In my application to be able to switch to another user, I use the "auth_type=reauthenticate" parameter for the "https://www.facebook.com/dialog/oauth" URL. This worked for a long time. I was able to log in using other FB user than last logged. (e.g. shared PC)
Today I found out that there is no longer possible to change the user. Only re-enter password. Moreover, there is no "Cancel" button (used "dispalay=popup").
I can't find something about it on developers.facebook.com
Is anybody know something about it? Is it temporary bug or anything else?
from :
https://developers.facebook.com/docs/facebook-login/reauthentication/
Note that apps should build their own mechanisms for allowing switching between different Facebook user accounts using log out functions and should not rely upon re-authentication for this.
Related
I have Facebook's SSO working properly in my iPhone app and most of my users have not been experiencing any issues. However, a small number of them have been reporting errors with Facebook Connect and not being able to create an account. After an email exchange with one, we determined that the app permission toggle under Settings->Facebook was somehow set to disallow my app from using Facebook.
I have since added an error message telling the user this might be the case but my question is how did this switch get toggled in the first place? It would seem that a user would have to manually toggle this switch, right? I also looked for an API method that might do this e.g. rejecting Facebook SSO the first time a user saw the dialog asking for permission; I could not find any such code.
Any ideas? I'm hoping this problem will solve itself with the error dialog I've put in but if possible, I'd like to remove this issue altogether.
As far as I know, using the native dialog with iOS6 and rejecting the permissions request (the first one, at least, not sure about requests which are asking an existing user for more permissions) will toggle that switch
If you need to debug, try uninstalling the app from your facebook profile (a HTTP DELETE request to /<USER ID>/permissions will do this, or you can do it in the facebook app settings), remove the iOS app, then install it and try to connect for 'the first time' again
I have a website that's working with Facebook Connect (or Facebook for Websites as I think it's called now). When a user first comes to the site he's able ot browse around and do some simple things without any integration with Facebook. If he wants to perform some advanced operations, we need him logged into Facebook and to authorize our app to grab some very basic information about him. We're trying to be good corporate citizens by letting him get a taste of the site without forcing him to be logged in and authorize.
To do this, we have a Login button that he needs to push before performing advanced functions. When it's pushed we call https://www.facebook.com/dialog/oauth, etc. to get things set up.
This system works fine except for one thing. IF he is already logged into Facebook AND IF he has already authorized our app, he should just be frictionlessly logged in when he goes to the webapp. But, I can't see how to do this.
Sure, I can call https://www.facebook.com/dialog/oauth when he starts the webapp, and if the conditions are right, things work great. But if the conditions aren't right, then he's presented with a bunch of things to do that I don't want to task him with just yet.
Surely there's a way around this. How can I frictionlessly allow my users to authenticate through Facebook with the stipulation that if any of the conditions are wrong, just abort the whole process without showing the user anything?
Before you display a login button for the user, call FB.getLoginStatus() to see if they're already logged in or not.
I'm writing an app for a retailer, but my client wants that once that the user has logged in the app does not let him/her log out.
My question is: Is this a permitted behavior on Apple apps? Will it get rejected? I've been looking up for a policy related to this, but haven't found anythin that either allows or denies this.
Thanks in advance.
You cannot prevent the user from just killing the app. But she does not necessarily be logged out. If you mark her as "logged in" by means of some persistant store (such as user preferences), you can have him be logged in automatically next time she starts the app.
This is a design that I have seen in many apps. I do not think that it would get you rejected. The user would have to delete the app completely to log out.
One possibility: put a "change login" option into the preferences. At least on iPhone, that is very far away from the app, at the bottom of the settings app which most users never find. Even then you could only let the user be logged out completely once she is logged in with a different valid login.
My recommendation: don't take the control away from the user. Explain to your client that there is a balance between marketing necessities and the danger of annoying important customers who might unduly amplify negative sentiments. Accomodate the needs of your client by making it a bit tedious to log out - but not more.
I have a similar query to Can someone please put an end to "LEAVE APP" misery! with a differing behaviour.
Our application asks for permissions, the user gets an allow / disallow option, however if the user clicks to try to authorise again (within a short space of time) they will instead see a dialog with allow / leave app.
This is disrupting our application flow slightly as the leave application will take users directly to their facebook profile and not back to our site (as we explain the benefits of allowing our application).
Has anyone experienced this and / or knows a way to prevent this from occurring?
I'm almost sure this is deliberate, and designed to provide a way for users to quickly exit authentication loops
This is an intentional design choice in the permissions dialog. It can't be overridden.
The issue I am having is that in the authentication box are login/cancel buttons. This is not what I want, I am wanting it to show Allow/Don't Allow.
I thought this was the default but for some reason it is showing up differently.
I am not sure why this would be happening. Any help on this problem would be much appreciated.
You can view the app at https://apps.facebook.com/found-it-on-carsale/
Basically, user need to login(in other words,authorize the application)...After that,user will need to allow/dont allow the application...Once the user allow the application,it will not showing allow/dont allow again...The most important thing is,user must login....
Thats a part of protocol.Once user authorize him self or herself for a particular application next time when user will come he/she will be asked to login and since they have already approved access, they will not be asked again.
user will be asked to approve/deny if
User changed his/her password.
Your application has been disabled for some reason
You have changed the scope
Why you want user to approve/deny your access request every time when he has already approved and has shown faith on your application? it will create bad user experience