After a Facebook user authorizes the app, the user has to be verified manually by a live person which needs to see details of his profile, including his pictures etc.
What would be the correct way to implement this?
Should the app download all necessary data from the user's profile after the user authorizes the app? Seems a lot of wasted effort if there is an easier way.
I have already posted this question to http://webapps.stackexchange.com here.
You can't see a whole lot of details on ones profile without that user having authorized your app. You can however see the ProfilPicture, so if that is most important it would be possible.
And since (I presume) a user starts on your own page/site you could add a check in there so that someone can click an 'accept-button' on your side...
But what I really wonder is, why not just make sure the people you don't want to be authorized with you app don't know where to reach the app??
Think that's way easier to sort out a bunch of people...
Related
I created an fb application which uses the following permissions: manage_pages,publish_pages, and read_insights.
The main purpose of the application is to give to the authenticated user reports and statics about the popularity of his own fb page.
I noticed that I can't use those permissions until I submit the app for review.
In the facebook developer account, I noticed that for each of the above permissions I have to complete some notes:
1. How a person logs in with Facebook
2. How a person sees the permission used in your app.
Also they want me to upload a video to show them that I use the permission correctly.
The problem is that I'm not sure what should the video contain in order to clarify the point 1 and 2.
Right now my application is only doing the authentication phase (signup), and in the next release we are going to create and display analytics for each user who joined the platform.
I would be grateful, If you could give me some suggestions regarding what facebook would like to know in order to approve the permissions.
Thanks,
Your App needs to be working before you can send it in for review. Meaning, you need to have at least a working prototype. For development, you do not need to go through the review process, every permission works for everyone with a role in the App without review.
In other words, you can´t go through review with permissions you don´t even use right now.
I have a Facebook app which is currently live, but would like to add additional functionality which involves requesting additional permissions (mainly publish_actions). The new permissions, due to Facebook policy, need to be reviewed by their team before they can be used live.
Is it possible to use one app for this? Is there a way (and is it acceptable by Facebook) to lead the user down a different flow if they are a tester, rather than a user during the review process?
I've also looked into the possibility of a test app, but I'm not sure if it's possible to flag that the app to review is a test version, which would then be approved on the live app. Facebook's FAQ seems to suggest this is not possible.
I'm not marking this as a definite answer, as it's a bit hacky and I have no confirmation that this will work until the review process has been completed. However, you can use the FB API to determine whether the user viewing the app is a specified test account or not by adding conditionals based on the user ID. It will also help if you make the test account an automatic user of the app on user creation.
For example, if you want to include new functionality, check if the user ID is a specific test account ID or not. If it is, display it. If not, display something else.
I would really appreciate some help with the Facebook application I currently work on.
I developing a simple Facebook application, and I need to store the data of the people, who click the "I want to win button". I'm not sure if I should use plain, old vanilla PHP, or if the Facebook API provides some simple way to do that, so I would be really glad for some ideas about this.
I read about the topic, but I can't really "see the Matrix" yet, so every answer is appriciated. Also I'm more interested in ideas and not the implementation, as I'm fairly confident in my programming skills.
Thank you everybody!
Richard
You will definitely need to use an external db, coz facebook will not store the data for you. However facebook does store the connection that a user makes with the app, i.e. when a user gives some(even basic) permissions to your app. Hence when an old user comes to your app you can know which, and if it is an old user.
Facebook sends your entry script a signed_request, which contains data about the user visiting your app, this request will have a user_id field only if the user has made the connection/authorized your app, hence you know if it's an old user or new.
Once you have the user_id you can call the graph api to get info about the user. In the php SDK you can easily call $facebookObject->api('/me','GET'); to get user info.
You can easily call the functions anytime, so if you want to make a call when a user clicks your button, you can do that.
Check out the links i have included, thoroughly, you'll get the idea.
I have a basic question about a facebook app I am building. In the first phase, we are building the app so that it doesn't collect any user information, thus keeping the user from having to click the "allow" button to use the app. However, we are considering adding features to the app later on that would require user information. I am just curious if it is a good idea to build it like this, or if we should just collect user information from the start. Would users think it is strange for an app to start collecting data after the app is already live? Any advice is appreciated. Thanks!
No it's not a bad idea. Actually Facebook recommends only asking for a permission when needed:
As a best practice, you should only request extended permissions at
reasonable times when the user engages with features that would
require their use. For example, if you are asking the user for the
publish_stream permission in order to create a custom share UI, the
user will better understand the context behind your request if
presented with the permission while interacting with the app's share
functionality.
Please DO visit the document I linked to.
I know about test accounts, but during beta I'd like to allow access only to my friends, and then later friends-of-friends, and then only eventually Kevin Bacon and his friends.
That would probably suck, wouldn't it? The app would be listed (is there a way to prevent listing?) and someone I don't know might try it and get a "sorry, this is in development message." I imagine they'd be irritated and not come back.
From what I've read, only a few apps take off, but when they take off, they REALLY take off. Do developers just release these things fully baked?
Anyone start out with OpenSocial or other smaller-than-Facebook networks?
Any ideas for a soft, gradual, restricted roll-out?
Once you've set up your application, there is a setting in the Developer application control panel for your app: Your app -> Advanced -> Sandbox Mode.
Sandbox mode lets you restrict access to only those people listed as developers (under the Basic section).
In terms of expanding the app, Facebook doesn't provide much more flexibility that the Sandbox mode. Unfortunately, adding everyone as Developers of the app doesn't work very well for a beta, as people can access the application control panel once they are a developer. I ended up putting a whitelist of Facebook Ids into the front controller of my application for a previous beta, and it worked fairly well.
The apps are only listed in the App Directory if you submit them and they are accepted. There's no issue about preventing listing, it's something you have to apply for.
As for restricting users, you can accomplish it with a script in the application that checks whether the currently logged-in user is within your restricted user set. For example, if you only want friends of yourself, check whether the current user is friends with your user id. If not, simply display an error/message page or redirect them to the Facebook home page (or wherever). Add this check to the rest of the start-up logic run each page (such as connecting to your DB and authenticating with Facebook).
What I have done in some cases is keep a database table with the user id's of users who are allowed access, essentially a "whitelist". If the user isn't in the table, redirect them.