I am trying to use native facebook app's authentication credentials in browser. Planning to use fb://authorize URL scheme, it seems it is not working.
Is there any way I can use native facebook application user credentials instead of asking the user to login again within the browser?
You can only do this with a native application on the device whose identity (bundle id on iOS, keyhash on Android) has been registered with Facebook. In all cases the identity of the native application is verified, the user must approve the permissions requested by the application, and the user has the ability to revoke these permissions in privacy settings.
It would violate users' privacy if it were possible for a web site to find out the identity of a user just because they had the Facebook app on the same device they were using to browse the internet.
Related
I have an AWS Cognito User Pool set to federate authentication to Facebook and Google. It works fine with Google, not with Facebook.
When I click on "Continue with Facebook", the URL changes to "https://m.facebook.com" and the pages displays "Can't Load URL: The domain of this URL isn't included in the app's domains. To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings."
I find that puzzling because I believe I've properly configured the settings this error references.
Here's my app settings in facebook's developer console, the app domain is set. It has the format <domain prefix>.auth.<aws region>.amazoncognito.com to match the hosted UI of the AWS Cognito User Pool.
Here's my app's OAUTH settings in facebook's developer console. Note the URLs are the app domain prefixed with https:// and in one of the two URLs it's appended with oauth2/idresponse just in case, since Cognito seems to append that at least when it federates to Google.
This facebook app also has a website set in the FB developer console as follows:
I've followed AWS documentation for federating a Cognito User Pool to Facebook available here
The facebook app status is "Off: In Development". I assume that is acceptable, the app is not ready to be publicly available yet I need to be able to test authentication.
From the documentation https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-configuring-federation-with-social-idp.html. You should add Site URL as https://{your-user-pool-domain}/oauth2/idpresponse
Step 9: Under Website, type your user pool domain with the /oauth2/idpresponse endpoint into Site URL.
https://<your-user-pool-domain>/oauth2/idpresponse
I am integrating facebook iOS SDK 4.0 in my mobile app. I came into scenario where user logged into our mobile app with facebook credentials, after some time the user changed his password and Firstname in facebook. Now How do I track this change in mobile app? and redirect user to validate facebook credentials in mobile app?
In both v3 and v4 of the SDK, the access token is cached locally on the device (by default), and the only way to know if it's still "valid" is to make a graph request.
You can make a /me or /permissions request during app start if you have a cached token, and check for errors, and prompt the user to re-log in if the token is no longer valid. There are also some auto-error recovery mechanisms built into the SDK, see https://developers.facebook.com/docs/ios/errors.
I have an android app and a web interface for my user to interact with my system. I managed to make the user Login through Facebook LoginButton into my App and now I would like to register it on my own database.
Just to confirm: It is possible to use the same Facebook Application both on the Android App and on the Web, right?
Which user's information(s) should I store on my database so if the user Logins either on my app or my web interface, my system will be able to recognize him? I though about the facebook username, but I was told it may change...
Thanks in advance.
Just to confirm: It is possible to use the same Facebook Application both on the Android App and on the Web, right?
Right. In the Settings tab you can click Add Platform and select the platform where you want to integrate.
Which user's information(s) should I store on my database so if the user Logins either on my app or my web interface, my system will be able to recognize him?
The facebook unique id should be stored in the database. More specifically (considering the recent changes in the API) - app-scoped user id must be stored in the database. This id is unique for a user using an application. So when a user logins to the application using app/web you can recognize him with this id. You can get the user id with : /me API call.
Hope that helps!
Facebook is blocked by my company firewall but I want to develop an app where in employees can click a link we send it to their email and provide access to their facebook account and update. Firewall blocks facebook.com so I cannot have users type their username and password on facebook.com url. Can I have users type in their username and passowrd on internal website using which the app will login and get access?
it goes against the purpose of oauth to take the user's password and use it to log in as that user. oauth is designed so that the user will never have to disclose their password to your app but still be able to provide your app with some of their own facebook data. this way, only the facebook data which the user chooses to share will be available to your app. also the user may choose to allow your app to publish on their behalf, see here for the details.
my suggestion would be to get the users to authenticate your app from outside the work network (where the facbook.com url is available). this way you can still post on their behalf and your app can get certain information from their profile to relay on to them without you ever needing to know their password.
Assuming it is possible to transfer the Facebook API access token from some web app to my mobile app (via physical storage or network), will my mobile app be able to use that token as a regularly acquired token (as if the mobile app itself requested the token from Facebook)?
Is this procedure allowed in the Facebook API's terms of service?
Will the mobile app be able to cache that transferred token and use it as its own?
Basically, what I want is for the user to do Facebook Login and authenticate on one machine, and use the acquired token on a different one (e.g mobile app).
Is there a better way of doing this?
You can set your mobile app to go through facebook's oauth steps onload and if the user has already authenticated the app, he will get logged in right away, since you'll get an access token at this point of time, save that in the mobile app.
Automatic login triggers are now being used on both stackoverflow and quora. (if you sign up here through facebook, when you visit the site, you'll get signed in again - same for quora).
Also, access tokens grant access to a particular 'facebook app'. If your mobile app uses the same app id, then you can certainly reuse the same access token on the mobile device.
yep, we can reuse it. I got an access token from mobile app then it's applicable on web browser.