It might be a basic question.
And also my English is poor...
I have a web service which needs Facebook login.
With JavaScript SDK, I can get users' basic information such as user ID, name, gender.
And now there are about 10000 users.
This time, I need to access users' email address.
I know I can get email address from new users by adding scope attribute.
However, from existed users, though I can access email address, I don't know how to display authorization dialogue for permission to access email address.
Any idea? Thanks in advance!
Below is a code snippet that I have used. Basically check their permissions using /me/permissions and show a reauthenticate link
<script>
var FB_config = {
API_ID: 123123123123,
PERMISSIONS: "publish_stream,email",
};
jQuery(document).ready(function(){
// initialise FB
window.fbAsyncInit = function() {
FB.init({
appId : FB_config.API_ID,
status : true,
cookie : true,
xfbml : true,
oauth : true
});
FB.Event.subscribe('auth.statusChange', FBverifyLogin);
};
});
function FBverifyLogin(response) {
if (response.status === 'connected') {
checkPermissions(); // check permissions if the user is logged in
}
}
function checkPermissions(){
jQuery("#FBreauth").hide();
FB.api('/me/permissions', function(response) {
var permissions = FB_config.PERMISSIONS.split(",");
for(var i = 0; i < permissions.length; i++)
{
if(response.data[0][permissions[i]] == undefined || response.data[0][permissions[i]] != 1)
{
// user does not have full permissions, show reauth link
jQuery("#FBreauth").show();
break;
}
}
});
}
function FBreauth(){
FB.ui(
{
method: 'oauth',
display: 'popup',
app_id: FB_config.API_ID,
client_id: FB_config.API_ID,
redirect_uri: "http://www.facebook.com/connect/login_success.html",
scope: FB_config.PERMISSIONS
}
);
}
</script>
App permissions have changes. Please reauthorize this app
Related
I have the following code to display the users on my site.
function getFBData()
{
FB.api(
'/*fbID*/',
function (response) {
if (response && !response.error) {
/*CODE*/
}
}
);
}
getFBData();
It was working fine when a user is logged in, via Facebook plugin, into the site. But nothing is fetched when the user is not logged in.
Is a user really needed to be logged in to execute FB.api?
Actually user must be logged in to Facebook to use Facebook Api,
you can use the code below to check the state of the user to either get his data if connected or ask him to login again.
FB.init({
appId: 'xxxxxxxxxxxxxxxxxxx',
channelUrl: '//www.yoursite.com/fbsdk-channel.aspx',
status: true,
cookie: true,
xfbml: true,
oauth: true
});
FB.getLoginStatus(function (response) {
if (response.status === 'not_authorized') {
/* The user has already logged into FB but not authorized the your webpage */
}
else if (response.status === 'connected') {
/* The user has logged into FB and authorized the "App" to get their user information */
}
else { /* The user has not yet logged into FB */ }
}
It depends, you CAN use FB.api without authorization, but only for API calls that need an App Access Token. For API calls with a User Token, you do need authorization. Of course you can´t grab details of a user (by ID) without authborization, so in your case you must authorize the user.
More information about Access Tokens and login:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
http://www.devils-heaven.com/facebook-javascript-sdk-login/
The new Facebook graph api has divided friends into Friends & Invitable_friends .
me/friends/ returns my friends who are using the app while me/invitable_friends/ returns only the list of my friends who are not using the app.
But in my app,a user may interact with random users too who may not be on his friend list.
So how do i get user data for those who are using the app but are not on my friend list.
Thanks.
I went through the same issue and solved it like that: when a user starts your app by default you ask for permission to access his public profile information, which includes real ID, name and some other. You simply store the user data (id, name, etc.)in a database. This way you keep track of all the people using your app and they can interact with each other.
JavaScript Example:
window.fbAsyncInit = function () {
FB._https = true;
console.log('here');
FB.init({ appId: 'xxxxxxxxxxxxxxxx', cookie: true, xfbml: true, oauth: true, version : 'v2.0'});
Login();
};
function Login() {
FB.login(function(response) {
if (response.authResponse){
checkUser();
}
else{
console.log('User cancelled login or did not fully authorize.');
}
}
);
}
function checkUser() {
FB.api('/me', function(response) {
$.ajax({
type: "get",
url: "cgi-bin/checkUser.cgi",
cache: false,
data: {"user_name" : response.name, "u_id" : response.id, "link" : response.link},
success: function() //onSuccess,
{
console.log("user " + response.name + " checked!");
},
error: function()
{
console.log("Error with server connection on user checking");
}
});
});
}
I don't know in what language you are writing the app but I believe that in every language you should call the "login" function, which asks the user for permissions and basically gets access to info.
To get details of users who are using the app but are not your friends,call the following
graph.facebook.com/v2.0/
?ids={comma-separated-ids}&access_token=app_access_token&fields=name,picture
access_token is a must else graph-api returns following error-
The global ID xyz is not allowed. Please use the application specific ID instead.
This will work for all users who have authenticated the app no matter their authentication date,but for any non-app user graph-api returns above error message.
I’m creating a custom share to facebook functionality, which has been more complicated than I originally thought.
I’ve had to create a facebook app and then use It’s ID to get it going.
If you try to share the page on facebook, it gets you login to facebook(if not logged in), then it requests access to your profile(only on your first share), and then proceeds to share dialogue to let you share it.
However I’ve noticed that other sites including youtube and BBC, that they don’t request access to share on facebook, It will take you straight to the share dialogue instead.
Is there a way to achieve this?
Code using is below:
<script type="text/javascript" src="http://connect.facebook.net/en_US/all.js"></script>
<script>
FB.init({
appId : '*APP_ID*', // App ID
status : true, // check login status
cookie : true, // enable cookies to allow the server to access the session
xfbml : true, // parse XFBML
link : '*LINK*'
});
$('.share-print .facebook > a').click(function(e){
e.preventDefault();
FB.getLoginStatus(function(response) {
if (response.status === 'connected') {
facebookSend();
var uid = response.authResponse.userID;
var accessToken = response.authResponse.accessToken;
} else if (response.status === 'not_authorized') {
// the user is logged in to Facebook,
// but has not authenticated your app
FB.login(function(response) {
if (response.authResponse) {
console.log('Logged in');
facebookSend();
} else {
console.log('Not logged in');
}
});
} else {
// the user isn't logged in to Facebook.
FB.login(function(response) {
if (response.authResponse) {
console.log('Logged in');
facebookSend();
} else {
console.log('Not logged in');
}
});
}
});
});
var facebookSend = function() {
console.log('facebookSend started');
FB.ui({
method: 'feed',
display: 'iframe',
link: '*PAGE_LINK*'
});
}
</script>
I am using FB.getLoginStatus() and FB.Login() to log the user into my website using facebook. I first check for the status on page load using FB.getLoginStatus() and save the state in a hidden variable. When the user clicks on my facebook login button, I first check the value in the hidden variable and call FB.Login() only if FB.getLoginStatus() is not connected. If FB.getLoginStatus() returns 'Connected', then I just log the user into my website without FB.Login().
My scenario with issue
*user logs into my accont using facebook
*user logs out of my website
*my website is open in the logged out state
*in another tab, the current facebook user logs out of facebook and a new user logs into facebook
*user comes back to my website and clicks on facebook login button without refreshing the page
*the old facebook user (not the one currently logged into facebook) is logged into my account
How can I identify the most current user in facebook when user clicks the facebook login button?
<body>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
<div id="fb-root">
</div>
<script src="http://connect.facebook.net/en_US/all.js"></script>
<script>
// initialize the library with your Facebook API key
var AppID = '<%=AppID%>';
window.fbAsyncInit = function() {
FB.init({
appId: AppID,
status: true,
cookie: true,
xfbml: true,
channelUrl: 'http://<%=Request.ServerVariables("HTTP_HOST")%>/channel.html'
});
FB.Event.subscribe('auth.login', function(response) {
//alert('logged in');
});
FB.Event.subscribe('auth.logout', function(response) {
//alert('logged out');
});
FB.getLoginStatus(function(response) {
if (response.status === "connected") {
var uid = response.authResponse.userID;
document.getElementById('hdnFBConnected').value = uid;
}
else if (response.status === "not_authorized") {
//alert("Not authorized");
document.getElementById('hdnFBConnected').value = '';
}
else {
//alert("user not logged in to facebook");
document.getElementById('hdnFBConnected').value = '';
}
});
};
</script>
<img src="<%=global_language & "/images/FacebookSmall.gif"%>" />
<script type="text/javascript" language="javascript">
function WindowOpen() {
if (document.getElementById('hdnFBConnected').value != '') //user is connected
{
FB.api('/me', { fields: 'first_name, last_name, locale, email' }, function(result) {
var uid = document.getElementById('hdnFBConnected').value;
//log the user into my site
})
}
else { //user is not connected, so calling FB.Login()
FB.login(function(response) {
if (response.authResponse) {
var access_token = response.authResponse.accessToken;
FB.api('/me', { fields: 'first_name, last_name, locale, email' }, function(result) {
var uid = response.authResponse.userID;
var globalLang = '<%=global_language%>';
//log the user into my site })
}
else {
//alert('User cancelled login or did not fully authorize.');
}
}, { scope: 'email' }
);
}
}
</script>
</body>
What you're describing is normal behavior. The JS SDK is sending the old user's signed_request object which allows the new user to access her account. Since this concerns you, include a logout button on your app's page and let the user know that it's important she clicks that button when she's done using your app. The logout button should call FB.logout like so:
FB.logout(function(response) {
// user is now logged out
});
For extra security, you can create an activity timer that prompts the user to click a button after X minutes of inactivity. If the user doesn't click within, say 1 minute, she is logged out automatically. This is how most banking sites deal with session security.
I am using Facebook's Javascript SDK "FB.ui" to pull up an OAuth dialog. Once you click allow, I need to capture the session object, extract the user id and use it further in my script. For some reason I cannot get this working properly, I keep getting undefined, even though the session does exist.
<script src="http://connect.facebook.net/en_US/all.js"></script>
<div id="fb-root"></div>
<script type="text/javascript">
FB.init({
appId : '***************',
status : true,
cookie : true,
xfbml : true
});
FB.getLoginStatus(function(response) {
if (response.session) {
//do something
} else {
FB.ui({
method: 'oauth',
display: 'page',
scope: 'email',
perms: 'email'
},
function(response) {
alert(response.session.uid); //returns underfined
});
}
});
</script>
To get the userID:
FB.getLoginStatus(function(response) {
alert(response.authResponse.userID);
});
When you login from login button of facebook then it stores cookies in your system that contains your access token that is also unique. That cookies contains your facebook id also.
Check your response. I bet it says something like "display" must be one of "popup", "iframe" or "hidden". Apparently the oauth dialog cannot be called with the default "page" display. And display: 'iframe' requires that you include an access_token, which is why you're calling the oauth dialog in the first place >:l .
I don't think FB.ui can currently be used to get the oauth dialog, unless you want to use a popup, which most everyone has blocked nowadays.
So I got this to work as I would like. This may not be the best way, but after much digging around and frustration I hope this could help somebody with the same question get on the right track.
JS source:
FB.getLoginStatus(function(response) {
if (!response.session) {
//initiate FB OAuth js popup dialog
FB.ui({
method: 'oauth',
display: 'page',
scope: 'email',
perms: 'email'
},
function(response) {
if (response.session) { //if permission Allowed
var thesession = response.session;
var thesession = eval('(' + thesession + ')'); //decode json
//POSTing to local file get.user_graph.php, to fetch user info
$.ajax({
type: "POST",
url: "get.user_graph.php",
data: "client_id=<?php echo $appId; ?>&client_secret=<?php echo $secret; ?>&sessions="+thesession.session_key+"&type=client_cred&uid="+thesession.uid,
dataType: "text",
success: function(user_graph){
var user_graph1 = eval('('+user_graph+')');
alert(user_graph1.name); //users name
alert(user_graph1.id); //users id
alert(user_graph1.email); //users email
alert(user_graph1.link); //users profile link
}
});
} else {
//if permission Not Allowed
}
});
}
});
get.user_graph.php source:
//exchange our session for an access_token
define('POSTURL', 'https://graph.facebook.com/oauth/exchange_sessions');
define('POSTVARS', 'client_id='.$_POST['client_id'].'&client_secret='.$_POST['client_secret'].'&sessions='.$_POST['sessions'].'&type=client_cred');
$curl_token = curl_init(POSTURL);
curl_setopt($curl_token, CURLOPT_POST,1);
curl_setopt($curl_token, CURLOPT_POSTFIELDS,POSTVARS);
curl_setopt($curl_token, CURLOPT_FOLLOWLOCATION,1);
curl_setopt($curl_token, CURLOPT_HEADER,0);
curl_setopt($curl_token, CURLOPT_RETURNTRANSFER,1);
$token = curl_exec($curl_token);
$token_decoded = json_decode($token,true);
//get the user graph (personal info)
$user_graph = file_get_contents("https://graph.facebook.com/".$_POST['uid']."?access_token=".$token_decoded[0]['access_token']);
echo $user_graph;