The existing website uses Facebook OAuth for login. The plan is that soon that certain events on the site will be posted to the user's timeline. The "userA watched xxx" kind of thing.
We're also at the stage of starting an iPhone app to connect to the website's data API. If the user has authenticated to the website with the mobile app using the facebook login:
would the mobile app need access to the Facebook oauth keys? I'm guess not, as the user would do something, and the website would have the credentials stored to post to facebook, but I'm not sure.
would there in fact be 2 apps, one that is facebook based and one that is not?
Apologies if this is really basic information I'm asking, but I've not developed Facebook apps previously and the information I look at isn't always clear.
In my apps, I code two authentication flows, one for facebook users, and one for users without facebook (this is the typical, create your account, and subsequently login with your username and password). So one app, two login flows.
Regarding the app accessing the Facebook oauth keys, if you are coding with the Facebook iOS SDK, you won't even need to worry about the oauth key itself, as it's totally encapsulated by the SDK. You'll simply invoke methods to trigger authentication, and then once the user is authenticated, you can call other methods to invoke certain aspects of SDK/API.
The Facebook iOS SDK supports all the functionality you'll need to make the posts directly from the app itself. You won't need to make an API call to your server, to then make a second call to the Facebook API. Just handle all that from the app directly. So if your app does depend on a successful API call to your server, prior to posting to Facebook, make that API call, wait for the response (that either includes additional data, or a success:true flag), and then make the post to the Facebook via the Facebook iOS SDK.
The Facebook iOS SDK docs are AWESOME these days, and the code samples are even better. Check them out at:
http://developers.facebook.com/ios/
Related
I have a JavaScript script that fetches data of a Facebook Page URL and puts it in a form. It works perfectly as long as I am connected to my Facebook Developer Account, and that I use the corresponding App ID.
My question is: can I make this public? Without need to be connected to my Facebook account? I want users on my website to be able to use this feature but I can't figure this out, and I'm now wondering if it's even possible.
This concerns Pages specifically (not Events).
You either have to make users login to your app (so that you can use their access token to request the data),
or you need to move it to the server side, so that you can use either an app or a page access token (both of those should never be exposed in client-side code.)
I'm writing an API for our product and I'm trying to understand how some basic OAuth works with regards to mobile apps that might leverage our (to be created) api.
Lets imagine that our website currently allows a person to LogIn to our site via Twitter OAuth.
On the callback from Twitter, our server retrieves the twitter OAuth result and if all good, then checks to see
if this user already exists in our DB (eg. lets assume the Email is the unique key). If they don't exist, we
create a new user.
Of course, we then log the user 'in', which means we create a cookie for them, for their browser.
So far - nothing new here. All normal stuff.
Now .. if we want to do this via an iPhone or Windows phone using their native language and the app's use our API, i'm not sure of the point where OAuth ends and our API takes over?
For example, lets pretend it's an iPhone app that takes advantage of our API.
The iPhone app will try to authenticate the user against their Twitter cred's. Ok, fine. But when it callsback, it's back in the phone, right? Not our servers. So then the app needs to try and create a new user? So then the iPhone might try and call /api/CreateAccount. But this means -anyone- can call this api? And how does the website really know they have authenticated? Only because the app says so? What's to stop the person from creating a malicious app and calling our API by flooding it with new account creations? And what about authentication to api resources? Forms Authentication isn't available here. So do people use querystring authentication over SSL for api calls? How does the iphone authenticate with -our- server?
I'm so confused.
Can anyone please explain the differences and common practices people are doing these days when they have a website and an api .. and use OAuth as the authentication mechanism, please?
The naive app would call not CreateAccount, but VerifyAccount with twitter's oauth set of data so you site and API could verify it. The site would respond with a unique userID and your iOS app would use that as it's internal user id. More info.
there is an facebook application, you can see it there:
http://www.facebook.com/tdmtravelclub?v=app_197602066931325&app_data=wlbb%3D1
You have to like it and than you can play a game (you don't have to i just explain the functionality of it).
This application isn't forcing you to login (i think the authorization is automated), but they can query the user data (they see if you liked the site).
I lookd for a similar authenthication method for fb apps but i didn't found one.
The only thing you know about a user (who has not authorised your application) within a tab application is if he is a fan or not. Facebook sends this information via the signed request.
PHP SDK Demystified – What is Signed Request?
Authentication within a Page Tab
SO Question including signed request
I am developing a desktop fb app like yoono.
For windows, user can open the application and update his status and read the feeds.
For this I am required to have app id.
Therefore I created a new Facebook app in link https://developers.facebook.com/apps.
But I don't understand how to integrate that Facebook app so that it works like desktop app.
I mean the code is written in my computer program not in any site etc.
Please tell me what what I do since I didn't own any website either therefore I cant provide any canvas url.
There is a setting for desktop apps in the advanced tab. Make sure it is set to Native/Desktop.
The graph API is a web API. You send a HTML POST request to a URL and receive a JSON string that you have to decode. What's a bit more complicated is authentication. Because you will need a user access token to query a user's friends list or personal details. Even the user's ID.
Search on the web for a Facebook API wrapper in your programming language of choice. The ones provided by facebook are obsolete (Except for the PHP one).
hello everyone i am new bie in iphone development i want to connect to linkedin from my native iphone application i am currently having no idea how to connect to it please guide me how could i do that
From http://www.zhangkf.com/2010/06/linkedin-developer-network-oauth-authentication/:
Yes you can get connected with Linedin withyour Native Application by
following simple steps:
You get an API key from LinkedIn. This is also called a Consumer Key in OAuth terminology.
You build a feature into your site that leverages the user's LinkedIn network.
Your user clicks on your UI to request to use that feature.
You make a call to LinkedIn to ask to use our authentication. This is called getting a Request Token.
LinkedIn replies with an OAuth Token indicating that you can use the authentication system.
You send your user to a LinkedIn URL. That URL includes the OAuth Token you got and a few other parameters such as a URL for LinkedIn to
return the user to after granting access.
The user grants access to your application by signing into that page.
Upon successful signon, LinkedIn will return the user to your site.
You will then make a call to LinkedIn to get an Access Token.
LinkedIn replies with an Access Token for the user. You use that Access Token for any API calls to LinkedIn to identify the user on
whose behalf you are making the call.
Or
Download the Code from here,you could get it.Just Provide your API Key and Secrete Key
http://github.com/ResultsDirect/LinkedIn-iPhone
Or see this for details:
http://developer.linkedin.com/docs/DOC-1008
This sample is 100% complete and working, just add your app key.
Built with the latest XCode 4.01.
Uses a UIWebView so you have the option of customizing the browser UI.
Uses JSON instead of XML, which is the preferred best practice for most cases
OAuth is heavily documented so you know what's happening
Tested with iPhone 4, iPad 1, and the simulator on iOS 4.x.
http://lee.hdgreetings.com/2011/03/iphone-oauth.html