In the Spotify App's API docs there is a module to authenticate via Facebook - now I try to find a way to logout from Facebook but can't find any documentation about the correct procedure. The Facebook Javascript SDK provides a logout method via FB.logout() for this - how about the Spotify API?!
In order to log out, you need to make a GET request to the Facebook's logout URL, which at the moment is https://www.facebook.com/logout.php, passing two parameters:
access_token: It is the access token provided by Facebook when access to the user's account was requested.
next: It is a URL that has to be part of the domain URL that was set on Facebook's app profile.
Logging out is performed by making an AJAX call to that URL. If it was successful, a redirection to the next URL will me made. Otherwise, the redirection will be made to http://www.facebook.com/home.php (for instance, if the next URL doesn't belong to the registered app domain).
You can read the response of that AJAX call and check that the content you get is that from your next URL.
You need to use the Facebook API - if you look at the documentation, you'll see that auth.authenticateWithFacebook is just a thin wrapper around auth.showAuthenticationDialog. It doesn't actually interact with Facebook's "proper" API at all - it only loads Facebook's login page and gives you a callback when the user is logged in.
Related
I have .net web site which designed for working as standalone application. Due to one issue I was made to perform login flow to Facebook manually instead of calling FB.login(from FB javascript sdk). And because of this I am not able to call FB.logout (because in this case another issue appears).
Facebook support advised me this:
"In this case, you should manually clear the user's logged in session, by clearing any stored cookies, or removing any access tokens or user information stored on our end. You can refer to this page for more information on building login/logout flows manually: https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/#logout"
I didn't get this answer. How to realize manually logout workflow?
And I didn't find any examples.
You can check what the PHP SDK’s getLogoutUrl method does here, https://github.com/facebook/php-graph-sdk/blob/5d0c4865e80e231d48a4571841bd018828fe58e1/src/Facebook/Helpers/FacebookRedirectLoginHelper.php#L156
Basically it just calls https://www.facebook.com/logout.php with two parameters:
next is the redirect URI the user should be redirected back to after logout; it needs to be within your app domain
access_token is the valid user access token for the current user of your app
I have created an App on facebook and I am using this app to authorize an user via dotnetopenauth.
Here I would pass APPID and APPSECRET and get the token which would be used to call Facebook Graph to get facebook user details.
If I'm doing this for the first time, user would be asked to enter username/passowrd on the Facebook website and then the session is created in the browser and it will redirect to my website as a Facebook user. This means that if I open a new tab in the current window and open facebook, user will see his/her page directly without asking for username/password. - this is obvious and understandable.
// code
request = WebRequest.Create("https://graph.facebook.com/me?access_token=" + Uri.EscapeDataString(strAccessToken));
response = request.GetResponse();
My query is:
After the scenario above, if user logs out from Facebook website OR I close the browser window, the facebook session is lost. However, I still have the access token (string in the above code) that I got while authenticating.
So, As of this moment I am not storing any user information from Facebook (not even cookies or anything else). I am just requesting user to authorize my application as a Facebook user. When user does that, I get the access token which I can use it to make calls to Graph and REST APIs. This access token usually remains same, so I really dont need to pass the applicaition id and secret to get the token next time onwards. Actually I can request the graph APIs and REST APIs with the stored token and request user details. I have tested this and works fine.
What I am looking for is, if user opens www.facebook.com, user should see his/her personal facebook page which obviosuly is possible only if I have a session in the current browser. Hence, my question was: how do I use my access token OR what call should I make with my access token so that I can set the browser session for the facebook user? Is it possible technically?
Regards,
AG
No. Your access token is used by your web server to call facebook. It's impossible (and undesirable) for this to impact the user's browser in a way that would set a facebook.com cookie so that the user would be implicitly logged into Facebook by your use of the access token.
This is regarding Facebook apps. After the user clicks on Allow button on the authorization page (OAuth page) then the user is redirected to the app with a code param in the query string. According to FB doc we should use the value of this param to get the access code needed for FB API calls.
I use FB's PHP-SDK. After the user is redirected from OAuth page then I call $facebook->getUserAccessToke() to get the access token. This code seems to fetch the access token directly from the signed_rquest (present in the cookie). It never needs to use code param. I don't understand why code param is sent then?
depends on your app settings, currently its working without the code, but you will have to migrate to the now standard oauth2.0 process.
see https://github.com/facebook/php-sdk/blob/master/examples/example.php for how to login users.
in short words, you dont have to take care of the token or code parameter, the SDK handles it itself. (via $_REQUEST array)
I am a little confused with the Facebook call back URL. I am building a iPhone application with Facebook login. So I will receive the access token from Facebook after the user logged in. Then I save this access token to my local (server side) DB. After that I want to use this access token to sent for example a post via C#.
What should I define for the callback URL? What is the importance of this?
The callback url is used to provide fast app switching, that is, the user of your app is first redirect to facebook app or site to do the login, then it invokes the url you did define and, if properly configured, it will be redirected to your app again.
You can specify the callback url from developers section on facebook, then you have to support it in the your app plist.
We're hoping to create mobile phone applications for (among other features) posting video to a user's FaceBook page. However, using their API, it looks like we would need to open a web viewer and have the user enter their login credentials every time the application is used. We would prefer to store these credentials so the user only has to login once.
We could of course save the http login post and resend it as needed, but this breaks if FaceBook changes their API and I worry about their terms of service and using an unofficial hack such as this.
Maybe someone knows of another application that uses Facebook this way?
You should have been returned an oAuth token to use.
The new Facebook API has a service you can call with the old tokens and it returns you a new oAuth token.
You just have to add offline_access to your permissions. You do this by adding &scope=offline_permissions at the end of your authorization url. Then your oAuth token won't expire.