When users click on our action link on timeline, they are being asked to add the app with its proper permissions and then redirected to the object page on our website. But, when they do so, they dont become facebook-logged in to the website until they click "facebook connect" button which refreshes the page and makes them logged-in. Any comments are highly appreciated.
Well, they can’t be logged in, because Facebook hasn’t had a chance yet to set a cookie under your domain in your current flow.
Embed the JS SDK and call FB.getLoginStatus for users have arive that way, and have your page reload in the callback function (you might want to check success first, because you never know …) Then you should have them logged in. (Make sure to set cookie-parameter to true in FB.init. And make sure to call FB.getLoginStatus + reload only once.)
Related
How can I log out user from facebook without authorizing him myself?
I have a public IPad which people come to, authorize in my application and do stuff.
One of the links leads to m.facebook.com/sharer.php?u=..
When the user presses it, he is redirected to facebook, which asks for his login/pass and makes the share.
Later then the user press Logout on my site
I need to log out him from facebook some way,
so the next user who will use the ipad and press share will post to his wall and not to the first user's .
Same happens when i provide the iframe version of the Like button.
The first user logs in to facebook, makes the like, logs out of my web site,
and the next user see the like button pressed.
Thanks in advance ;)
I've just done some work with facebook recently on one of my projects and I used to visit a url to log them out it was something like
http://www.facebook.com/logout.php?redirect=your_url
It may not exactly be that as its off the top off my head but after visiting that the user got redirected to my site again logged out of facebook.
You may also have to provide a token.
Hope this helps!
I've created an app that works fine, however if the user has not authorized my app yet, they have to do the following (assuming they are in facebook AND logged in) -
go to my app
click login/authorize
popup with facebook permissions opens
accept in the popup
However I noticed with Zynga games like Mafia Wars 1/2, Farmville etc, when you go to the app, if it hasn't been authorized, it takes you straight to the permissions which is in a PAGE and not a popup, thereby eliminating one step. Also, the permissions dialog is full width, there is not app sidebar.
Does anyone know how I can duplicate this flow? It would be much easier to have users authorize within a facebook page rather than through a popup. How can I get permissions inside the page?
thanks in advance
Once user visit a Page tab with your application you can check if he is connected with your application by comparing Page ID with User ID in signed_requests, for unauthorized users ID's will be same. In that case you can start authentication flow by redirecting user's browser to "login url".
If you want it to be full page just do the redirect with JavaScript like this:
window.top.location = 'https://www.facebook.com/dialog/oauth?
client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=COMA_SEPARATED_PERMISSIONS'
If you using PHP you can construct Login URL by calling Facebook->getLoginUrl method.
Read the docs on Facebook authentication
I'm implementing facebook connect for my iPhone app. The current facebook SDK would keep you logged in unless you log out explicitly, which is fine with me as stay logged in is actually the requirement. However, I don't want the users to go press the log in button if they never logged out. In this case, I won't be able to grab the facebook object, which I'll need in other parts of my app. So I was planning to simulate the log in event anyways, but that led me to another problem: even though permissions are granted to my facebook app before, it will still pop up the authorization dialog to my users saying they have granted permissions to my app. My question is, how do I hide this? Or, is there a way that I can grab the valid facebook object without calling authorize on my facebook object when my app is restarted and the user stayed logged in?
Any suggestion would be appreciated.
You could redirect the user to https://www.facebook.com/login.php?api_key=<YOUR_APP_ID>. (This is the URL that the PHP Facebook SDK returns when you call getLoginUrl()).This will avoid the dialog and still allow users to authorize your app.
I have added Facebook Connect to my application via the JavaScript SDK. I'm using Spring Security (this is a grails app) and I have added code that when someone clicks the FB Connection button to login, I manually authenticate them against their user account and everything gets wired up appropriately. I have 2 questions:
When a user first logs in with FB and I don't have an account for them, I create an account for them with their FB info, generate a random password, and use their email for their login name. If the user then uses the regular login form instead of the FB button to sign in, how do I sign them in to FB as well?
Every time the user clicks the FB Connect button, the popup window shows up. If they are already authenticated, it just goes away and then my web site redirects correctly. How do I keep the popup window from showing up in this case?
Thanks
To you first question, the user might be connect on Facebook when landing on your page after registration. So you can rely on the Javascript SDK to help you out.
See here: http://developers.facebook.com/docs/reference/javascript/FB.getLoginStatus
To your second question, I think you can't, except you might get a work around if you use the Javascript SDK mentioned for the first question!
This is how I did it for moviezine.se and it works just fine, but it might be a little irritating to be logged in without asking for it when you come back a few days later. Then there is the use case of the logout: if you are automatically logged in, are you automatically logged out too; and if not, what if your Facebook session is replaced by your girlfriend's one who is also a user on your site! :)
I have a ASP.NET web site which uses Facebook Connect for authentication - using the JavaScript API and the Facebook Connect FBML Button.
Here is the regular flow of events for a "Connect with Facebook" button click, when user isnt logged into Facebook.
Dialog is shown requesting user to login
Dialog requests permission from the user for basic info permission
The popup is closed
The callback function i supplied for "onlogin" is fired.
All good.
Now - here's what i think is a bug: the user is already authenticated to Facebook, but has not authorised my app.
This is the flow:
Dialog is shown requesting permission from the user for basic info permission
The URL for the popup changes to http://rootofmysite.com/?installed=1&token=3e3920d309
The user is left wondering what is going on, and the onlogin callback is NOT fired.
So, the popup window is replaced with my original site, and in the querystring is the OAuth token? This looks to be the "Post-Authorise Callback" URL which used to be in the Facebook Application Settings - but has been removed. Anyway, i dont care about this URL - i request permissions/authorization using the client-side JavaScript API, as im a sure a lot of people do.
I understand the user is already authenticated, so they wouldn't need to login again, but what i dont understand is a) why the "onlogin" event handler is not called, and b) why on earth are they replacing THEIR dialog with my site and the OAuth token in the url?
At the moment, i am trying to do a "creative workaround" where i detect this URL and close the popup and call my "onlogin" handler manually (what Facebook SHOULD be doing).
Still, quite dodgy.
EDIT
It's another bug peoples. Please vote for it so they fix it.
It's a (unconfirmed) bug.
http://bugs.developers.facebook.net/show_bug.cgi?id=12260
Hopefully it gets more votes so it gets fixed - vote people!
In the meantime, i am (attempting) to employ the following 'creative workaround':
Add logic to my Default.aspx page to detect that URL they are redirecting to in the popup.
Redirect to my page, FacebookInboundAuthorization.aspx, preserving querystring.
On load of that page, register some JavaScript to close the popup and manually fire the "onlogin" event handler for my button.
EDIT
To clarify my above, i didnt mean "vote people" as in to vote for my answer here, i meant vote for the bug on Bugzilla (so that FB accept it as an issue and fix it).