Let's say I have an facebook application running using the JS SDK.
First user clicks on LINK A, and I do a call to FB.login() asking for the "email" permission.
<a href="#" onclick="doLogin();>LINK A</a>
<script>
function doLogin() {
FB.login(function (res) {
//res contains authResponse, i.e. the user is logged in.
}, { scope : 'email'} });
}
</script>
Then I will do a check on authResponse to check if user logged in or not.
if(res.authResponse) {
//User logged in
} else {
//User NOT logged in
}
NOW let's say that on LINK B, I want to ask for the "user_birthday" permission:
FB.login(function (res) {
//Now res.authResponse is set even if user did NOT grant access to the "user_birthday" permission
}, { scope : 'user_birthday'} });
However when the request for "user_birthday" is made the user is already logged in to the application - and therefore authResponse will be set regardless if user granted access to the additional permission, or clicked cancel.
Is there a way to check if user gave the additional permission?
I know I can do a lookup on the api on /me/permissions - but I wonder if there's a way to do it in the FB.login() callback?
Yes, using that user access token, query me/permissions.
FB.api('me/permissions',function(permsArr){
var canGetBirthday = PermissionExists(permsArr, 'user_birthday'); // write your own PermissionsExists parser....
});
Related
I am using a Facebook app to authenticate my users, but if the user is not logged in to Facebook (I am checking it with FB.getLoginStatus()) I show him a button to log in with. The problem is that the pop-up gets blocked all the time. I have no idea why, since I am registering the Facebook log in action on ng-click.
<button type="button" ng-click="login()">Log in via Facebook</button>
...
$scope.login = function() {
FB.getLoginStatus(function(response) {
if (response.status === 'connected') {
$scope.userId = response.authResponse.userID
loginSuccess()
} else
FB.login(function(response) {
if (response.authResponse) {
$scope.userId = response.authResponse.userID
loginSuccess()
} else {
alert('You need to log in and authorize the app, otherwise you won\'t be able to take the quiz!')
}
})
})
}
Any help?
FB.getLoginStatus should be used on page load to check if the user is authorized and to refresh the User Token. You can use it right after FB.init and store the User ID if he is logged in.
FB.login must be used directly on user interaction, you are using it in the asynchronous (!) callback function of FB.getLoginStatus and not directly when the user clicks on the button.
Example: http://www.devils-heaven.com/facebook-javascript-sdk-login/
FB.Login Popup Dialog http://s17.postimg.org/47zhfnt0d/8_1_2014_6_33_34_PM.jpg
FB.Login has 3 clickable buttons:
Cancel
Okay
"Close" button on top right(close popup window)
When user click both Cancel & Okay button, call back is triggered with authResponse which allows me to process whether the user authorize the app.
But if user click "Close" to close the popup, I receive authResponse only once. The second time user close FB.Login dialog pop up, callback function is not triggered.
Here's my code:
FB.login(facebook_login, { scope: 'email, publish_actions, user_birthday' });
function facebook_login(response) {
console.log('facebook_login'); //update
console.log(response); //update
if (response.status === 'connected') {
console.log('connected');
}
else if (response.status === 'not_authorized') {
FB.login(facebook_login, { scope: 'email, publish_actions, user_birthday' });
}
else {
// the user isn't logged in to Facebook.
FB.login(facebook_login, { scope: 'email, publish_actions, user_birthday' });
}
}
I intend to prompt user 3 times to authorize the app.
### Update ###
I actually records every response my callback function received. See above update, but closing the dialog popup only return response once, with "status = not_authorized".
Clicking Cancel will have the same status returned, but login popup will show again.
My Console Log:
(source: imghost.us)
Sorry to say it, but you shouldn't try to re do the auth if the user has cancelled - if you try to call FB.login again in the callback to FB.login then the user's pop up blocker will trigger and the dialog will fail. In Chrome, for example, they will see something like this:
Instead, you should display a message to the user telling them why they need to authenticate and with a button or link below for them to try again if they change their mind.
If you are calling FB.login in the callback, this is an asynchronous event and most browsers prevent popups from appearing in this type of situation. From the Facebook FB.login docs:
Calling FB.login results in the JS SDK attempting to open a popup
window. As such, this method should only be called after a user click
event, otherwise the popup window will be blocked by most browsers.
when you click on close button, you will get reponse.status='unknown'. so you will have to check this in your code. Use this code
FB.login(facebook_login, { scope: 'email, publish_actions, user_birthday' });
function facebook_login(response) {
if (response.status === 'connected') {
console.log('connected');
}
else if (response.status === 'not_authorized' || response.status=='unknown') {
FB.login(facebook_login, { scope: 'email, publish_actions, user_birthday' });
}
else {
// the user isn't logged in to Facebook.
FB.login(facebook_login, { scope: 'email, publish_actions, user_birthday' });
}
}
Note You should have to allow popup, because popup blocker of browser will not allow this. So please check this also.
This issue could occur ONLY IF the app is opened by browsing the app URL. If viewing the app in Facebook (eg: Clicking app links on the left sidebar in Facebook home page) the FB.Login popup dialog won't even have a "Close" button.
Furthermore, re-prompt authorization after user click Cancel is not allowed if the app is running in Facebook. User will be redirected to a help page as shown below if the app attempt to ask for authorization again after user clicked Cancel.
Something similar To achieve this
Prompt user to authorize the app only ONCE, then redirect them back to the fan page, or show user a message saying something like "Please authorize the app to continue." with a re-prompt button.
function facebook_login(response) {
console.log('facebook_login'); //update
console.log(response); //update
if (response.status === 'connected') {
console.log('connected');
}
else {
var dialog = $('<div>').attr({'class':'login-prompt', 'style':'text-align:center'});
var dialog_content = 'Please authorize the app to continue.<br/><input type="button" onclick="$(\'.login-prompt\').dialog(\'close\');FB.login(facebook_login, { scope: \'email, publish_actions, user_birthday\' });" value="OK" />'
dialog.html(dialog_content);
dialog.appendTo('.contentwrapper');
//initialize and show dialog
$('.login-prompt').dialog({ modal: true }).dialog('open');
}
}
So user will see something like below after they click Cancel
(source: imghost.us)
Note: This approach of re-prompt authorization also only allowed twice if app is opened in Facebook.
I am adding facebook authentication to my website. Is there a way for me to know whether the user checked "stay logged in"?
FB.login(function(response) {
if (response.authResponse) {
FB.api('/me', function(response) {
// logged in
KNOW HERE: Did user check 'stay logged in'?
});
}else {
}
});
The answer seems to be that it is not possible to determine.
I have an app in a page tab that uses the facebook javascript sdk. When a new user comes to the app, I get the expected "Log in with facebook" pop-up. I also have some extended permissions that I've put in the scope parameter of FB.Login. After the users logs in with facebook I see the expected extended permissions pop-up. The only problem is if the user skips the extended permissions, the dialogue returns back an access_token, but it's not valid for the extended permissions. Code example below.
window.fbAsyncInit = function () {
FB.Canvas.setAutoGrow();
FB.init({
appId: facebookAppId,
status: true, // check login status
});
function updateFBInfo(response) {
console.log('updateResp:');
if (response.authResponse) {
//user is already logged in and connected
FB.api('/me', function (info) {
displayUserInfo(info, response);
});
}
else {
FB.login(function (loginResponse) {
if (loginResponse.authResponse) {
FB.api('/me', function (info) {
displayUserInfo(info, loginResponse);
});
}
}, { scope: 'email,manage_pages,offline_access,publish_stream' });
}
}
FB.getLoginStatus(updateFBInfo);
};
I guess my question is either, what am I missing (this has got to be something easy), or is there a way to check and see if the returned acces_token is actually valid?
You need to check explicitly for the permission before proceeding. If they haven't provided the necessarily permissions, you need to display FB.login() with the necessary scope again.
Here is the code for checking permissions:
FB.api('/me/permissions', function (response) {
var perms = response.data[0];
// Check for publish_stream permission in this case....
if (perms.publish_stream) {
// User has permission
} else {
// User DOESN'T have permission. Perhaps ask for them again with FB.login?
}
} );
We let users/companies add their facebook accounts to our system, and we let them authenticate those accounts after they are added, so that we can get details which are not public otherwise. so we need tell user which account to authenticate against, is this possible ?
Lets say user is already logged into facebook with account x, then he logins to our app and choose to authenticate account Y, so he will click on the authenticate link for Y and proceed to authenticate, is there anyway to enfore user to authenticate Y.
For me, the solution was, first check if user is already logged into facebook, and logout them using FB.logout. Then open the login dialog (FB.login) so that they can log into the desired account. On successful login, check that the logged in user is same as the link that was clicked on.
The overall code is some thing like this
$('.fb-login').live('click', function() {
var accountName = $(this).attr('id');
//if user is already logged in, logout him so that he can authenticate correct account
FB.getLoginStatus(function(response) {
console.log(response);
if (response.status === 'connected') {
FB.logout(function(resp) {
console.log("Logged out of facebook")
});
}
}, true);
FB.login(function(response) {
if (response.authResponse) {
var accessToken = response.authResponse.accessToken;
console.log(response);
console.log('Fetching FB account information.... ');
FB.api('/me', function(response) {
console.log('Account name, ' + response.username + '.');
//validate that user authenticated the same account as the link he clicked on
if(accountName == response.username || accountName == response.id) {
//save token
} else {
//show error
}
});
} else {
console.log('User cancelled login or did not fully authorize.');
}
}, {scope: 'perms'});
});
Yes, you will want to have logout functionality on your page. Since it's unclear as to how you've implemented your login button, I'll give one example:
Do a server-side 302 redirect the user to https://www.facebook.com/logout.php?next=YOUR_URL&access_token=ACCESS_TOKEN
The next= will be the location where the user can click to log into account Y
For your specific needs you can research here: https://developers.facebook.com/docs/authentication/