I know that facebook allow me to specify multiple domains for my app.
But in the "Website with Facebook Login" i can only specify one url.
Is it possible for me, to authenticate users on domain.se, domain.dk and domain.net with the same App ? Or should i still create one app, for each domain ?
It is technically possible to use Facebook Connect on multiple domains, there are some limits (5 domains max).
So the key to doing this is adding all domains in the App Domain field under your app settings.
The PROBLEM, however, is that Facebook only lets you add domains that are derived from your Canvas URL or Site or Page tag URLs, so if you try to enter anything else you get an error that looks like this:
The SOLUTION is to create App on Facebook, Website, and Facebook Tab using the ADD PLATFORM button and then put in URLs that point to your other domains. Here is an example of what I mean:
If you use a unique domain for each field you can max out with 5 different domains. I have tested this technique with up to 3 domains, but i think it should work for all 5.
Note: Facebook admin features change from time to time, so all of this is subject to change
As long as you listed all the desired App Domains in application settings you should be able to authenticate users on any of them.
"Website with Facebook Login" is really only intended to be used as link to your site/application.
Update 2 (July 2016):
App domains must match the domain of the Secure Canvas URL, Mobile Site URL, Unity Binary URL, Site URL or Secure Page Tab URL.
Update (December 2013):
At the time of writing original answer it was possible to list any domains in application settings but from that time the UI of Application Settings (as well as way of handling Application Domains) changed at least couple of times, at some point you could only list domains that derive from one of application's canvas pages.
As of December 2013 it is possible (again) to list domains that do not derive from application canvas URL.
Assuming your domains are being served by the same web server and you have access to that web server, you can use the manual login procedure: https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow to login from as many domains as you wish.
Assume your domains are site1.com,site2.com.... Instead of using the Facebook javascript API, you will simply place a plain old Log In with Facebook button on each site which will redirect the browser to the facebook login page as described in the above article. In the state variable you can specify a code which indicates which of your sites is requesting a login. In the redirect you will use a single service domain which you assign to your web server (e.g. fb.mywebserver.com) and which you specify as the verified redirect url in the facebook login settings page. All the sites will redirect to this same url, avoiding the problem of supporting multiple domains.
Once the user has logged in, the browser will redirect to fb.mywebserver.com and pass it the state, which tells you which site is requesting login and a code which you can use on the back end to retrieve the user's info using the Facebook graph apis. You store this info with a uid in your data store then using the info in state, you redirect to to the appropriate site including a parameter that indicates a Facebook login (e.g. site1.com?fbc={some uid}). The browser will obediently then call site1.com?fbc... Your web server will receive this request and detect the fbc parameter which tells it to associate the corresponding Facebook logged in user with this site. It can then retrieve the logged in users info using the uid and, for example, return a session cookie for this user along with the page. If you generate the page on the server you can, of course, also include a welcome "user" or alternatively, your client code can do an ajax call to retrieve that information.
From the user's standpoint they press the Login with Facebook button, are redirected to a Facebook login page where they login and then are redirected back to your site in a logged in state. Not quite as nice as having the login popup but likely acceptable.
A similar process can be used for google logins as well
Best thing I've found to do in the development/production scenario is add a "Test App", then add a platform for your development web site - as you have to provide where the "page tab url" lives if you use that as a platform.
Facebook requires your "page url" to be live / accessible if you need to apply for status or permission review.
This got me around the "login in development" / "login in production" scenario.
Related
The instructions from Janrain for social login provider setup conflict with the hint within the error message from the Facebook https response. Details follow.
Error screen when testing Facebook from Janrain; note that same error happens in any browser such as Firefox, Chrome if you test the sign-in widget.
Error Text from Facebook:
App domains must match the domain of the Facebook Web Games URL (https), Mobile Site URL, Unity Binary URL, Site URL or Secure Page Tab URL.
Please correct these domains: (snip).
Based on the hints from the Janrain Facebook Provider Setup wizard, I have set the website to the URL on rpxnow (i.e. definitely not my web site).
What URL(s) should then be entered into Basic and/or Advanced Settings such that Facebook can process the login? I have tried using the rpxnow URLs and my own web site URLs. Either of 2 things happens regardless of whether I include https:// or start from the subdomain of any combination of names. Either Facebook will not save the details on Basic App Domain and gives the above error, or Facebook will save the details but then gives the error in the first screenshot above.
I do not see how this can ever work because Facebook wants a match on the domain and rpxnow will never be the domain that I use to invoke the sign-in.
For completeness, I will show my Facebook settings, so it will be obvious that they do not match the current Janrain Setup Guide for Facebook.
Basic Settings
Is the Namespace relevant? Better to leave blank? Does it need to match something within Janrain?
Advanced Settings
I could believe that something has to be done to allow cross-domain access. Does anyone have this working with a new Janrain account (3 weeks old) and a new Facebook developer account (old Facebook account, new developer app)?
Replying as an answer so I can attach a picture.
I have a feeling this might be something to do with Facebook's impending changes to their app security (https://developers.facebook.com/blog/post/2017/12/18/strict-uri-matching/ ). It appears that you need to add the Valid OAuth redirect URI for any new API v2.11 apps now (not after March). We were already planning to address this before March but we will have to update sooner.
For your Facebook app you will have to set up the "Valid oAuth redirect URIs" similar to the following screen shot, just replace "pbjanraintest" with whatever your Engage app name is:
Sorry for all the trouble you have had. It's hard to keep up with these providers when the messaging doesn't align with what their apps and api's are actually doing.
I just received the same error this week. Leave off the https:// in the OAuth redirect URIs box.
My website is: www.askachristianlive.org/forum
In the upper right you will see a Facebook icon that is supposed to allow you to login using your Facebook credentials. Every time I get the following error:
Given URL is not allowed by the Application configuration: One or more of the given URLs is not allowed by the App's settings. It must match the Website URL or Canvas URL, or the domain must be a subdomain of one of the App's domains.
I have changed everything I can think of in the app settings and it still will not work. Can you please tell me what I need to do?
My app domain is set to www.askachristianlive.org
Select how your app integrates with Facebook
Website with Facebook Login
Site URL: http://www.askachristianlive.org
I don't know what else to do.
Your problem is that the url generated by oneall is askachristianlive.api.oneall.com which most likely isn't in your allowed app domains
See if you can add the above url to your app domains in your app settings list and if that works.
The problem is oneall is another 3rd party on top of a third party (Facebook in this case) so although your app config in facebook matches your domain, it doesn't match the fact that you have to go through oneall. To be honest I'm surprised that oneall haven't highlighted this fact on their website, as these callback urls would never work for facebook otherwise
I deal with multiple customers who have their own websites and I'm launching a solution for them which requires Facebook login.
The problem is I want to have one page/plug-in in customer's site which allows their consumers to visit the site and click login. On successful login, I want Facebook to redirect the user to my site.
So, in short, the question is: can I have multiple domains (xyz.com, abc.in) sending oAuth requests to Facebook which contain the redirect URL mysite.com?
My app's settings are as follows:
App Domain: mysite.com
Site URL: www.mysite.com
I don't think Facebook allows me to add xyz.com, abc.in to App Domain.
I'm even willing to have a plug-in that's embeddable in different sites. Is this possible? If so, how can I achieve it?
On successful login/register the users should get redirected to mysite.com/fbcallback.php.
can I have multiple domains (xyz.com, abc.in) sending oAuth requests to Facebook which contain the redirect URL mysite.com?
No. You can use only subdomains of the domain you have set under “Website with Facebook login”.
On successful login/register the users should get redirected to mysite.com/fbcallback.php.
If you want users to go to your own domain anyways, then you could send them to yourdomain.tld/facebook-login.php from your customers pages straight away, and handle the login call from there …?
I have created a facebook app on developers.facebook.com and specified a site url for my website. When users on my website login with facebook it redirects them back to the site url I specified (e.g. example.com) on the facebook app settings.
I also have a mobile web site which has facebook login but when users login from the mobile site (mobile.example.com) it still redirects to the main site (example.com).
How can I make facebook redirect to either example.com or mobile.example.com depending on where the facebook login request comes from?
Facebook allows you to pass a variable named state to the auth dialog. This value gets returned by Facebook on both success or failure.
The intent of the state variable is to prevent people from gaining access to your site with forged requests. However, you could add a string to the state variable unique to people coming from the mobile site. On your redirect page registered with your app, you just need to add code to examine the state variable and redirect the user if it has the "mobile" string in it.
I know there is a way to redirect the page using javascript in the iframe of the canvas application to an external url.But is there any other way so that user directly gets redirected to the external url as soon as they authorizes the application.
i know it is possible because a famous app klout in Facebook does it.http://apps.facebook.com/klout__/
redirects to
http://klout.com/ automatically as soon as the user
Remember i got an invitation request from my Facebook friend.when i clicked the invitation notification and when i authorized the application it redirected to a external url.Any idea how this has been done? And i think this wont be encouraged in Facebook policies either?
Facebook want to make sure that the servers it interacts with are of the same domain that is set up in the app settings.
In the klout example you gave what they did was to add an App Domain which is done in the app settings, but there's a limitation to what domains you can add there.
For example if your site url in the settings is set to "www.example.com" then you can add "examlpe.com" or "sub.example.com" to the app domains.
But if you try to add "www.example2.com" you'll get:
Error
example2.com must be derived from your Site URL or your Mobile Web
URL.
Edit
I'm sorry, I did not understand you correctly.
If you want to simply redirect the user to your url in the main window then you can use javascript like this:
top.location.href = "http://www.example.com";
What I was referring to before is the ability to have "www.example.com/" as the site url (in the settings) and still use "sub.example.com" with redirect_uri and such.
2nd Edit
Forgot to mention this:
In the Facebook Platform Policies it states that:
13 . The primary purpose of your Canvas or Page Tab app on Facebook must not be to simply redirect users out of the Facebook experience
and onto an external site
And so you should not redirect the users out of facebook.