I there anyway to log users to facebook and google gmail, from another domain site?
Or are there specific API to do that?
I'm not talking about fb login or connect or google login API, i'm talking about "triggering" login forms in some whay or launch requests to sites to login in users.
I would like to make users able to log to facebook from another site, setting up cookies, so when he will return to facebook he will be logged, and viceversa.
And if is there, is it legal or not?
Thanks
Thats not possible, since Facebook are the ones that issue the cookies, I think it might be possible to generate a cookie that will log you into Facebook, but it would be illegal. Swift
Related
I and a friend are developing an app and would like to use Facebook as a way of users having their own accounts without us having to ask them to store passwords or make users for security and ease of use.
Passport.js has a facebook plugin but it talks about a redirect URL so my question is: is it actually possible to just send information like email address and password to facebook for authorisation and return the users profile without actually redirecting the user to a facebook login page.
I don't see how i could redirect the user to a facebook login while inside my app and also what on earth would i put as the callback URL? Am i just trying to use passport-facebook in the wrong way?
is it actually possible to just send information like email address and password to facebook for authorisation
No. Users are strongly discouraged from giving this information to any 3rd party app, and you are not allowed to ask users for them.
Login with username/email and password happens on Facebook, not in your app. You will get feedback from the login endpoint then that they logged in successfully.
well i have used the facebook api couple of times. But last day i just came across a site which was really new to me. Heres the scenario
If a user is logged in at facebook and comes to my site, he will
automatically be logged in without asking him and also if user logs
out of my site he gets logged out of facebook. But the site i saw
yesterday, they had handled it perfectly, user dose not logs in their
site automatically and even if user logs out from their site, he does
not gets logged out of facebook.
So any help? what is this technique called? or any relevant help?
Best Regards
most site handled the login/authenication by using the login status of the user at facebook ends.
to do what u wants, simply add an additional layer of authentication / login status checking at your own site.
The site level login status is to be retained only for the current session. In other words, once the user went away from the site, the site level login status is gone. With this, when the user returns, you know that he needs to login again.
when the user logged out from your site, you only log him out of your site and do nothing about facebook login
Using the Facebook SDK it will likely tell you the user is logged out when not logged into Facebook, which in theory is the correct behaviour of the whole system, as Facebook want user's to always be connected to Facebook, I quote facebook:
As long as the user is signed into Facebook, they are automatically signed into your site as well.
So if they aren't connected to Facebook, you aren't connected to other sites. In a way it's a deterrant and increases Facebooks market.
But anyhow, it's likely the site you are describing are implementing their own authentican system rather than using Facebook's own SDK, or if they are using the SDK they are using it in moderation and understand about cookies/the above.
The flow to allow the user to be logged into Facebook but out of your site is as so:
When a user logs out of their site, it will unset session data for the site's own application, and also unset Facebook cookies, etc. That way the user is still logged into Facebook but out of your site.
When they try to log in again, Facebook will detect no cookies are available and hence will re-authenticate and pass you onto the url as passed during the authentication process. Your site will then login the user to the site's own application, setting any session variables, etc.
you need to check how you are handling the FB logins and sessions at your end..
my guess is you check the is login at your site and there are some access_tokens which are as per your app id in the cookies of your browser which are helping you to log in ..
and when logging out from your site you are explicitly logging out the user from FB as well
( thats what you are describing atleast )
you seem to be explicitly calling logout or clearing the cookies for fb app id ..
I want to allow users connect to my website using their facebook account.
First, the user authorizes my application and then I get an access token. Problem is, that I'm supposed on the first time to register the user, and the next time to auto login him based on his facebook email.
How do I create a SECURE way to auto login the user?
I'm using pure javascript, but I can't find any way to create a secure mechanism.
Thanks.
Facebook should handle all that for you - when they come back to your website, they can click the 'login' button(javascript SDK) and facebook should pass you back an access token.
I may, however, have misunderstood the question.
I would like to post updates to Facebook from my iPhone application. I know that there is a Facebook Connect project, but it requires displaying dialogs for entering user's credentials, dialog for posting content, etc. I would like to be able to get the credentials from application settings and post whatever the user put into UITextView.
Is it possible? or am I stack with Facebook Connect?
Thanks!
You need to use Facebook Connect to authenticate and let the user set privacy settings for your app on their profile. You might technically be able to write all the authentication code yourself (see Facebook's Developers page about authentication) but why bother when the experts have done it for you?
You can then use the Facebook Connect API to do whatever you need to do with Facebook, assuming the user has give your app permission to do so.
I want to implement a "remember me" feature on me website using the facebook connect.
On my website, i have the possibility to do the login by two distinct ways:
Normal login
Facebook Connect
When an user performs the login with facebook connect, even if he logs out on his facebook account, i want to keep him logged in on my website. He will only log out if he clicks on the logout button on the website.
Is there a way to do this?
Thanks in advance
Here is a tutorial using PHP that demostrates how to use Facebook connect. If you read the section about the login page, you'll see that Facebook does some funky javascripting that creates session cookies on your domain based on the login status on Facebook. You might be able to manipulate the API to give yourself the persistance that you're looking for.
Good luck, and hope this helps some in your project.