First let me introduce the problem. I have site where I want to allow users to login using their Facebook account. Also I want to have possibility to post on users wall and access his email. I created Facebook app and every time not logged user comes to login page he clicks on Facebook button and gets to auth dialog of application where he must allow getting his email and on next screen allow posting on wall. To this dialog user gets with link which contains scope=email, publish_stream.
First question: When user clicks do not allow to post on wall, next time he uses this link he must again do that. Shouldn't Facebook remember this? I thought that I should not give the scope in link and use application setting where on permissions page a choose extended permissions. But these permissions are never asked for. Even when I enable referrals.
Second question: Is using FB application for this right? Should I not use fblogin?
Thank you.
When user clicks do not allow to post on wall, next time he uses this link he must again do that. Shouldnt facebook remember this?
No – because then there would be no way to ask a user for an extended permission once they’ve declined it.
Of course it might be annoying to the user to see that dialog asking for posting permission every time again when he just wants to login to your page.
That’s why Facebook themselves advise you to only ask for permissions you actually need for the current task. To provide the ability to log in to your site, you only need basic data and maybe email – so only ask for that, when the user is just logging in.
And then, when you come to the point where the user actively wants to share content through your app – then check if you got the necessary permission already, and ask them for it if it’s not present (by calling the auth dialog again, this time with the extended permission set in the scope parameter).
That way, it’s clear to the user why he gets asked for that permission at this point, and he doesn’t get hassled about it time and time again if he just only tries to log in.
I thought that I should not give the scope in link and use application setting where on permissions page a choose extended permissions. But these permissions are never asked for. Even when I enable refferals.
For these settings to have any effect, the connect to your app must happen in a way that actually triggers Authenticated Referrals. Doing the login by yourself in your app logic does not trigger this way of authentication.
Related
I have a site that logs in using Facebook. The first time a user logs in, they get a pop up from Facebook explaining all the parts of the user FB profile my site will have access to. After accepting once, though, they don't get this pop-up on subsequent visits. Is there a way I can ensure that the user always sees this popup?
Update:
I'm trying to find a way to do this during development, so that I can see the list every time. I don't really need this in production.
they see it because it's the standard OAuth workflow to accept the terms of the application they are authorizing through facebook. Once the auth is complete, they are sent directly through, no reason to ask them for auth over and over.
EDIT:
Based on your update, the list is visible through your application settings in Facebook. you can use facebook's api to get these users.
You can build a "Fake Login" - there you can show your terms again. So your clients got a better feeling. ;-)
I am working with integration of a website with facebook.
I have a specific requirement where-in the user should get logged-out from facebook if he/she doesn't grant permissions to my facebook-app (on first use).
Now, If user denies access for my facebook-app, I am redirected to the redirect_uri, but the problem is that on the page that handles the redirection, I cannot log the user out from facebook since my app won't have permission to perform logout.
Can anyone please tell me what is the workaround I could try?
I have a specific requirement where-in the user should get logged-out from facebook if he/she doesn't grant permissions to my facebook-app (on first use).
Is this in a very special environment (like a kiosk application or something) …?
Because otherwise, I’d hate it if random apps logged me out of FB while I’m browsing on my own computer, just because I don’t want to connect to them.
Now, If user denies access for my facebook-app, I am redirected to the redirect_uri, but the problem is that on the page that handles the redirection, I cannot log the user out from facebook since my app won't have permission to perform logout.
Can anyone please tell me what is the workaround I could try?
I don’t know any workaround – to perform a log out on behalf of the user, you need a valid access token – doesn’t matter, if you’re trying to do it client-side or server-side.
If that wasn’t the case, any website I’m visiting could log me out of Facebook, and that would be really annoying to users.
We have exactly the same problem. We've developed a kiosk application used to checkin and post HD photos.
If the user does not accept the permissions we need to reload the application because we can't logout the user in another way.
We've tried different ways but no one was successful
I'm trying to write application for user login to website via Facebook. When user is logging in, he's redirected to http://www.facebook.com/dialog/oauth/?client_id=APP_ID&redirect_uri=REDIRECT_URL&state=STATE, then sees confirmation dialog to use permissions and all goes well. But then FB somehow remembers this application and never asks for permissions confirmation again when user opens this url. Is there any way to always show this dialog? I could do it in Twitter, but couldn't found the answer for Facebook.
If you really want this for some reason, uninstall the app from the user's account with a HTTP DELETE request to /USER_ID/permissions using your app access token.
The next time they come back they'll need to re-authorise the app.
Otherwise, no, there's no way that I'm aware of apart from the reauthentication flow to force the auth dialog to appear, but bear in mind that the reauthentication flow may prompt the user to re-enter their Facebook password even if they're already logged into Facebook, so it adds extra friction to the process
Instead of showing the Facebook OAuth dialog, you could also show the user a page on your application that has some information about the Facebook account that is going to be used (picture/name etc), to log into it. That way, if they like they can choose to log out and re-authenticate or continue knowing they have the right account.
When users invite friends to my application the friend gets a notification in the Facebook.
When they click this link they see a dialogue box asking them to approve my application.
How can I limit the information my app requests to almost nothing so I don't scare away potential visitors.
I don't want their email or friends list or to access their data at any time. I just want them to visit the site.
Ok Thanks to Changing the scope I have the dialogue down to this. Is there any way to get even less. I don't have any code that requires permissions. My call back just extracts the request id's.
Just don't require authentication on your landing page. Make it so that your landing page and primary canvas page do not require authentication and potential users can browse and check information about your app and look if it is what they are looking for.
Then once they make any significant action on your app when their user information is essential to proceed you can open an authentication dialog box. You can detect whether users already authenticated or not with the help of javascript API FB.getLoginStatus method:
https://developers.facebook.com/docs/reference/javascript/FB.getLoginStatus/
hope this helps
You are requesting extended permissions in the url you are directing them to for the allow. Remove anything from the querystring parameter "scope", currently you should see that
&scope=offline_access,email
or similar. Simply change that to
&scope=
Check the page on extended permissions for more info:
http://developers.facebook.com/docs/reference/api/permissions/
Your invitation is linked to application that needs extended permissions, you have two choice first one is change the link that don't needs extended permissions. Second one is if you don't use the data getting from permissions, remove the permissions from oauth dialog.
The second screenshot above it the minimum amount of permissions you can request.
It is not possible to request anything less than basic permissions. You have to have this in order for the user to be connected with your app, and so you can get their user id.
Suppose I have a website that wants to access a Facebook's user account information. Usually, the user is presented with all the permissions the website is asking for, and can either allow or deny them as a whole.
Is it possible to let the user choose (with checkboxes on each permission on the authorization screen, for example) which permissions he wants to give the website?
This would be possible but it would need to be done in two stages.
Firstly you would have to present the user with your own dialog where they can choose their prefered permissions.
Secondly you would have to authorise the user with the selected permissions via a Facebook dialog.
If you're looking for an example the Facebook Graph Explorer already does this:
http://developers.facebook.com/tools/explorer/
The bigger issue would be keeping track of the users available permissions and reacting according.
unfortunatly not out of the box. (but this could be changed sometime in the future, as FB displays a required next to the rights if you look on the rights you give to an app)
I used to ask the required prems, and let the user add optional perms via a click, which again opens the perm dialog but only with the perms the user not already give to the site.
for an example. user sign in form, beside the "Hometown" field i have a button "Fill from facebook" if user hasn'T given me that right to access user_hometown i call for the right and fill the form.
see this post for a good explanation on the why and how:
http://www.fb-developers.info/tech/fb_dev/jssdk/learning_jssdk_12.php