I am confused as to what does the facebook logoutUrl does in the facebook integration?
Does it destroy the current session?
Would session_destroy do the same thing?
Thanks!
When we are integrating facebook, on success of the login of a user, we need to create login session by using the user details provided from facebook and the logout is actually our application logout, not the facebook logout.
According to Facebook Doc:
This method returns a URL that, when clicked by the user, will log
them out of their Facebook session and then redirect them back to your
application.
It will also invalidate the user access token so that you will no longer be able to call any graph APIs against that user.
when we loggin, we get access token , after we logout , access token also get destroyed.
so we have to logout to maintain session management in our application.
Related
I want to play around with pynder but in order to do so, I need a facebook access token.
I've googled around, and made a facebook developer profile. I have an app Id and app secret. How can I go about getting what I need to create a session in pynder?
Facebook is using OAUTH2. Basicly you have to redirect the user to facebook. He authorizes your app. Facebook redirects back to your site with a &code= Parameter.
You call an facebook endpoint an exchange the code to an access_token.
https://developers.facebook.com/docs/facebook-login/access-tokens
You can grab an access token out of https://developers.facebook.com/tools/explorer/
You should be able to change to your app and generate a token.
In the context of a facebook application what is the point in this? Since they cannot play your app till authorised and logged in. What purpose does logging them out of a facebook session and redirected to your app actually serve?
This method returns a URL that, when clicked by the user, will log them out of their Facebook session and then redirect them back to your application.
It is useful outside Facebook, in the context where the user authenticates via Facebook to log into your website.
I have created an App on facebook and I am using this app to authorize an user via dotnetopenauth.
Here I would pass APPID and APPSECRET and get the token which would be used to call Facebook Graph to get facebook user details.
If I'm doing this for the first time, user would be asked to enter username/passowrd on the Facebook website and then the session is created in the browser and it will redirect to my website as a Facebook user. This means that if I open a new tab in the current window and open facebook, user will see his/her page directly without asking for username/password. - this is obvious and understandable.
// code
request = WebRequest.Create("https://graph.facebook.com/me?access_token=" + Uri.EscapeDataString(strAccessToken));
response = request.GetResponse();
My query is:
After the scenario above, if user logs out from Facebook website OR I close the browser window, the facebook session is lost. However, I still have the access token (string in the above code) that I got while authenticating.
So, As of this moment I am not storing any user information from Facebook (not even cookies or anything else). I am just requesting user to authorize my application as a Facebook user. When user does that, I get the access token which I can use it to make calls to Graph and REST APIs. This access token usually remains same, so I really dont need to pass the applicaition id and secret to get the token next time onwards. Actually I can request the graph APIs and REST APIs with the stored token and request user details. I have tested this and works fine.
What I am looking for is, if user opens www.facebook.com, user should see his/her personal facebook page which obviosuly is possible only if I have a session in the current browser. Hence, my question was: how do I use my access token OR what call should I make with my access token so that I can set the browser session for the facebook user? Is it possible technically?
Regards,
AG
No. Your access token is used by your web server to call facebook. It's impossible (and undesirable) for this to impact the user's browser in a way that would set a facebook.com cookie so that the user would be implicitly logged into Facebook by your use of the access token.
I use the Twitter Anywhere API and OAuth to authenticate users on my website. The cookie with the accessToken expires after two hours, which is why the user needs to login and connect to Twitter regularly. The workaround would probably be to store the auth_token in a cookie and provide it the next time the user loads the page after the cookie set by twitter expired.
Now something that is not clear to me: I'm also providing Facebook as an authentification method and somehow it doesn't forget the login. The Facebook JS API doesn't store any cookies on my page, so how does it know that the user is authenticated with Facebook and my application?
are you talking about this? see the channel file portion.
EDIT: Above link has been changed. And, facebook api has changed too.
The Facebook JS API doesn't store any cookies on my page, so how does it know that the user is authenticated with Facebook and my application?
It makes a cross-domain request to facebook.com, to see if there are cookies under that domain that indicate there is a user currently logged into Facebook in some other browser window/tab.
Once it has figured out that a) there is a logged in user and b) this user has used your app before – it logs him in to your app on the fly and gives you a fresh (short-lived) user access token to work with.
I'm writing a Windows Phone App and am using the OAuth interface.
When I navigate to the auth url the first time it shows the login UI. Subsequent times I'm redirected directly to my facebook app page with showing the login UI. Presumably because the login is cached in a cookie or something. All good so far.
The problem comes in when I need to switch users. Is there a way to force the facebook oauth url to clear previous creds and show the login screen?
Thanks!
Log the user out of Facebook using the url below:
https://www.facebook.com/logout.php?access_token=ACCESS_TOKEN&confirm=1&next=REDIRECT
Now, in order to log a user out of Facebook you need to use this url:
"https://www.facebook.com/logout.php?next="+your_site_url_registered _on_fb+"&access_token="+accessToken