I have a facebook app in a canvas that is working very fine.
I enabled referral authentification.
I recently enabled my mobile web app link, so now I can access my app from facebook app or from
http://m.facebook.com/apps/MY_APP
I coded the necessary server-side handling of the ?code= parameters to generate an access_token so it works fine. (I request access_token using a redirect_uri that is my current url up to "&code=")
My problem is when I try to open my mobile web app from an app request (on my mobile), The access_token request fails (surely because of the redirect_uri parameter).
After a lot of investigation I found out that the only problem was the ref=m_notif paramater.
Basically if I try to access my app with m.facebook.com/apps/MY_APP/*almost any string or parameter I want* it works
BUT
If I try to access my app with m.facebook.com/apps/MY_APP/?ref=m_notif it FAILS. any other ref=*string* is fine.
Do you know what I should do here ?
Thanks a lot
Related
Hi i'm working on a web with Laravel. On the web, I use socialite to login with Facebook, but I don't know how to do that with api for mobile to connect.
On the web, the flow is the user request to the website, socialite will redirect to facebook to obtain data and redirect back to the redirect url that we register to do authentication.
I don't know if with mobile app is the same?
How can I do it since there is only 1 redirect url and how to detect if the request is from website or from mobile app. Because request from website, ultimately is return view and request from mobilr is return json, right?
Or the mobile side, mobilr developer will do the obtaining data then send it to the website through api to authenticate?
Please help me on this. Thank u. Sorry for my bad English. If anyone does not understand my situation please ask me again.
Thank you all.
If you are building a mobile app, you should use the Facebook Mobile SDK to preform Facebook login instead of doing it the website way. On Facebook, you can have different settings for iOS and Android (and other platforms), so you won't need to worry about knowing which platform the user is using.
When the user authenticates using the mobile app, you can pass the Facebook access_token back to your database via an API.
im a newbie in graph facebook api. I try to get MY_VERIFICATION_CODE by send http request:
link1: https://facebook.com/dialog/oauth?client_id=APP_ID&redirect_uri=https://www.facebook.com/connect/login_success.html
and then Facebook will redirect to http://www.facebook.com/connect/login_success.html? code=MY_VERIFICATION_CODE
but I cant get code from response. I copy link1 to chrome, it redirects to url with a code appended as parameter, but this url stays just for seconds and then it changes to this: https://www.facebook.com/connect/blank.html#=
My question is how to read the code from the redirected uri in a java desktop application?
It's all described in the docs at
https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/v2.3#login
Quote:
When using a desktop app and logging in, Facebook redirects people to the redirect_uri mentioned above and places an access token along with some other metadata (such as token expiry time) in the URI fragment:
https://www.facebook.com/connect/login_success.html#access_token=ACCESS_TOKEN...
Your app needs to detect this redirect and then read the access token out of the URI using the mechanisms provided by the OS and development framework you are using. You can then skip straight to the Inspecting access tokens step.
We have an fb canvas made from .net mvc that works well via desktop but it doesn't work well in mobile app. We send request then if someone on fb mobile tap on request and opens up the web app, the signed_request returned is different than the desktop counterpart. The payload is missing and it seems shorter than the desktop's. I'm trying to read it as "code" and try getting auth token via https://graph.facebook.com/oauth/access_token?client_id=xxxx&code=[code]&redirect_uri=???. The problem with this is I don't know what the redirect_uri supplied or maybe it's not a code.
Can you guys help me with this or there's no other way but once they click request via mobile app we have them relogin in our web app to grab their fbuserid? And if there's another approach in handling mobile app requests.
Mobile Web URL and the signed_request
This is already outdated so maybe there's a solution already.
Thank you
I'll answer my own question. What you can do is add an extra authorization in your login flow when then access your canvas url via facebook mobile app. You send them to
https://graph.facebook.com/oauth/authorize?client_id=
passing the redirect uri and scope then grab the new generated "code" param and grab the aut token via graph api. Then you can access their facebook detail as you would normally. I've read answers like there's no signed request in mobile web and approach it differently without stating what that approach is. Hope someone can be helped by this answer.
Thanks
I have a web application that authenticates users against Facebook. Once my site redirects them to login with Facebook, FB redirects them back to my site with a valid session cookie. This is a PHPCOOKIE I guess.
I would like to accomplish the same thing from my iPhone application. I have looked at the Facebook iPhone SDK, but that simply lets the iPhone application directly call the graph API.
What I actually want to do is have my backend server call the graph API like it does with the browser.
How do I get the iPhone SDK to pass the session cookie to all requests to my server, the same way the browser does?
This does actually occur- but you're on the iPhone, and the iPhone caches the "cookie" with auth info. It's in NSDefaults. It's also called single-sign-on or SSO. It detects Facebook login and authentication on the native app on the same device, and sets a local (iPhone app default) access token for further graph requests.
I've set up my FB app so that it has a Mobile Web URL component. I've noted from testing that whenever I navigate to canvas URL of my app on a mobile device, Facebook automatically redirects the mobile to the defined Mobile Web URL.
If I do the same from desktop, the canvas URL is loaded in to the browser. In other words, if FB detects a mobile device when navigating to an app's canvas URL, it will immediately redirect to a defined Mobile Web URL and not load the canvas URL content.
The problem with this is that when the canvas URL loads, FB passes to it a signed_request form parameter. Yet, when it redirects to the Mobile Web URL it does not.
I noticed when checking a network sniffer that when on mobile Facebook redirects the app.facebook.com URL to m.facebook.com, and thought perhaps the signed_request was getting lost along the way. But when checking the first call to the canvas URL there was no signed_request there either.
It's like Facebook only provides the signed_request when it processes the canvas URL, which in the case of mobile is never.
Has anyone any insight or advice on how to get the signed_request? My only thought at the moment is forcing the user to authorise the app on mobile as soon as they are redirected, but i'd rather not do that if possible (I'm not a fan of gating techniques)
Cheers
Lee
--- EDIT ---
Closing - see my answer.
I've since come to the conclusion that Mobile URLs do not receive the signed_request, and to get the same sort of data requires the users to be put through the FB Auth process. Closing the question.
Your mobile app should be passed a "code" in the query string if the person has authorized your app. Your backend can exchange that code for an access_token and then you can use that to get the current user info by requesting https://graph.facebook.com/me?access_token=[token retrieved from code exchange]. That will allow you to automatically login the current user.
But yes, you do not receive info like the current user's country, locale, and age if they have not authenticated. That is a limitation of mobile web apps currently.