I'd like to build a web application which allow iPhone users to save a short memo as a todo list on the web server. The user must logon on Facebook on the iPhone before submitting a memo.
On the server side, how can I tell whether the iPhone user has logon on Facebook or not?
In a native app, FBConnect can be used to establish trust between the app and Facebook. (FBConnect calls an fbDidLogin delegate method).
It's up to you to establish trust between your iPhone app and your web service, but once you have, the app can report the FB login state along with it's requests.
Assuming you're just building a web application, I don't understand why it would be different then building a normal web application that uses fbconnect and graph api. You just happen to design it to fit a mobile browser. There's a section on authentication.
Related
When a user clicks on the login with Facebook button on our website, we call:
https://www.facebook.com/dialog/oauth?client_id=xxxxxxx&
redirect_uri=http://xxxxx.com/Account/FBLogin&scope=email,publish_stream
Inside of our FBLogin (string code) method we do two things. First we call:
"https://graph.facebook.com/oauth/access_token?client_id=xxxxxxxxx&
redirect_uri=http://xxxxxx.com/Account/FBLogin&client_secret=xxxxxxxxxxxxx&code=" + code;
Then, if the FaceBook login was successful, we login the user into our site.
What is the equivalent of this workflow in iOS? We basically want to authenticate the user on our servers as part of the Facebook authentication. So when the Facebook authentication returns successfully, our user is also logged into our system.
Many thanks!
If you're using the Facebook iOS SDK, the SSO (single sign on) workflow is more like the Javascript SDK's workflow because the user is presented with what's similar to the JS SDK's popup: either in the form of a UIWebView, Safari Browser, or Facebook app (depending on the user's setup).
One of the most compelling features of the iOS SDK is Single Sign-On
(SSO). SSO lets users sign into your app using their Facebook
identity. If they are already signed into the Facebook iOS app on
their device, they do not have to type a username and password.
Furthermore, you can get permission from users to access their
Facebook profile information and social graph.
SSO primarily works by redirecting users to the Facebook app on their
devices. Since users are already logged into Facebook, they will not
need to enter their username and password to identify themselves. They
will see the Auth Dialog with the permissions that your app has asked
for, and will be redirected to your mobile app with the appropriate
access_token.
Developers should be aware that Facebook SSO will behave slightly
differently depending on what is installed on a user's device. This is
what happens in certain iOS configurations:
If the app is running in a version of iOS that supports multitasking,
and if the device has the Facebook app of version 3.2.3 or greater
installed, the SDK attempts to open the Auth Dialog within the
Facebook app. After the user grants or declines, the Facebook app
redirects back to the calling app, passing the access token,
expiration, and any other parameters the Facebook OAuth server may
return.
If the app is running in a version of iOS that supports multitasking,
but the device doesn't have the Facebook app of version 3.2.3 or
greater installed, the SDK will open the Auth Dialog in the Safari
mobile browser. After the user grants or revokes the authorization,
Safari redirects back to the calling app. Similar to the Facebook app
based authorization, this allows multiple apps to share the same
Facebook user access_token through the Safari cookie.
If the app is running in a version of iOS that does not support
multitasking, the SDK uses the old mechanism of popping up an inline
UIWebView, prompting the user to log in to Facebook and grant access.
The FBSessionDelegate is a callback interface that your app should
implement: The delegate methods will be invoked when the app
successful logs in or logs out. Read the iOS SDK documentation for
more details on this delegate.
... when the user finishes either signing in or not signing in and returns to your app from the "popup", your app has to decide what to do based on whether or not the user logged in/authorized the app (and a valid access token received).
Please read this for more info:
https://developers.facebook.com/docs/mobile/ios/build/#implementsso
I have integrated Facebook functionality into my applications. By using the link https://github.com/facebook/facebook-ios-sdk, I have integrated the Facebook. In this application, at the time of login, it's opening Safari and at the same time the application is going to the background and then after login again it's coming back to the application. My intention is that this flow can accept the application store or not.
This is the official Facebook iOS SDK and many apps in App Store already use it. So you can use it inside your app.
Also, the flow in your question is exactly what the documentation of the library describes and is, again, used by apps that are already in App Store:
If the device is running in a version of iOS that supports multitasking, but it doesn't have the Facebook app of version 3.2.3 or greater installed, the SDK will open the authorization dialog in Safari. After the user grants or revokes the authorization, Safari redirects back to the calling app. Similar to the Facebook app based authorization, this allows multiple apps to share the same Facebook user access_token through the Safari cookie.
So, yes, there is nothing wrong with this flow.
I'm designing an iPhone/android app which needs user to login using his/her facebook account.
The app uses GAE (Google App Engine) as the background server, so the problem now is that I don't know how GAE, iPhone and Facebook authentication works.
My guess is user login FB from iPhone and will get an access_token, and then the iphone app sends the access_token to GAE so that GAE can recognize the user.
Is that correct? Or is there any tutorial about how to cooperate between these platforms?
Thanks!
Take a look at the LeanEngine open source project. It was designed to do exactly what you are trying to do - login from a mobile device to GAE with Facebook or OpenID account (and sync data between the client and GAE).
It consists of a preprogrammed GAE application and libraries for Android and iOS and if you are satisfied with the built-in functionality you really do not need to do any modifications to the server part. You can just use it as it is.
I am building a Web site and iPhone app right now. My site and app requires registration.
I have received xAuth permission from Twitter and was going to use this for the iPhone app so that users can connect their Twitter account.
Once they connect their Twitter account, if they log in to the Web, is it possible to make it so their account is still connected?
On the other hand, I am using OAuth verification on the Web. If someone connects their Twitter account on the Web using OAuth, will they still be connected if logging onto the iPhone app?
So basically, I need to make:
User connects account on iPhone app (xAuth) -> User logs in to Web site and is still connected and can post to Twitter from both
User connects on Web (OAuth) -> User logs in to iPhone app and is still connected and can post to Twitter from both
You can do this --- basically once you do the OAuth based login it generate unique Token, so after this data reading is done using Token.
Once you get Token (it can be in Phone/web) use this details between each other so that both of your application can do the rest of operation for the same user without further login.
I'm developing an iPhone app that will need a login system in order for users to post content to a server. I'd really like to use facebook connect for this as it's a very community driven app. Is it possible for me to securely authenticate with the web server without the user having to create a username and password specifically for my app?
One idea I've had is using my app's FBConnect secret key as a password for an HTTPS connection? The app would be able to tell if a user is logged in, and only connect to the server if so. This would also stop any other connections from hackers etc I assume?
Although not just restricted to Facebook, Janrain provide a great solution to login from various openid methods including facebook connect. I believe there is a free product for non-commercial use. There is a demo iPhone app on the app store to show you how it works etc.
http://www.janrain.com/products/engage
Why not just use the Facebook iOS SDK?