Authorise more than one Facebook app at a time - facebook

I work for an organisation that is partnering with another group. Each of us will have a body of users logged into Facebook. What we want to do is to make it possible for a user who is signed in under my group's app id to see all his/her friends some of whom will also be logged in under that id, some of whom will be logged in under the partner org's app id.
The idea we had in mind was that it might be possible to grant permissions on auth to both app ids in one go. Is that possible? If not, does anyone have any idea how we could share this kind of presence data without also sharing all other user details?

No, that's not possible, though I don't see why you can't just use the same App to have multiple pieces of functionality

Related

When do I need to submit my app for Facebook review (when only reduced group of people will use it)?

I am creating an app that only a specific list of users will use, and I need Instagram Public Content Access permission (and some other permissions) for them (I have my Instagram Business Account all set up and connected with Facebook page).
On https://developers.facebook.com/docs/facebook-login/review/examples/#screencast there is stated:
You do not need to submit your app if it will only be used by you or
by a reduced number of people. Any account listed in the Roles tab in
your App Dashboard, such as admins, developers and testers, can access
all permissions and generate a user or page access token.
So I just want to make sure, that it is completely fine in my case to keep my app in development mode and let my users use it like this (so I don't need to submit my app for review as long as all the users are going to have their role assigned in my app), and that these permissions are not intended just for a limited time period or only for testing/development purposes.
Thank you for any answer.
What you quoted there, is applicable to permissions your app is going to ask its users to grant to it.
Instagram Public Content Access is not a permission, it is a feature. You need to get it reviewed, if you want your app to be able to access content that the users of your app do not have admin access to.
https://developers.facebook.com/docs/apps/review/feature/#reference-INSTAGRAM_PUBLIC_CONTENT_ACCESS

Can Facebook users on a facebook app be anonymous?

I'm trying to create an app for closeted and questioning youth on facebook, and an important feature would be the ability to be anonymous on the app. I've been trying to find out if people can be anonymous on facebook, but this sounds like it's not allowed. Could facebook users make a new user account within a facebook app to protect their identity?
Thanks,
Colby
No, they cannot create a new facebook account from facebook app. And facebook has nothing to do with making a user anonymous, if user has given your application required permissions then you can have all the information about user, its up to you either you want to make that user an "Anonymous user" or show his profile pic/information.
Some suggestions:
In App Settings > Auth Dialog there is the setting Default
Activity Privacy which you should set to Only Me.
When a user authorizes your app store as little information as is
necessary, and prominently display your privacy policy explaining
what type of information you store, why, and how you will never
share it with anyone.
(optional) Store userids in your database as md5 hashes so that even if someone gains access to that database, they won't know who
the users are.

facebook register/login

I'm trying to implement facebook connect to my website, and i have couple questions.
1: Is it possible to register user in my website using his current facebook email/password.
Let's say user clicks on link Register via facebook and then he have to give me permisions to access his password, email, etc... and after that is done i put that info in my own database and he will be able to login with that account any time he wants without needing to give me permisions any time in the future.
2: If that kind of registration is not possible, what's other solution would be the best for me? Because i need to somehow keep track of that user who logged in with facebook, because he can upload photos, send messages etc.
Anyways, i'm quite new with facebook and similar things, so i'm really lost here, hope some one can help me :)
EDIT Thank you all for wonderful answers it helped me a lot, now all that's left is to read documentation :)
Yes it is, it is possible to get the information of the user. But it is rather complicated, when you have never dealt with it.
First you need to send the user to the following link:
https://m.facebook.com/dialog/oauth?client_id=your-client-id&redirect_uri=xxx&scope=listof-information-you-want
Facebook will then return your client to the uri specified, if the user rejected it will give a reason. If it is not you will get an code in urlencoded format.
This code is needed for the following step, the request of the access token:
https://graph.facebook.com/oauth/access_token?redirect_uri=xxx&client_id=xxx&client_secret=xxx&code=xxxx
This will give back an access token, if the authorization didn't fail.
After that you can ask for the information you want:
https://graph.facebook.com/me?method=GET&metadata=true&format=json&access_token=access_token
This will include a facebook uid, which is unique for all users. Store it and you can discern between a register and login.
This is roughly the process for any oauth2 application.
Facebook will not ask repeatedly for permissions after the user granted them to you. So you can store the access token and reuse it for backend stuff and also use the same procedure you use for register for login.
You can never access the user's password from Facebook even with his/her permission, so the user will always have to authenticate via Facebook and have Facebook pass you the user id of the logged in user once authentication succeeds. You can store all kinds of other data locally, but not enough to authenticate the user yourself.
Once the user is authenticated, you'll have access to the user's Facebook user id via the API, which should be enough to connect all kinds of information to that specific user.
Facebook does not provide access to accounts when passwords are taken from your controls. It provides it own canvas for login information. Therefore you cannot use your first approach to store passwords in your databases. Check this out.
You can however store email addresses once user logins into his account using the facebook sdks. Check this out link for the example of C# SDK sample code.
You can use the Facebook APIs to fetch user email-id, photos, friendslist and other information and then play around accordingly.
You don't get access to the users password - only email if you ask for it.
Best way would be to have a table of users and their Facebook account id's.
If you want to allow users to sign up without Facebook then have a nullable field for their password and facebook id, and also have a field for username - which you could populate from Facebook if they register via that route.

Retrieve User ID before application permissions

Is it possible to retrieve an user id before agreeing to give permissions to an application?
I'm trying to salute a user before agreeing to the permission request. But for that I'll need to know his/her user id so I can access the info via graph API.
The idea is to do it when he/she is visiting for the first time my page app.
http://apps.facebook.com/xxxxxxxxxxxxxxx
Any idea?
This is NOT possible. Facebook WILL NOT share the user id with any app without the user explicitly allow that (partners are always a special case).
No it is not possible.
The only way to get the details of the current user is to issue a request to
https://graph.facebook.com/me?access_token=ACCESS_TOKEN
But here the problem is to get the access token, user should allow the application first.

How long can I access a friend's list offline after that person connects via facebook connect?

I want be able to send a list of friends & recent additions from someones facebook account to an email address daily or weekly.
Looking up online, I think the best approach would be to setup a website, where a user would facebook connect with their facebook credentials & accept all terms including accessing their friends list. The website would then run a batch job nightly to access that persons friend list, do a matchup and then send an e-mail with the summary of their findings.
Is this possible? Can I just do a onetime login and get forever access to someones friend list, assuming they do not manually revoke access to the application within fb? looking for suggestions. I know there is way to access a profile offline, but how long is that session available for? I know the policy has changed, AND can change in the future by trying to understand the current state of accessing a friends list offline.
Also, am I violating any policies by doing this?
You need to ask the user for an offline_access permission and read_friendlists permission, that way you'll get an accessToken that does not expire.
More info here: http://developers.facebook.com/docs/authentication/permissions
as long as you don't save data you'll be fine