I have a yard sale website that I'm about to revamp, and rather than using my own user database, I'd like to use Facebook connect to authenticate people into my site, and the only reason I need them to do that in the first place is so after a yard sale is posted on my site, I'd like to be able to post on their wall that they're having a yard sale.
So, my two questions are:
Is it possible to use Facebook Connect without my own user database? I understand that I'll have to store the facebook ID, etc.. within a database table, and that's no problem, I just don't want to give the confusing option of "click here to create an account" + "click here to login with your user name and password" + "Or click here to login with facebook". I'd just like the last option.
Second question is, is there any way to force the user to allow me to post on their wall? I understand that they can uncheck that option when signing in with facebook, but can I verify that permission and ask them to re-login with that option checked? I'm not trying to be a prick, I'm offering a fantastic service that is completely free and in exchange I just want the ability to post their sale on their own wall so I can spread the word. I'd prefer for this to not be optional.
To answer your first question, yes. You don't need your own user database, however you will need to save your users auth key and id to be able to post as them - whenever you want. If you dont need to be able to post anytime (like when the user is not online) but only on user actions on your webpage (which is probably most common) there is alternatives like just saving the data in a session. So depending on what your needs are, you don't necessarily need a database at all.
Second question, you can always check if a user has granted a permission using the API. So what you can do is have a page that says that he has to approve to proceed to your page and a link to the auth dialog. Although, I don't recommend it, I doubt It's gonna do you any good and It's possible that Facebook even disapproves of this. The possibility to remove extended permissions is probably there for a reason.
More about checking granted permissions here using the REST API:
http://developers.facebook.com/docs/reference/rest/users.hasAppPermission/
Related
I have a task to add links to a web page to enable the user to post a short message to Facebook. There may be multiple messages on the page, each with its own link. The intent is to launch a Facebook share dialog pre-populated with the text of the message which the user can then modify, accept and/or reject.
I'm pretty new to programming anything for Facebook. I'm fairly confused and am not sure what to ask first, so I'll go with a very basic question: what's the simplest way to do this? I gather from Facebook's documentation that I probably have to use the Javascript SDK and/or the Open Graph technology. Is this correct, or is there another option I'm missing? Is there a really clear example of this kind of solution anywhere?
Thanks!
You have to create a facebook app first so you have your app_id and app_secret.
After that you need to request permissions to the user to publish_actions. If the user accepts, you'll receive a token (you need to store it in db). If you need to publish actions in a user page instead of his own page, you also need the manage_pages permission.
You need to read the facebook graph api documentation to understand how all this works.
The access token you receive expires after certain time. So, when you receive it, you can ask for a long lived token. The page tokens doesn't expire.
Facebook evaluates your app before approving it to be in production. They ask a couple of questions about how you'll use the user's token and data. You might have to put pictures of the flow too.
As far as I know, Facebook won't allow you to send pre populated messages to the user's wall. They user has to write it.
Hope it helped a bit!
My question is about Facebook permission over Application Shares.
I'm developing a App solution to my Customer, out of Facebook's Domain: Here's how it works:
The user access a Page where he can write a message to create a post with Image features;
He is requested to approve this post on his Facebook's Timeline;
When he finishes, the post can not be instantly posted. It will be saved among other users' messages;
When the time comes, an administrator, through a Control Panel, will check and select the best message to qualify;
Only the best message will be posted on the author's Timeline (User Timeline).
The question is:
I know that Facebook is not allowing Implicit Shares, but I don't know if posting only after an administrator input is considered implicit, because there won't be user approval on that moment. He already did it back there writing the message.
Is that possible, or I will have to make another request through Notification or something?
Thanks to the comments. Here's the answer to my own question:
The Answer is NO. Doing a post without user confirmation, even if he already did it some time ago is considered a Implicit Share, and it is no longer possible. There is another problem with the step I provided. You cannot ask for a user to publish something that won't be made instantly. If you ask to do this, it must be right on time. I think there is an exception for Pages, but that's not the point.
To comply with facebook's policy, the same functionality can be made with these steps:
The user access a Page where he can write a message to create a post with Image features;
At this moment The User is NOT asked to post this on Facebook. He is just asked to create it without mentioning Facebook itself;
When he finishes, the post will be saved among other users' messages;
When the time comes, an administrator, through a Control Panel, will check and select the best message to qualify and notify the selected user to access the link containing the message;
Here, finally, the user can see his message and is asked to post it into his timeline;
The applications must always do exactly what they tell the Users they are going to do, and you cannot ask something or request a permission for some functionality that you won't use at that moment.
Thank you!
I have the task to integrate some commercial sharing stuff into a website.
The idea is that the user a) logs in/registers in the website, b) the user connects his user account with his facebook account - by adding and accepting the website application.
Here comes the interesting part - is there a way of linking the facebook account with my website's account so that I can send them updates and promotions directly to their walls programatically?
In the application dialog, it's clearly noted that the user allows the application to write to the user wall so they accept and agree this. Then, for example, if I want to send them a promotion or update directly on their wall using the fb application api, how can I achieve this? All the tutorials I've read consider the user using the Facebook Login
The concrete idea is something like weekly promotion feed that my clients want to allow customers to allow being posted directly on their walls. As I don't have any experience with facebook development, I'd appreciate knowing how, if at all possible, this can be achieved?
Most of what you're suggesting is against policy, and isnt' technically possible either as users need to come back to the app once every 60 days for you to have a valid access_token for them.
The Authentication docs explain how to get access to a user's information with their permission, and the Permission documentation explains which permissions grant access to which functions or fields.
Within a facebook app, is there a reliable way ensure, that a given action can only be performed once per facebook user, without asking the user to authorize the app?
From the looks of the documentation and the lack of positive responses to this question I would deduce it's impossible, but I have been told the adverse - without actual details.
So what I need to know:
Is there any way to achieve this?
or (if not):
Is there any resource that clearly states that this is impossible?
Can you give a more detailed example of what you are trying to do and which language you are trying to do it in?
If you have the ability to access the user_id through an indexable field like you have in a friend, like or event relationship, you could just store the user_ids in your own database as they take actions in your page. If they've already performed the action once, you'd just give a message to the user and drop whatever action just occurred. You can find all the indexable fields in the fql documentation.
If you want to get the id from a random user who happens across your app, they need to authorize your app before you can get access to their information.
I've seen a few scam apps on FB that manage to get user permissions as soon as a logged in user visits their page. These violate the TOS and most likely get deleted and their admin banned as soon as they are reported.
I want to set up my site to allow people to sign in using a facebook account. But in the near future I would also want to allow a provision to allow people to sign up using twitter, linkedin, even their open id accounts if they have one. However I need to set up my system so that a user may be able to login using whatever way he wishes and yet be able to maintain all his logins with his one account.
I have a users table which has the basic details:
USERS:
ID|NAME|EMAIL|PASSWORD
And think I should set up a logins table in this case like:
USERS_LOGINS
USER_ID|LOGIN_TYPE|LOGIN_ID
like in the second table if he signs up using facebook the Login type would read Facebook and id would be his fb id and so forth.
Is there any kind of service that already does this for you or any open source code I can use? My application is being built on the zend framework
Thanks
You might want to check out Janrain Engage. It will probably be the fastest and easiest way to support multiple login types.