Question in simple, I have facebook app, thich is basically my site 1:1, but in facebook iframe.
I want to show a user a registration form after he logs in with facebook, containing the most common fields - username, email, password. After registration, I want to save facebook ID and create profile for this user.
Isn't it against facebook TOS to ask for username / password / email after user has entered site through facebook?
Thabks
Why should it be against anything? They don't have to fill this form and proceed with registration on your website, so they're not really forced to do this.
In your FB app's settings, on App Details page there are textboxes for link to privacy policy and terms of service of your app. I think that you have to write in your own PP and TOS why you're asking for this data and what about privacy and all this stuff. And, of course, you should link to your app's PP and TOS on register page, or even "everywhere" in the footer so users will by able to check them easily.
Related
I and a friend are developing an app and would like to use Facebook as a way of users having their own accounts without us having to ask them to store passwords or make users for security and ease of use.
Passport.js has a facebook plugin but it talks about a redirect URL so my question is: is it actually possible to just send information like email address and password to facebook for authorisation and return the users profile without actually redirecting the user to a facebook login page.
I don't see how i could redirect the user to a facebook login while inside my app and also what on earth would i put as the callback URL? Am i just trying to use passport-facebook in the wrong way?
is it actually possible to just send information like email address and password to facebook for authorisation
No. Users are strongly discouraged from giving this information to any 3rd party app, and you are not allowed to ask users for them.
Login with username/email and password happens on Facebook, not in your app. You will get feedback from the login endpoint then that they logged in successfully.
Facebook is blocked by my company firewall but I want to develop an app where in employees can click a link we send it to their email and provide access to their facebook account and update. Firewall blocks facebook.com so I cannot have users type their username and password on facebook.com url. Can I have users type in their username and passowrd on internal website using which the app will login and get access?
it goes against the purpose of oauth to take the user's password and use it to log in as that user. oauth is designed so that the user will never have to disclose their password to your app but still be able to provide your app with some of their own facebook data. this way, only the facebook data which the user chooses to share will be available to your app. also the user may choose to allow your app to publish on their behalf, see here for the details.
my suggestion would be to get the users to authenticate your app from outside the work network (where the facbook.com url is available). this way you can still post on their behalf and your app can get certain information from their profile to relay on to them without you ever needing to know their password.
Can we customize facebook login/authentication page?
I want to use my own customized pop up for receiving 'Email' and 'Password' input from user so that it is consistent with the GUI of my application. Is there a facebook API to which I can pass the Email/Password details received from user?
Looking at https://developers.facebook.com/docs/reference/api/user/#permissions you cannot "create" new permissions. This has to go through Facebook so they know what permissions have been granted. This ensures that you're not just granting permissions on behalf of a user without them having actively granted them. This therefore stands to reason that you cannot style their page.
Alternatively, you could just make sure users register via an account on your site (You want a password so I assume you don't mean their facebook password) and then ask them to connect their facebook account to it. You would need to ask for their email in your form, get them to login, then connect via facebook and associate their facebook id with their account on your site.
How can I get the Facebook user id when a user visits my website? I assume I need to read the Facebook cookie. How is that done?
The reason I want to grab the Facebook user id is I can then check my website's database to determine if the user has linked their Facebook account to my website and thus auto log them in.
I am assuming this is the key to how sites like Groupon are doing their auto log on.
You can't directly read the Facebook cookie, as that would violate various security features of cookies. What you're looking for instead is probably the Facebook login buttons. This should get you started: http://developers.facebook.com/docs/guides/web/#login
I'm developing a website where the user can either sign up creating his own profile or can sign in with FB or Twitter.
The thing is I don't really know how to manage it, for example: let's say my user signs up through the website and creates content, what happens if the user later decides to sign in with FB or Twitter? How can I keep it all unified?
I know I could just do the Twitter sign in, get the data from twitter and create a profile in my DB for the user with his Twitter handle, don't know how I'd deal with later if he wants to just log in through the site.
Anyone have any ideas?
So he later signs in with Twitter or Facebook. I think you have a couple of options in this case. Allow the ability to link accounts together once the user signs in with any one method. Say they sign in with your sites registration, let them hit a page where they can add in other linked accounts like Twitter and Facebook once they are in their logged in state on your site. See the friendfeed model for inspiration. Or, like we did with ucubd.com/index.aspx - let the user sign in with facebook and regsister an account on their behalf and ask for their email as the login credential. If it's found - great. If it's not ask for a password. This will allow the user to either login with your sites registration method or through facebook. You will have the information in your database to link both of them together.
Every account on your system will have an e-mail address. Every account with FB, Google, Twitter is also linked to an e-mail address. What you will need to do is link the accounts based on e-mail address. That way you will never get duplicate accounts.