Our dashboard web app incorporates API feeds from multiple third-party membership websites. When we're on-boarding a new user, we'd like to use FB Connect and OAuth to
verify identity of user
grant permission to our app to access FB graph data, and
determine if the user has previously approved some of those third-party services we incorporate.
We would like the user to be able to grant us permission to connect those services on behalf of the user as well, all in one OAuth session. Is this possible?
I.e. if we provide FB with a list of our services that we connect to, can we get a yes/no from FB Connect as to whether the user has pre-approved those services elsewhere using FB Connect? Then, we would provide a secondary approval page to the user saying "looks like you've already logged in to these X, Y, and Z apps which we use in our dashboard. Would you like to grant us access to those apps as well and pull them in to your dashboard?"
No, this is not a feature of the Facebook API - you'll need to use each site's Oauth flow in succession
Related
When using facebook apps like chatfuel and manychat (which are bot creation platforms), these apps request permissions that allow them to manage my pages and send messages.
I want to create a similar app that allows users to send messages from their pages through my app, but I can't find how to request such permissions in Facebook's documentation.
You need to be given the administrator role for each Page, then connect your app to the Page and generate a page-scoped token for each one.
I have a REST service that my mobile app uses to authenticate when the users click on the Facebook or Google icons.
The service accepts the user's id from the provider and checks if it exists on the database and then issues the access_token to be used for the other methods.
The problem is that I just thought that it could be pretty easy for someone to intercept the calls and discover which service authenticates and what the user id is and then call it with to get a token.
How can I avoid this?
I think you just need to separate the authentication and authorization functions. You can let Google (Google Sign-In) handle authentication. If you follow the API they will securely authenticate the user and send you the token which you can validate.
Once you know who they are for sure, your site can safely authorize that user approriately. For example, they might be an existing user, need to make an account, be an administrator. You can make those authorizations on your site based on the user authenticated by Google (in my example).
Twitter, Facebook and others do the same. Also see OpenID Connect.
Is there a way to add an administrator to a Facebook application from the API?
We have an app that we have full code access to, but are not able to access the admin panel in Facebook. The client unfortunately doesn't have access and has come to us for help.
I haven't yet found anything in the API that would allow us to add an app administrator and was wondering if anyone knew how.
Yes, you can post to the Application's 'roles' connection via the API, documentation here: https://developers.facebook.com/docs/graph-api/reference/app/roles#publish
It's a HTTP POST request to /<App id>/roles?user=<USER ID>&role=<ROLE> using a user access token from one of the existing admins
Possible roles are 'administrators', 'developers', 'testers', or 'insights users'
You'll need an existing admin of the app to authorise it, and you'll need the app access token to get a list of who those existing admins are
Say someone signs up with facebook. Then he wants to tweet a place. Well, I need to connect his facebook account with the account he created using twitter.
Is it commonly done?
Usually a custom application has its own database of its native user accounts and then each native user account can be associated with external services accounts.
Say, your user can associate their Facebook account and their Twitter account with their native account in your application, and then interact with those external services alike.
I'm using the Facebook C# SDK from the web application associated with our Facebook application. I'm in the "Administrator" role for the Facebook application - how do I check for that role from my web app?
There is a way of doing this via the accounts property on the user. It gives you an array of pages and apps for which the user has admin privileges.
Unfortunately it will require quite a scary extended permission from September: manage_pages.
Try having a play with the new Graph Api Explorer. Click on the accounts connection (in the right-hand column) for your user.
there's another way:
you can also access the app roles directly via the graph api and you need only the app access token therefore.
https://graph.facebook.com/APP_ID/roles?access_token=APP_ID|APP_SECRET