today I've an hard question that it causes me some problems.
I'm beginning to implement, for the first in my life, the Facebook Login/Connect in my iOS application.
What's strange? Nothing so far, except I want that the users can ONLY login in the app with Facebook Login, not signup. I explain better: only the users that are already registered in my website can use Facebook Login for logging in.
Website: users can signup with Facebook Connect
iOS app: users can use Facebook Connect only if they're already connected in the website with Facebook Connect.
Is it possible or is an illusion? For example if there's a way to get the facebook uuid of the logged user before show the permission popup it would be great, because I check for this uuid in my database and if exists I'll allow to connect the user.
On the website side
Your user logs in, then authorizes to use your app. As soon as she is authorized, add her user id to your database.
On iOS side
Your user logs in. As soon as she logs in you have access to her user id. So, before showing the main app screen display a loading graphic. Send a request with the user id to your server. The server replies that she is authorized and you proceed to show your main app screen. OR, the server replies that she is not authorized and you proceed to show an error message that instructs the user to first authorize on the website (maybe this screen should have a retry button).
if i get your question .. you can build an Api_service on your website through it you can send the user email from the application and check if this mail registered on your website .. so before the user login to Facebook you make a request to call this api > you returned a value to your app tell you that the user is registered in your site or not .. so then you can allow just the user's you want to login fb.
Related
I have a web app from which users can schedule messages to be posted to their social networks. My app doesn't use Facebook as a login mechanism to access it, you login using a regular user. Facebook Login is done inside the app when users explicitly ask to, so they can select where (wall, list, group, etc.) their messages would get posted.
Is Login with Facebook required for my app review to be successful?
Thanks
I am using Facebook login with the Facebook javascript sdk. I have implemented all the login flow. I want to know what I should to do to start a session on my application. From Facebook docs https://developers.facebook.com/docs/facebook-login/login-flow-for-web:
Once your app knows the login status of the person using it, it can do one of the following:
If the person is logged into Facebook and your app, redirect them to
your app's logged in experience.
If the person is logged into Facebook but not your app, prompt them with the Login dialog.
If the person is not logged into Facebook, prompt them with the Login dialog.
I want to work on the first one: redirect them to my app's logged in experience. But I do not know how to recognize the user and start the new session on the server so that he can access personal data. I thought a possible solution might be to send the accessToken received on the client to my server, then ask to Facebook's servers if that is a valid token, if so then start a new session for the recognized user, otherwise ignore the request. Is that a correct flow?
how can i login my website using facebook credentials that too seamlessly , when i'm already logged in my facebook account in the same session or in another session. For example i'm logged in my fb and when i open website named rottentomatoes.com in the same session or in another session , i can get automatically logged in , without doing anything , as that site use my fb account and automatically get a registered memeber of that site.
i wanna do this things in my website , like things happening with rotten tomatoes.
so far i can use fb account to login in my website using facebook connect .
please help me ....any suggestion will be welcomed.
You need to have a facebook app, then in your site use the facebook js sdk.
You always have different sessions per site, you'll need to make a session for yours, you don't use the facebook session, just the sdk.
When the user loads your page you can use the FB.getLoginStatus to check if the user is logged into facebook and is authenticated with your app, if so then you get the needed user data and can then log the user into your site.
If the user is not logged into facebook, or hasn't authorized your app then you can use the FB.login method to log the user in, when the user comes back from that process you should have the data you need in order to register/log him into your site.
I am creating an app in which you can login via Facebook, Twitter, or our own internal mechanism. The issue is the following scenario:
I open the app and login using Facebook
I logout
I open the app and login using Twitter
The above scenario will result in me as a user having two accounts in the system. How do I prevent this from happening so that I have one account and it doesn't matter whether I login using Facebook/Twitter?
Every time a user login using Facebook I am as well creating an internal account, with the Facebook username and Facebook id as password. The same thing when I login using Twitter I am creating an internal account with the Twitter user name and id as password.
An idea came in my mind to solve this:
When a user logs in using Twitter check the name and email if a user with that information already exists in the database. However, the name and email they use in both Facebook and Twitter might not be the same, so this might not work all the time.
You can't make this work with your current flow (when the user logs in then logs out again). Instead you should allow a user to login with either their Facebook or Twitter credentials and then, whilst they're still logged in, get them to associate their account with their other service with that user.
So, the flow would be something like:
New user arrives at site User logs in with Facebooks oauth2
mechanism
Your server receives their FB ID and generates a new user
in your systems. Stores their FB ID against that user.
You prompt
the user to add their twitter auth credentials. User logs in with
Twitter oauth2 mechanism
Your server receives their twitter ID,
checks to see if a user is currently logged in with your
application. Because there is, you save the twitter ID agains the
current user.
Later, the user can log out and then log in with either service.
i have iphone application that using facebook connect.
users login to the iphone application using facebook connect.
and then i receive their sessionKey back to my server, and i am using the sesssionkey to post actions to users wall.
the iphone application keeps the user logged in allways.
which means that every times the user will open the application, he will not need to make login again.
the problem is that, when the user change his facebook password
the user sessionKey also changes.
and when the user enter to my iphone applicaiton,
the user is shown as loggedin, and then i recieve to my server
the user old sessionkey, and when i try to post to the user wall
facebook tells me that the session is inavlid.
it is ok because the user change his password and the session changes too.
my question is
how can i check in the iphone if the session key has changed ?
and if it changes to promote the user to make login again.
It sounds like you've answered your own question. If you have a seemingly infinite session which is suddenly invalid, just ask the user to log in again when you first discover the error.