Facebook OAuth flow on ios for public device - facebook

I'm working on an ios app targeted for device at public place.
I need the facebook sharing functionality, which means the user login session should be deleted immediately after user finished sharing. But when user login, the log in session is kept in Safari. Although I call logout from app, the user is not actually logged out in browser.
Is there any way to fix this?

Related

Keycloak Device Tokens Support?

I read this question that was asked since 2014-2016. Right now is still not support?
https://lists.jboss.org/pipermail/keycloak-user/2016-February/004821.html
http://lists.jboss.org/pipermail/keycloak-dev/2014-January/001116.html
From link above. Here's my thoughts on device mgmt, both UI and protocol:
Scenario:
An iOS device as a "Brokerage App" installed. The app needs to do REST
invocations to be able to trade stocks, etc. Devices must be registered
in order to obtain permission. Flow would look like this:
User installs app on iPad.
User hits login button on app.
User is redirected to browser with a Keycloak server URL
User enters in credentials
User is redirected to "Device Registration" page. Keycloak asks user
if it authorizes access to the device.
Keycloak registers the device under the user and generates a device token
User is redirected back to iPad ap
iPad app gets auth code from redirect URL
iPad makes REST request to obtain auth token AND a device token.
iPad app stores the device token.
Thanks

iOS Facebook Login Fast-App Switch Stays on Facebook App

I'll preface this by saying that this bug is difficult to reproduce and I have not been able to find a pattern for when it occurs.
When a user selects the Facebook login option in my iOS app, the app fast-switches to the Facebook app, and will stay in the Facebook app on the News Feed. Then when a user returns to my iOS app, and attempt to Facebook login again, it will fast-app switch and the login will continue as intended. When this bug occurs, it always fails, and then works reliably on the following attempt.
Make sure you have "fbXXXXXXXXXX:" in your plist
XXXXXX = you app id
When the app switches back it needs to know where to go, your app needs to respond to the url correctly.

iOS Facebook SDK,how to login within App , not in safari

Is it possible to use the Facebook iOS SDK to authenticate within an app (not go to Safari), and also keep those authentication credentials for the next launch of the app?
I have usedFacebook SDK sample code SessionLoginSample to check . It opens the Facebook login account in the safari....I want it to open with-in the app ..
I am not using FBConnect as it is been expired ...How to use it for the Facebook SDK
of
https://github.com/facebook/facebook-ios-sdk ...its sample code
https://github.com/facebook/facebook-ios-sdk/tree/master/samples/SessionLoginSample
this sample code here~~
The Facebook iOS SDK will open within the app provided your user is on iOS 6 and has their Facebook account setup within the device. Otherwise, it will gracefully fallback to the Facebook App (if installed) and then only to Safari. From the SDK Docs:
The native Login Dialog is available after a user has logged into
Facebook on their device. If the device isn't connected to Facebook,
the native Login Dialog isn't available and permission requests will
be made via the fast-app-switch to the Facebook app (if installed) or
Safari. The Facebook SDK methods [...] will seamlessly fallback to
this fast-app-switch behavior.
If your user has neither Facebook configured on their iOS 6 device nor the Facebook app installed and you still want the login to happen within your app, your best alternative might be to pull up a UIWebView pointed to your own server somewhere that carries out a server-side login.
Bear in mind a big disadvantage of a UIWebView-based approach is that your UIWebView does not share cookies with Safari so even if the user is already logged in within Safari they'll still need to re-enter their username and password again in your app. I'd be a little hesitant to do so in a third party app since there's no way to know if they're spoofing the Facebook site and phishing for my credentials.
FBSDKLoginManager *login = [[FBSDKLoginManager alloc] init];
login.loginBehavior = FBSDKLoginBehaviorWeb;

Logging into our site as part of FaceBook authentication on iOS

When a user clicks on the login with Facebook button on our website, we call:
https://www.facebook.com/dialog/oauth?client_id=xxxxxxx&
redirect_uri=http://xxxxx.com/Account/FBLogin&scope=email,publish_stream
Inside of our FBLogin (string code) method we do two things. First we call:
"https://graph.facebook.com/oauth/access_token?client_id=xxxxxxxxx&
redirect_uri=http://xxxxxx.com/Account/FBLogin&client_secret=xxxxxxxxxxxxx&code=" + code;
Then, if the FaceBook login was successful, we login the user into our site.
What is the equivalent of this workflow in iOS? We basically want to authenticate the user on our servers as part of the Facebook authentication. So when the Facebook authentication returns successfully, our user is also logged into our system.
Many thanks!
If you're using the Facebook iOS SDK, the SSO (single sign on) workflow is more like the Javascript SDK's workflow because the user is presented with what's similar to the JS SDK's popup: either in the form of a UIWebView, Safari Browser, or Facebook app (depending on the user's setup).
One of the most compelling features of the iOS SDK is Single Sign-On
(SSO). SSO lets users sign into your app using their Facebook
identity. If they are already signed into the Facebook iOS app on
their device, they do not have to type a username and password.
Furthermore, you can get permission from users to access their
Facebook profile information and social graph.
SSO primarily works by redirecting users to the Facebook app on their
devices. Since users are already logged into Facebook, they will not
need to enter their username and password to identify themselves. They
will see the Auth Dialog with the permissions that your app has asked
for, and will be redirected to your mobile app with the appropriate
access_token.
Developers should be aware that Facebook SSO will behave slightly
differently depending on what is installed on a user's device. This is
what happens in certain iOS configurations:
If the app is running in a version of iOS that supports multitasking,
and if the device has the Facebook app of version 3.2.3 or greater
installed, the SDK attempts to open the Auth Dialog within the
Facebook app. After the user grants or declines, the Facebook app
redirects back to the calling app, passing the access token,
expiration, and any other parameters the Facebook OAuth server may
return.
If the app is running in a version of iOS that supports multitasking,
but the device doesn't have the Facebook app of version 3.2.3 or
greater installed, the SDK will open the Auth Dialog in the Safari
mobile browser. After the user grants or revokes the authorization,
Safari redirects back to the calling app. Similar to the Facebook app
based authorization, this allows multiple apps to share the same
Facebook user access_token through the Safari cookie.
If the app is running in a version of iOS that does not support
multitasking, the SDK uses the old mechanism of popping up an inline
UIWebView, prompting the user to log in to Facebook and grant access.
The FBSessionDelegate is a callback interface that your app should
implement: The delegate methods will be invoked when the app
successful logs in or logs out. Read the iOS SDK documentation for
more details on this delegate.
... when the user finishes either signing in or not signing in and returns to your app from the "popup", your app has to decide what to do based on whether or not the user logged in/authorized the app (and a valid access token received).
Please read this for more info:
https://developers.facebook.com/docs/mobile/ios/build/#implementsso

iOS: Tapping on Facebook app login does not bring up allow/don't allow options for my app

Problem:
I run the sample iOS SDK code for facebook connect. When Facebook app is not installed, the sample app authenticates through Safari just fine and the sample app is able to post successfully.
When native Facebook app is installed, the sample app causes the Facebook app to be launched for authentication which shows a page that is requesting login for the demo app. When I press the login, it brings up another window that has the allow/"don't allow" options. So far so good. The problem is that if I logout from within the sample app (i.e., [_facebook logout:self]) and try to login again, pressing the "login" button in the Facebook app does nothing (it's supposed to take you to the allow/"do not allow" page).
I have specified the App-ID in the sample app and I have included the fb[app-id] (e.g., fb1234) in the plist under 'URL Types' (otherwise, the Safari authentication would not have worked either).
Any help is appreciated.
It does not take you again to the "allow/don't allow" page because the user already gave permission to the app. The only way the page can show again is when the user revoke the access from the Facebook admin panel. I'm not sure if there's a part of the API that can actually revoke the access of the app from the iOS SDK.