We are currently using the Facebook registration plugin to sign up users (we let them signup without it too).
We were using the FB login plugin previously but needed to allow users to set their passwords for our site, which the login plugin doesn't allow.
The way the login plugin works is that on authorization the FB javascript sdk triggers an event which your client side code can subscribe to. I would like to know if there is a way to have a similar flow but using the registration plugin. That is, instead of redirecting to a specified url when the user authorizes our app, catch the registration info in a javascript callback so we can register the user through an ajax interface.
The registration plugin doesn't provide any client-side callback in place of the redirect_uri. You can achieve this with FB.login, by handling the event and using the access token and user id from the authResponse to do a Graph API call to get the info you need to populate a registration form client-side. This registration form can ask for a password, which you can associate with the account along with the user id for future seamless logins from Facebook.
Related
I'm writing a React app that needs to have a login with Facebook button.
The React app is already communicating with a PHP API that already has a system in place for registering and logging in users with a username/password. The API generates a JWT and sends it to the front-end, which stores it in local storage and uses it to authenticate the user on subsequent API calls.
I've gotten my front-end app to the point where I'm successfully opening the FB permissions dialog, and receiving a response from FB that contains a userID & accessToken after the user grants permission.
My question is:
Do I need to store the FB accessToken if I don't need to access FB's API afterwards? Can I simply store the userID and use it for authentication?
My proposed auth flow would look something like this:
User clicks login with Facebook button, grants permissions in the dialog.
My React app sends the userID to my PHP API.
The API looks up the user in our DB by FB userID. If it finds one, it sends back a valid JWT, logging in the user.
If no user is found, the userID will be stored in the app's state, and it will begin the registration process, passing the FB userID along with the rest of the registration data when the user completes registration. The API then generates a JWT and proceeds with login like normal.
Would this be wildly insecure and a would be hackers easiest-day-ever?
Or is it safe to implement?
I have a Workflow application(website) using canjs. The various steps(pages) are preloaded. A user is allowed to explore the app without login. However if the user wishes to save the workflow, they must login. Alternatively the user can login at any of the steps in the workflow.
The application has a provision for users to login using Facebook and Twitter.
The backend consists of Laravel and Socialitelinkpackage take care of the login process.
As Facebook and Twitter use OAUTH the login work flow is as follows :
Client calls a login init route.
The route redirects to a login page of the social login provider(FB or twitter)
User Authenticates/Authorises your app
The user is redirected to a success route (say /success_callback) on your app. At this point we can use Socialite package to get the user information.
The issue I'm facing is that I don't want to reload the APP on the client browser. So how to inform the client from /success_callback if the user has logged in or not, etc.
I have been checking this document to find out how to authorize my user but I couldn't see any signup information on the UBER API itself. You can easily login and authorize the existing user but how do you actually sign up using the API? Which API calls to make?
Cheers
Visit this URL to register and manage your Uber client apps:
https://developer.uber.com/apps
It will prompt for your Uber credentials if you're not logged in.
What do you mean by sign up using the API?
Actually Uber can let you login via Uber's login page and you can input the credentials in the form and submit it; once you pass this authentication, you will get a web page saying if you want to allow your third party app to access user's info; then once you allow or deny it, Uber will redirect to the redirect_url you registered earlier on your app dashboard and send an authorization code to it; then you could use this code to exchange for the access_token for further use.
In stead of website build-in login form, I use Facebook login to get user authentication, then they can browse all other page on my website.
My question is how to store user permission so that in all page, my website recognize that the current user is a authenticated user?
Is there any function in Facebook SDK provided these feature or I should use basic PHP function?
Thanks
The SDK itself doesnt offer you such a method to store the data. You have to do this by your own. There is own programmed component that can manage such for you. It stores the access_token for the users in a database. This can directly done via ajax. You can request for users permissions and store the data in the database...in one step!
Have a look at http://www.facebook.com/pages/Helper-Component-Community/222933037808340?sk=app_412923142052609
I'm building a Page Tab application that will allow Facebook users to make purchases through our client's FB page directly. In order to do that, once the user arrives at checkout, it must be authenticated and the user must be logged in in order to obtain their e-mail address.
However, when I try to authenticate the user via the URL:
https://www.facebook.com/dialog/oauth?client_id=APP_ID&redirect_uri=REDIRECT&scope=manage_pages%2Cemail
Instead of staying within the iframe, it redirects the entire Facebook page, making it impossible to easily authenticate the customer and continue on to checkout.
I'm referencing a similar app that does exactly what I need, but they seem to be using FBML which, to my knowledge, is being deprecated in 2012. If using this URL is an incorrect way to authenticate a customer in a Page Tab app, what would be the proper way to do this without the use of FBML?
Why are you using authentication dialog via that URL? How about using javascript SDK function, FB.login() instead?
http://developers.facebook.com/docs/reference/javascript/FB.login/