i want to connect a customer's website to Facebook using the PHP sdk (newest version). Visitors should be able to sign up using their Facebook account in order to be logged in automatically on the page itself if they are already logged in at Facebook, being identified by their profile ID which is saved in my database.
Here are my questions:
If I visit a website (which is using Facebook Login) for the first time, will this website be able to recognize whether I am logged in in Facebook or not, if I have not granted the permissions to the corresponding Facebook app yet?
If I have granted the permissions to the app and the page recognizes me as being logged in at Facebook, what does happen if I call the logout function of the PHP sdk? Will I only get disconnected from Facebook on the current page or will I get logged out on Facebook, too?
This was the case a year or so ago, but now - without permissions - you don't know who the user is. (Facebook authentication)
You will be logged out of Facebook too. (Facebook getLogoutUrl)
Related
API page is here: https://developers.facebook.com/docs/javascript/reference/v2.6
As far as I know,
If users have already authorized a web app(a website), then invoking FB.login() and FB.logout() in the web app is essentially logging user in or out of Facebook and return the web app with some data(of course you need access token to do this). Assume you have two pages opened, one is your web app, the other is facebook.com. Both logged out initially. Now if you log in with your Facebook account in the web app page, and then if you refresh the other page, you will find that both are logged in. It's similar for the case of logging out.
Well, correct me if my understanding is wrong. I totally understand there are reasons for the logic.
Is there a way to log out users from by web app but keep them logged in with the Facebook and without revoking permission?
I've tried with Google+ OAuth. It seems that using Google+ API is able to log out users from the web app and keep them logged in with Google+.
Well it is how it should be. You want your app to be an interface for the "Facebook app" login, why is that? Consider the scenarios from the user's point of view-
User is logged-in and browsing facebook. He found the useful application of yours and login to your app(providing required permissions). Before leaving your app, he logouts from the app. He then gets back to the Facebook and continue browsing there. All good!
User in NOT logged-in to the facebook. He logs into your app, browse your app then logs out of it. Then, when he open the facebook.com why will he expect that he should be looged-in to facebook automatically? I think he wont think that and he'll login to facebook and continue.
The point is simple here-
if user logs into facebook, he'll be logged-in until and unless he logs out from facebook.
if user is not logged into facebook but logs into your app, he will be logged-in to the facebook until he logs out from your app.
I have read many questions in a similar area to this and after reading about 20+ my problem is not discussed.
I have a web app using facebook login via the facebook SDK.
This is working fine on the website side of things.
However when using the getLogoutUrl( ) the users are not logged out of facebook.
I have done both destroying the facebook session (via the destroySession method) before and after (in the redirected page) accessing the getLogoutUrl link and I am still logged into facebook.
The user is not longer logged into my site but facebook remains unchanged.
I would expect that when a user accesses the link provided by getLogoutUrl that they would be logged out of facebook. However all that happens is the user is redirected back to the site and the user is still logged into facebook.
So my websites side of things works fine. But providing the facebook logout link implies that they are logged out of facebook and can walk away.
Where as in reality the users accounts is still logged in on facebook.
Why is this happening?
I cannot control facebook so I do not know what else I can do other than forwarding to the user to the logout link provided by getLogoutUrl.
I am using Facebook PHP SDK (v.3.2.2)
I am implementing Facebook Login (for the web) for the first time and I had some questions regarding the users session and and the best practices for handling logout. Right now, I am using a combination of the JS SDK (only for login flow if js is enabled) and PHP SDK.
Question 1: Should I save the Facebook access token in a PHP session or use the built in "cookies: true" feature in the SDK.
Question 2: If a user that signed up via Facebook returns to the site after a few days, should they be auto logged in, or have to click a login via Facebook button, then just be logged in?
Question 3: If a FB logged in user logs out of my site, should I log them out of Facebook or just my site?
Question 4: If a FB logged in user logs out of Facebook while also on my site (different tab) should I automatically log them out of my site?
1) You can save the access token in a database (but be wary of the expiry date) or save it in a session. Cookies would be the easiest way to manage this and takes care of (2).
2) Depending on how your handle the sessions and the SDK you use, the use would automatically be logged in (e.g. JavaScript method FB.getLoginStatus() to detect if the app has already been authed). You should have a "Login with Facebook" button on your app in any case, for new users.
3) If you use the logout methods in the SDK (e.g. FB.logout() in JavaScript SDK), the user will be logged out of both your site and Facebook. This really depends on how you want to handle this. You can log them out if your site by deleting the session / cookie.
4) You should alway check to see if the user is logged in whenever an action is taken on your site. If the user logs out of Facebook while on your site, eventually, your site should pick it up (using FB.getLoginStatus()) and ask them to login again.
3) Facebook will decide if a user should be logged out of Facebook also or only your site/app, at least when using the JS SDK. From their docs, see link for some case examples:
"The method FB.logout() logs the user out of your site and, in some
cases, Facebook." - Facebook docs
I am using facebook connect to allow users to log-in to my site using facebook. I am using the server side authentication using OAuth in classic ASP, vbscript. I want to know if one of the following is possible:
1) Can I identify if the user has authorized my app without redirecting to the Auth dialog? ie, even before the user clicks the facebook login button to log-in to my site, is there a way I can find out if the user who is currently logged into facebook has authorized my app?
2) How can I get the facebook user Id of the user who is currently logged into facebook? This is outside the facebook authentication process. Does facebook offer some api which I can use to read the fb cookie that is set when a user logs into facebook and get the logged-in users's facebook user id?
Thanks
1) Use FB.getLoginStatus from the JavaScript SDK.
2) If he’s not connected to your app yet, then not at all. Otherwise, see 1)
how can i login my website using facebook credentials that too seamlessly , when i'm already logged in my facebook account in the same session or in another session. For example i'm logged in my fb and when i open website named rottentomatoes.com in the same session or in another session , i can get automatically logged in , without doing anything , as that site use my fb account and automatically get a registered memeber of that site.
i wanna do this things in my website , like things happening with rotten tomatoes.
so far i can use fb account to login in my website using facebook connect .
please help me ....any suggestion will be welcomed.
You need to have a facebook app, then in your site use the facebook js sdk.
You always have different sessions per site, you'll need to make a session for yours, you don't use the facebook session, just the sdk.
When the user loads your page you can use the FB.getLoginStatus to check if the user is logged into facebook and is authenticated with your app, if so then you get the needed user data and can then log the user into your site.
If the user is not logged into facebook, or hasn't authorized your app then you can use the FB.login method to log the user in, when the user comes back from that process you should have the data you need in order to register/log him into your site.