performs a HTTP POST of signed request to your URL. You may use the field user_id to determine which User has deauthorised your app.
Actually, I would do the following:
Add a date to his last log in to your site.
Have cron job check for old, unused accounts.
Send an email to the user's email address (or Facebook message mail) telling him his account is due to expire soon.
Delete account from database.
Related
I'm using HybridAuth with Laravel. How can I allow the user to choose a (different) Facebook account after logging out of my UI?
Currently, when the user logs out then in, it auto logs them into my site because they have received a token previously. They are not given an option to log into a Facebook account. Therefore, the user can only use one Facebook account with my site, ever. I tried deleting session data as well as $hybridAuth->logoutAllProviders(); and it still happens.
I could set the Force Web OAuth Reauthentication setting in Facebook for my app, but I don't want the user to log into Facebook every time they visit my site. I would like them to be able to switch Facebook accounts they want to use with my site.
I get expected behavior when logging as a Google user. Thanks for any advice!
Facebook is blocked by my company firewall but I want to develop an app where in employees can click a link we send it to their email and provide access to their facebook account and update. Firewall blocks facebook.com so I cannot have users type their username and password on facebook.com url. Can I have users type in their username and passowrd on internal website using which the app will login and get access?
it goes against the purpose of oauth to take the user's password and use it to log in as that user. oauth is designed so that the user will never have to disclose their password to your app but still be able to provide your app with some of their own facebook data. this way, only the facebook data which the user chooses to share will be available to your app. also the user may choose to allow your app to publish on their behalf, see here for the details.
my suggestion would be to get the users to authenticate your app from outside the work network (where the facbook.com url is available). this way you can still post on their behalf and your app can get certain information from their profile to relay on to them without you ever needing to know their password.
I am creating an app in which you can login via Facebook, Twitter, or our own internal mechanism. The issue is the following scenario:
I open the app and login using Facebook
I logout
I open the app and login using Twitter
The above scenario will result in me as a user having two accounts in the system. How do I prevent this from happening so that I have one account and it doesn't matter whether I login using Facebook/Twitter?
Every time a user login using Facebook I am as well creating an internal account, with the Facebook username and Facebook id as password. The same thing when I login using Twitter I am creating an internal account with the Twitter user name and id as password.
An idea came in my mind to solve this:
When a user logs in using Twitter check the name and email if a user with that information already exists in the database. However, the name and email they use in both Facebook and Twitter might not be the same, so this might not work all the time.
You can't make this work with your current flow (when the user logs in then logs out again). Instead you should allow a user to login with either their Facebook or Twitter credentials and then, whilst they're still logged in, get them to associate their account with their other service with that user.
So, the flow would be something like:
New user arrives at site User logs in with Facebooks oauth2
mechanism
Your server receives their FB ID and generates a new user
in your systems. Stores their FB ID against that user.
You prompt
the user to add their twitter auth credentials. User logs in with
Twitter oauth2 mechanism
Your server receives their twitter ID,
checks to see if a user is currently logged in with your
application. Because there is, you save the twitter ID agains the
current user.
Later, the user can log out and then log in with either service.
We have users that logged in to our website through Facebook Connect. Now we'd like to contact those users about changes as we indicated in the signup process, but we don't have their email addresses. Only their Facebook ids.
How can we contact them? I understand Facebook removed 3rd parties' ability to send notifications through Facebook's API. We can send them a message through the API either.
So I guess we're left with posting to their wall from a user account of ours. I assume there's a low limit to how often we're allowed to do that and is that even permitted? Or we can make an application request from this designated facebook user account which would show up in their notifications.
Finally, we could manually go to the user's profile page and then click the "send a message" button from our facebook user account... A lot of manual work and I assume this is frowned upon as well. Is there an easy way to find out the profile page URL from a Facebook id?
What's the best approach here where we don't break any rules?
If you are getting stream_publish extended permission in your profile then you can simply post on there wall see this http://developers.facebook.com/docs/reference/rest/stream.publish/
Alternatively this can be a better solution if the user do not granted any extended permission
http://developers.facebook.com/docs/reference/rest/livemessage.send/
you should get "offline_access" from the facebook user requests to post at anytime.
HI, I hava a website in php where i have integrated a Facebook Connect API which enabled the Facebook login button.
I login using the button by providing my Facebook credentials. It gets logged in. I can access my profile picture, full name and some other information. But i can't access the user email id i.e. the Facebook user id. I have checked the FBML page here but i didn't get any tag that may give me the user id. I guess that Facebook might not allow me to get the id.
Please help me how to get the Facebook user id from the Facabook Connect API.
Apparently, Facebook uses an numeric increment ID instead of email addresses to uniquely identify each User entity. By Facebook API policies, email addresses are protected to prevent spam and other issues.
In order for an application to get the email addresses of a Facebook User, you will need special permissions from the User. See the API for such permissions.