I like to request more (extended) permissions using FB API after user is already authenticated. Is it possible to send a valid access token or any other way to NOT login again using the OAuth Authentication?
Url looks like that: https://www.facebook.com/dialog/oauth?client_id={clientid}&redirect_uri={callback_url}&scope=read_stream,publish_actions&display=popup&response_type=token
No, you have to send the user through the login dialog again.
Although, if the user is already logged into your app, he'll get a different (simpler) dialog only requesting additional permissions. This is handle by Facebook automatically.
Related
I have created an App on facebook and I am using this app to authorize an user via dotnetopenauth.
Here I would pass APPID and APPSECRET and get the token which would be used to call Facebook Graph to get facebook user details.
If I'm doing this for the first time, user would be asked to enter username/passowrd on the Facebook website and then the session is created in the browser and it will redirect to my website as a Facebook user. This means that if I open a new tab in the current window and open facebook, user will see his/her page directly without asking for username/password. - this is obvious and understandable.
// code
request = WebRequest.Create("https://graph.facebook.com/me?access_token=" + Uri.EscapeDataString(strAccessToken));
response = request.GetResponse();
My query is:
After the scenario above, if user logs out from Facebook website OR I close the browser window, the facebook session is lost. However, I still have the access token (string in the above code) that I got while authenticating.
So, As of this moment I am not storing any user information from Facebook (not even cookies or anything else). I am just requesting user to authorize my application as a Facebook user. When user does that, I get the access token which I can use it to make calls to Graph and REST APIs. This access token usually remains same, so I really dont need to pass the applicaition id and secret to get the token next time onwards. Actually I can request the graph APIs and REST APIs with the stored token and request user details. I have tested this and works fine.
What I am looking for is, if user opens www.facebook.com, user should see his/her personal facebook page which obviosuly is possible only if I have a session in the current browser. Hence, my question was: how do I use my access token OR what call should I make with my access token so that I can set the browser session for the facebook user? Is it possible technically?
Regards,
AG
No. Your access token is used by your web server to call facebook. It's impossible (and undesirable) for this to impact the user's browser in a way that would set a facebook.com cookie so that the user would be implicitly logged into Facebook by your use of the access token.
I use the Twitter Anywhere API and OAuth to authenticate users on my website. The cookie with the accessToken expires after two hours, which is why the user needs to login and connect to Twitter regularly. The workaround would probably be to store the auth_token in a cookie and provide it the next time the user loads the page after the cookie set by twitter expired.
Now something that is not clear to me: I'm also providing Facebook as an authentification method and somehow it doesn't forget the login. The Facebook JS API doesn't store any cookies on my page, so how does it know that the user is authenticated with Facebook and my application?
are you talking about this? see the channel file portion.
EDIT: Above link has been changed. And, facebook api has changed too.
The Facebook JS API doesn't store any cookies on my page, so how does it know that the user is authenticated with Facebook and my application?
It makes a cross-domain request to facebook.com, to see if there are cookies under that domain that indicate there is a user currently logged into Facebook in some other browser window/tab.
Once it has figured out that a) there is a logged in user and b) this user has used your app before – it logs him in to your app on the fly and gives you a fresh (short-lived) user access token to work with.
I want to connect my web application with the facebook business page. Each time I add a new product to the page I want to post it on facebook wall. I have a facebook application and the page owner username and password. Can I automatically authenticate with the user, pass to facebook and send the post request from server side only? Usually I am logged in with another facebook account when I add products. Also I would like to post when another page user add a product.
You can post to Facebook as a facebook page using the manage_pages permission. You'd need to obtain this permission from a user who is an administrator of the page. There are a few steps to the process, here is a basic summary:
Get an access token from a user who is an administrator of the page
and has granted "manage_pages" to your app. read about authentication
here: http://developers.facebook.com/docs/authentication/
using that access token, make a graph request to
https://graph.facebook.com/me/accounts?access_token=USER_AUTH_TOKEN
You'll get a json response containing all the pages the user administrates, containing their name, category, facebook id, and an auth token - this is what you'll need to post to that page
you can then use this access token to post to the specific page using
https://graph.facebook.com/PAGE_ID/feed?message=POST_MESSAGE&access_token=AUTH_TOKEN&method=post
I just found this blog post which gives you a pretty good explanation
http://developers.facebook.com/blog/post/465/
It sounds like you need the 'offline_access' extended permission.
It is scheduled to be deprecated. Take a look at the following link for more details:
Deprecation of Offline Access Permission
I'm not going to pretend to be an expert on this, but I do NOT recommend trying to login through Facebook's user interface and perform POST requests/HTML scraping on behalf of the user. That procedure would grant you far more functionality than is possible through the Graph API; I don't think Facebook would approve of this.
My situation is this: in my site I have username and password (of my Facebook account) stored in 2 php variables: $user and $password. Now I want to log in my Facebook account with those access data. Then, how can I send user and password to Facebook API without "passing" through the standard Facebook login form?
Thanks :)
Short answer: you cannot do that.
You can't pass username and password to Facebook for authentication. Username and password can only be entered into the Facebook authentication form, either through a redirect or iframe pop-up.
Requesting and storing Facebook user passwords is a violation of Facebook platform policy.
You can get an access token after going through the authentication dialog, and that access token can be used to take actions on behalf of the user or access their Facebook information without further authentication for as long as the access token is valid. Access tokens expire, but you can extend them up to 60 days. They also get rendered invalid through a number of other user actions such as changing the user password or manually evoking application permissions.
Facebook OAuth 2.0 documentation is here: https://developers.facebook.com/docs/authentication/
I receive an access token when a client allows my application on his facebook account. Based on that access token and an url I can print all his friends. I have a question: does this access token appears all the time the user logs in his application? i am asking this because the second time the user logs in in my application where i have a web browser the friend list doesn't pop up because the response from the site does not contain an access token anymore. where am i wrong? how can i check after the user accepts my app that he is online or loged in - if i want to prints his friends.
First thing: sounds like you want to add the scope offline_access because what you are trying to do is really leveraging the FB authentication mechanism.
Also: It is probably easiest to use the FB Connect button and the JavaScript Client API, unless you intend on using the graph or REST API from a back-end server.
If you ARE intending to use back-end API integration read this paragraph:
I have found it helps to ensure that you are using a proper authenticate URL (I use www.facebook.com/dialog/oauth but others have worked in the past..). Just don't use an authorize only URL, or users will be forced to grant permissions repeatedly (never really understood that 'feature'). Next redirect the user to the URL with a request token, and keep your request secret on the server side (or well encrypted if on the client side). After login, you receive the callback with an OAuth Verifier. Access verification URL graph.facebook.com/oauth/access_token with the Verifier and you will receive the OAuth Access Token. Save that token, as well as the user id.
As for checking that the current user is logged in, and/or has authorized your app and/or has friends using your app:
Have a look at FB Connect API:
http://developers.facebook.com/docs/guides/web/#login
call FB.init first, and then when you call FB.getLoginStatus, you will get an OAuth Token if the current user is logged in to FB and has previously authorized your app (either via the Connect Button or OAuth flow):
$wnd.FB.getLoginStatus(function(response) {
if (response.session)
var authToken = encodeURIComponent(response.session.access_token);
});
When executed in conjunction with the authenticate flow mentioned, users that have already authorized your application will get the same OAuth Access Token returned from previous calls, that you can use with the JS Client, Graph, or REST APIs.