In work I got a task (we MUST work with ASP Classic by the way): when user posts a blog, a link to that blog should be posted automatically on user's facebook timeline and in his twitter. I made everything working, but there is one problem: user needs to be signed in to post. I've made the cheking if he's logged in, and if not he must log in.
But I need to avoid the logging-in step and make it automatic (by sending user's username and password as part of the data sent to twitter/facebook or something like that), but I can't figure out how to do that or if it's even possible at all.
Any ideas? Would greatly appreciate any help.
P.S.: for the twitter part I used http://scottdesapio.com/VBScriptOAuth/
for the facebook part I used a combination of: http://snipplr.com/view/61108/facebook-app-login--authorization-entirely-clientside/
Everything works, but is it possible to automatize the user's sign-in part?
Finally I managed to make the both things automated...
The problem with Twitter was that I didn't store request token in session, that's why I got "Could not authenticate you" error.
Can't remember what I did wrong with Facebook (some co-workers helped me out), but I guess I didn't make proper http requests...
So the answer is: yes, it is possible to automatically post to Twitter and Facebook without user sign in.
If I am not wrong then your logged in user in facebook for current browser is not authorize for your app.
I think you should try googling about "How to authorize users into app". OR
If you don't mind I am giving you the direct URL to go to that setting page for your app:
https://developers.facebook.com/apps and then go to your app then after from left side bar go to roles and then after click on test user tab from top of page and then click on add button it will opne one pop-up to add a user.
In app you have to add test user for testing purpose and have to login for that added test user, so added user will be authorize for that app and you will be able to test.
Thank you...
Related
I am programming a little web application right now. At some point I need to thing about the user registration. My first thought was do it with a Facebook Authentication. Why? I think it's easier to get user like that, because most of them have already an account on Facebook and don't want to get over the usual registration form(EMail Confirmation, ..).
Now I am asking myself, what happens when I decide to cut of the connection between Facebook and my WebApp? I mean maybe at some point I do not want to be dependent on facebook. Can I easily remove the Facebook Authentication and keep the already registered User? I think the biggest issue would be to set a new password instead using the Facebook ones for the User.
I'm getting into the grimy guts of a problem that has turned out to be rather cumbersome so I turn to you, the experts, for help.
what I've done so far: I am building an iphone app with phonegap. I am using the provided fbconnect (in phonegap github) code which gives some rather convenient javascript based example code to build things like a comment and check in request. I have comments and checkins fully working how I want, and I have an auth_token that I am successfully toting around.
enter the like button: I understand that you cannot make like requests via xmlhttprequest in the same way that you can with comments for example, so I am stuck using an iframe (unless there is a better alternative).
what I need help with: right now, since the iframe is triggering its own login, I have the situation where the user might log in to like, and then have to log in again to comment which is not a viable. Is there a way to pass a valid auth token to the iframe so the user wont be prompted to log in again or some other sneaky way to authorize through the childbrowser solution that I have currently implemented and then share the auth token to the rest of the app?
notes: I havent passed an app ID to my auth implementation but I noticed that the iframe does pass an app ID. would including an app ID in my auth request somehow link the logins so facebook could recognize that the user is already logged in through the app?
I can't think of any specific code to include since this is more of a general question but if there is anything you'd like to have a look at please let me know.
The short answer is no, mainly for security and spam prevention. The only way to have the user like your page is rendering the iframe code in a webview. This requires a traditional email/password login with Facebook. Using the graph api is the only way to use things like commenting and checkins, and this requires a user to login via a separate mechanism and then subsequently approve your app. There is no back door logging in mechanism.
Here's the problem,
I want to have the user auto login to my MVC3 website if they already login from facebook.com.
If they are not login from facebook.com, I will just simply show a login button and they can login by clicking on it as usual.
I cant seem to find a way to detect whether user had login from facebook.com unless I force the application to direct go into LoginUrl of Facebook, which is not good for user who was not logged in as this will prompt them a page where they have to login. I still want to allow guest access without facebook account.
Any idea? Thanks a million.
EDIT:
Sorry I forgot to mentioned the situation only apply to user who approve to use my app. Once they approve to use my app, I'll be able to detect their facebook login status.
The answer is: You can't. At least not without violating the facebook TOS and probably at least one or two laws.
EDIT: Your original question sounded like you wanted to try and hijack the facebook user session. What you are talking about here in the comments requires you to use facebook connect / facebook for websites.
You would want to start here: https://developers.facebook.com/docs/guides/web
I have added Facebook Connect to my application via the JavaScript SDK. I'm using Spring Security (this is a grails app) and I have added code that when someone clicks the FB Connection button to login, I manually authenticate them against their user account and everything gets wired up appropriately. I have 2 questions:
When a user first logs in with FB and I don't have an account for them, I create an account for them with their FB info, generate a random password, and use their email for their login name. If the user then uses the regular login form instead of the FB button to sign in, how do I sign them in to FB as well?
Every time the user clicks the FB Connect button, the popup window shows up. If they are already authenticated, it just goes away and then my web site redirects correctly. How do I keep the popup window from showing up in this case?
Thanks
To you first question, the user might be connect on Facebook when landing on your page after registration. So you can rely on the Javascript SDK to help you out.
See here: http://developers.facebook.com/docs/reference/javascript/FB.getLoginStatus
To your second question, I think you can't, except you might get a work around if you use the Javascript SDK mentioned for the first question!
This is how I did it for moviezine.se and it works just fine, but it might be a little irritating to be logged in without asking for it when you come back a few days later. Then there is the use case of the logout: if you are automatically logged in, are you automatically logged out too; and if not, what if your Facebook session is replaced by your girlfriend's one who is also a user on your site! :)
I'm new to OAuth and I'm mostly done implementing OAuth against Facebook and Twitter.
The way my application works is user can sign on either through Facebook or Twitter. Once getting in, they can setup the other, i.e if they log in using twitter, I ask them to setup facebook wall and if they sign up using facebook, then I ask them to setup their twitter.
The issue I have is this. Users after signing out and come back again, how do I avoid them to setup the things again? I noticed twitter access token never expires, so I guess that solve this side of the issue. But Facebook access token does expire. It's very inconvenient to ask my users to sign into facebook everytime to have that part of the application to work.
I might understood this whole thing wrong, so any suggestion is greatly appreciate it.
As far as I remember Facebook (https://graph.facebook.com/oauth/authorize?...) returns back user immediately if user has previously approved your application, so that he/she won't notice it if you design your app flow correctly (for example you can redirect user to Facebook in a popup and close popup when user returns back).