I want to write an app that tracks and displays events on specific facebook pages in a special way. The point is that the application will run on displays within environments such as clubs to draw (physical) visitors to the facebook presentation of the club. The normal facebook layout is unsuited for this kind of presentation.
Now I'm troubled by the facebook login api. It seems that only a browser can log in, with a user manually driving the flow.
I need some form of non-interactive login - there won't be any user on the machine the app is running on.
There is the app access token, but for some reason that one is write-only.
I don't want to post any content, my app is read-only.
As far as I'm aware, there are applications such as Spotify, that can interact with facebook without presenting users with browser-driven facebook logins all the time.
So am I overlooking something?
Related
API page is here: https://developers.facebook.com/docs/javascript/reference/v2.6
As far as I know,
If users have already authorized a web app(a website), then invoking FB.login() and FB.logout() in the web app is essentially logging user in or out of Facebook and return the web app with some data(of course you need access token to do this). Assume you have two pages opened, one is your web app, the other is facebook.com. Both logged out initially. Now if you log in with your Facebook account in the web app page, and then if you refresh the other page, you will find that both are logged in. It's similar for the case of logging out.
Well, correct me if my understanding is wrong. I totally understand there are reasons for the logic.
Is there a way to log out users from by web app but keep them logged in with the Facebook and without revoking permission?
I've tried with Google+ OAuth. It seems that using Google+ API is able to log out users from the web app and keep them logged in with Google+.
Well it is how it should be. You want your app to be an interface for the "Facebook app" login, why is that? Consider the scenarios from the user's point of view-
User is logged-in and browsing facebook. He found the useful application of yours and login to your app(providing required permissions). Before leaving your app, he logouts from the app. He then gets back to the Facebook and continue browsing there. All good!
User in NOT logged-in to the facebook. He logs into your app, browse your app then logs out of it. Then, when he open the facebook.com why will he expect that he should be looged-in to facebook automatically? I think he wont think that and he'll login to facebook and continue.
The point is simple here-
if user logs into facebook, he'll be logged-in until and unless he logs out from facebook.
if user is not logged into facebook but logs into your app, he will be logged-in to the facebook until he logs out from your app.
I want to create a Facebook app to be used in live events (ie: concerts, conferences, etc).
So the guests would enroll to the event connecting with Facebook Login and asking the publish_actions permission.
The guest will have an Access Card (RFID chip) that identifies himself and links in our database to his Facebook Access token.
Then, during the event, I would like that some actions made by the guests in the event to trigger some actions on Facebook, this actions will be triggered by different applications that communicate with our servers, our servers will comunicate with Facebook API to trigger actions on Facebook.
So when the guest does check in at the event, his Access Card is scanned by the event staff, and then should automatically post a message on his timeline indicating that he is at that event, sharing a link with more details about that event.
We also want to have a physical Photo Booth where the guest has his Access Card scanned, and then takes a picture that should be automatically posted on his timeline too.
So this is not the typical Facebook app flow, as the content is posted automatically by actions made by the user, but managed by our software instead of actions directly triggered by the user himself.
I'm not sure if this kind of application is allowed on Facebook and if it's allowed, how would the review process be done, as this can't be tested using a website or phone app.
Did someone make something similar or knows the best approach in getting this approved on Facebook?
Thank you!
The user MUST login with Facebook and authorize your App. People have tried those things with a specific device where people could login, but Facebook detects multiple logins on one device and may block your App. So the only way is to let people use their own device/smartphone to authorize your App. For example, you could offer them a QR tag with a link to the login flow.
The problem with authorizing before the event and storing a Token is that an Extended User Token is valid for 60 days. So if a user enrolls and the event is 61 days later, the Access Token will not work anymore - unless the User refreshes the Token by visiting your App. So before letting him do this before the event, you can just as well let him authorize the App at the event date.
A specific App for the event is surely the safest way, of course.
I would like to process status updates of friends within a server-side application (like a server-side job).
I could create something like a configuration website to connect my application with facebook, let the user login, get the permissions, etc., but this should only be done once by the user. The (session-, access-, auth-, verification-, whatever-) keys or login information could be stored within a database and the server-side application/job could use these information from the database to access the status updates.
The problem is, that the user should only login once, so the user has not to login everyday manually to let the server-side application/job continually working.
Has someone an idea how this could get solved? It is very difficult to find working solutions/ideas for that problem, because Facebook is currently deprecating all these features (REST-API, Facebook-Connect, offline-access-permission, infinite session keys, ...). The Android apps have a similar requirement, but these seem to have the option to solve this problem via the mightly facebook app/integration which has some exceptions... At least all Android apps are working continually with my facebook data and I didn't saw a facebook login page for years. ;-)
How can I login to facebook without showing permission window. ?
I never want to show that window in my web.
If you mean that you're using OAuth 2.0 in your app to authenticate your users using facebook, then you can't. It's a necessary part of the process.
You can consider reducing the permissions your app requires to improve your bounce rate.
If you want a user to authorise your application then you have to show the authorisations screen as either a page that you redirect to or a pop-up, otherwise it is impossible for Facebook to securely verify the user.
If you want Facebook functionality without having the user grant permissions you are restricted to certain social plugins like the share and like buttons, but be aware that if the user is not signed in to Facebook in another tab they will still see a pop-up requesting that they sign in.
Forgive me if this has been asked before, but I was unable to find an answer to what seems a simple question. I have an app that is authorized to a user & user's fan page via a process from a website I've constructed. The process is this:
Visit Website --> authorize website to view list of fan pages --> Select Fan Page to install app to --> Authorize app to user account --> Authorize app to Fan Page
I've got all that working (a process, let me tell you), and everything functions as intended. I'm working on an admin interface to manage the app which is not housed in the Canvas App location but on the website itself. I haven't found a way to figure out if the app is installed or not. It appears that the Graph API / FQL doesn't support this.
My two issues are:
I have the user id & the fan page id but I can't figure out whether said fan page has my app authorized or not. Depending on this answer will determine whether I show the "Install This App" panel or the Administration panel.
I've read that the best method is to store the userid when the app is initially authorized, but after the app is authorized, the user is sent to the Fan Page's Wall and I can't figure out how to notify my iframe app.
[edit] I misunderstood your question and thought you had less implemented than you seem to have: If you have manage_pages permission for a user, you can get the Page access token for each of their pages, and access a list of apps currently installed as tabs on that page - the instructions are at https://developers.facebook.com/docs/reference/api/page/#tabs
[/edit]
Each request made to your app's 'page tab url' will include a signed_request parameter.
The method to decode it is explained at https://developers.facebook.com/docs/authentication/signed_request/ - when your app is loaded on a page tab you'll get the 'page' parameter.
So:
The first time the tab provided by your app is loaded on a new page, you can detect the page ID from the signed request.
This callback will also tell you if the user currently looking at the page tab is an admin of that page (which can be useful for your own edit interface, if applicable)
If you haven't already got an interface where the app user tells you which pages they admin you can get a list of all the pages that user administers by accessing the 'accounts' property on their user object (/me/accounts in the Graph API) once you have the manage_pages permission
can you keep track of who has the app authorized in a database on your website?
i.e. call a script on your website server from your app that returns whether or not the user has authorized the app.