I have a site that user can login with facebook.
When user is logged-in he can do several actions. In one of this actions i want the user to re-authenticate (give his credentials again).
So is it possible when a user is already logged-in with facebook, to open facebook login dialog (or something similar) so that user can give his credentials again (or just the password)?
So is it possible when a user is already logged-in with facebook, to open facebook login dialog (or something similar) so that user can give his credentials again (or just the password)?
Client-side: https://developers.facebook.com/docs/howtos/login/client-side-re-auth/
Server-side: https://developers.facebook.com/docs/howtos/login/server-side-re-auth/
Related
I wonder what kind of workflow other people have had when logging in with facebook.
I have an app that requires signup. People can also signup by logging in via facebook. That part has been integrated.
However, when a user signs in with facebook (which means: facebook page open and requires login), my workflow
takes the user to a screen where he needs to create a username (as having a username is required).
After the user picked up a username, then I create this new user, save the facebook token and generate a password.
Now, automatically, the user will be logged in in my app.
Next time the user opens the app, in background, I will login the user taking the email (which originally was fetched from facebook) and the password, which are stored in local storage.
But what if the user logs out or delete the app and reinstall it? I have seen that this happens some times. In that case, the workflow (if the user clicks on facebook login on my app) will take the user again to facebook. And after he logs in in facebook, he will come back to my screen where he can choose a username. This is bad. Because I already created an account for the user with the email binded to that facebook account.
Of course, I can understand that this user that logs in via facebook already has an account. But what can I do? Can I just login him in background? Are there any security implications (yeah, my app is not that sensitive, but I would prefer to use best practice).
Yes, if the user already logged in once, the expected behavior is to be logged in again on future visits to the app. If the user passed the Facebook login, you can safely assume that it is the same user imho.
Can we customize facebook login/authentication page?
I want to use my own customized pop up for receiving 'Email' and 'Password' input from user so that it is consistent with the GUI of my application. Is there a facebook API to which I can pass the Email/Password details received from user?
Looking at https://developers.facebook.com/docs/reference/api/user/#permissions you cannot "create" new permissions. This has to go through Facebook so they know what permissions have been granted. This ensures that you're not just granting permissions on behalf of a user without them having actively granted them. This therefore stands to reason that you cannot style their page.
Alternatively, you could just make sure users register via an account on your site (You want a password so I assume you don't mean their facebook password) and then ask them to connect their facebook account to it. You would need to ask for their email in your form, get them to login, then connect via facebook and associate their facebook id with their account on your site.
If a user follows a link to my Facebook application (apps.facebook.com/instantinternetstar) and they are not currently logged into Facebook they are allowed to enter the Application instead of being prompted to 1st log into Facebook and 2nd grant permissions via Auth Dialog.
If a User is logged into Facebook, the new Enhanced Auth Dialog works perfectly and always.
Is there a variable I have missed?
Your settings may be fine. What you can do on the default page of http://instantinternetstar.com is to query the http post parameter called signed_request, decode it and it will tell you if the user is authenticated or not. Then you can display something to them so they know what you're about, before they take their time to login to Facebook, then accept your app.
I have a website with my custom register system (really simple - username, password and e-mail).
I want to make Login with facebook as my new and only register/login system.
I want to put a login button which:
- if user is logged to facebook just asks for permission to use e-mail and other data + asks for custom username
- if user is not logged, then just facebook login
Then the user would not need to login to my page if he's logged in to Facebook.
Can you please give me a hint or suggest a framwork to do this with?
If you look on the Facebook developers page it tells you how to do this
https://developers.facebook.com/docs/guides/web/#login
I have a question about facebook login on my website. What I have now is simple login process which logs in user but each time facebook asks user to grant my app an access permission.
It looks like this:
1) user clicks "login with facebook" and is sent to facebook. He/she gives permission to access his/her account
2) I receive back an authentication token for this user
I'd like to have the following flow:
1) when user clicks "login with facebook" then he would be redirected to facebook website and after he logs in I should receive a facebook user ID,
2) search for user id in local database and if it is found then just use stored token
2a) If user is not found then send him back to facebook to grant my application access permissions
2b) receive user token from facebook and store it in local database
Basically, the difficulty for me is to query facebook for current user id without passing a user token to facebook. Thanks for any help
to query facebook for current user id without passing a user token to facebook
No. This isn't possible, facebook will never give you user_id without their knowledge. They have to authorize your application first.