I'm writing a Facebook plugin for my desktop application. Once user authorizes application, the access token will be appended to callback URL. If I will use regular browser (I don't like to use any html module in my app), then question is how can I get that token back to my desktop program?
Thanks!
With the Device flow, a user presses a button on their device. The device then displays a short code generated by Facebook, and the user then types this code into Facebook in a standard web-browser in order to authorize that device to access their Facebook data.
Please note that we are currently testing Device Authentication with a limited number of partners. It is not currently available for general use, and we are not accepting additional applications for access.
http://developers.facebook.com/docs/authentication/devices/
Related
I want to provide the ability for my users to log-in to my app using OAuth providers like Google, Facebook, etc. For those purposes, I've built a unified OAuth login system that involves my server, based on instructions like this: Manually Build a Login Flow. From my users' accounts, I need only default permissions plus e-mail, with those permissions I've publish my Facebook app, and review was not required.
Today I've received a message from Facebook where I was asked to specify my Facebook app platforms, and this is where the problems begin. All provided but Facebook platform templates are not quite suitable for me:
currently, I'm using my system on the mobile app, but it is pointless to specify my package ID or provide some hashes because the app is not using Facebook SDK and those data will never be, received by Facebook
also, it is not correct to give the Facebook just my website URL it doesn't use Facebook login buttons or so, for log-in process communicates only mobile app and back-end
So, here my question.
Which platform I need to specify in my Facebook App if I've used instruction Manually Build a Login Flow to build my log-in flow.
Any ideas? May be someone have experience with this?
P.S. my app built on Flutter.
I have a website which allows login via facebook functionality and displays photos from facebook.
While accessing from a mobile browser I would like the website to automatically login(when the click on FB login button, without entering username and password) if the user is already logged in via the native FB application (iOS or andriod). It seems to be that I can do that by building a native iOS or android application and use facebook single sign on feature. Is it possible to do that without having the user install anything on their mobile device?
That is not possible.
Auto-Login relies on auth tokens that will be granted to a website or mobile app after a user approves an app. For security reasons, those tokens are tight to the cause they were issued for. Particularly, web tokens and mobile tokens are not interchangeable.
So you could build a native mobile app to get a "native token", but even if you would manage to (cookie-)inject it into a browser view, your website's backend couldn't use it.
More generally, you're raising an issue even facebook can't solve: Say you are using a facebook mobile app and logged in there. If you open facebook's web version on that very same phone, you'll have to log in there again. The root cause is the same as with above. Specifically, any native app is uncapable of setting arbitrary auth cookies into the OS browser. I personally believe this restriction will not fall, because it would have a large security impact - just imagine how any app could set (and possibly get) cookies for any website.
If they've never logged in facebook from their Mobile, how will your website ever know them ?
Is it possible to do that without having the user install anything on their mobile device?
Like PC's, users in a mobile device need to login in their phone in facebook's website before being eligible to login "automatically" to your website. When I say automatically, I mean they still have to go with the first time process of "Do you authorize this app/website to do X things on your account". That message is inevitable when using facebook's api on the web.
Hope this answers your question.
Is it possible to do that without having the user install anything on
their mobile device?
No this would not be possible. You need to have a native or hybrid app (phonegapped etc) to make it work. Mobile web apps run in a browser sandbox and without native code interface - you cannot get to the native SSO of FB on your mobile device
Did you have a look at this facebook page ? I'm not sure what you ask is possible, as basav said, but maybe you'll have some clues there.
I have an app that can be accessed on mobile phones, both iOS and Android. The app has a social component to it, so people are sending data to and from my server.
I also have an interface for this app that will be accessible through Facebook.
When logging into the app via mobile device, using the native app for that device, one can just log in with standard username and password.
However, obviously if a user accesses the app in Facebook, they will expect to already be logged in since they are already logged into Facebook.
So I need to make it so that my app can take a log in from Facebook, pretty much automatically (?) for users who are coming at it from within Facebook.
Further, it's possible (dare I say "likely"?) a user might access the interface from both Facebook and one of the mobile versions of the app. In which case I need to be able to ensure that the username/password authentication they use on the device points to the same account associated with their Facebook login.
So... all that said... what kind of Facebook authentication should I be studying and implementing.? I'm looking at their documentation right now, and like all documentation, it's not easy to grasp. There is server-side (authentication code flow?) and client-side (implicit flow?), and authentication tokens, and I'm already a bit lost.
Also, I assume Facebook's approach is to want to take over my login in process completely, not live side by side with my mobile-device-only login, but I'd like to make sure users have the option of not using Facebook authentication if they don't want.
Can someone point me in the right direction for how to do this? Basically let me know which part of the documentation I should be focusing on.
And are there any gotchas I should watch out for?
Your server will receive a signed request when your app on facebook.com is loaded; from this you can find the FB uid of the user.
If you obtain the FB uid for users of your mobile device clients you'll be able to match your app's accounts between mobile device & facebook.com clients.
The bottom of the main authentication docs page gives links to further documentation for different client types. The main mobile authentication page has side-bar links to tutorials & SDKs for iOS & Android. Alternatively you could use the server-side OAuth flow as your devices have browsers that support this.
Once you've completed authentication on the mobile device it's simple to obtain the uid.
You can also use the Facebook authentication flow instead of your own username/password authentication.
Is there any different in getting Request for Permission from Facebook Users between desktop browsers users and mobile browsers users?
for example:
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=email,read_stream
When I check facebook developer documentation, I can't find info typically for getting permission from mobile browsers users.
I want to know whether I can still use my current OAuth authentication for mobile sites, to get tokens from mobile browsers users?
Any information that I am missing?
Thanks ahead.
Your current will work but there are dialogs which are more suitable for a mobile device, see below.
show a dialog to a user on a mobile device, change the subdomain of the dialog URL from www to m. Facebook will default to an appropriate view based on the user agent. To override that choice, you can explicitly specify one of two mobile display modes:
touch: Used on smartphone mobile devices, like iPhone and Android. Use this for tablets with small screens (i.e., under 7 inches) as well.
wap: Display plain HTML (without JavaScript) on a small screen, such as a Nokia 7500.
From: https://developers.facebook.com/docs/reference/dialogs/
Overview
FB.ui is a generic helper method for triggering Dialogs that access the Facebook Dialog API endpoint.
These include:
Publishing a story to the feed
Prompting the user to add a friend
**Prompting the user to authorize your application, or grant it permissions**
Prompting a payment
Prompting the user to send an application request to a friend
Prompting the user to share a link
https://developers.facebook.com/docs/reference/dialogs/
(sorry for the sloppy answer, in a hurry)
I'm using Facebook connect for request credentials to the user's information.
I'm doing it from the web browser.
If the user is using a mobile (Android/Iphone) device, all the authorization process goes inside the browser.
Is it possible to raise the Facebook application (if it's already installed) and pass all the authorization process there? instead of keep using the browser (to improve the user experience).
I can detect if the user is coming from a mobile device (by his user-agent for example), maybe I can add some special url schema to raise the Facebook application?
Thanks,
Itay.
For iPhone: try to see with openURL function. See this article for more information to launch Facebook app