I am writing an mobile website that I want users to check in at the current physical location and for the website to get verification of this being done. Is it possible?
Graph API Page has a connection called checkins which you can send an Http post to to check the user in at that location. It requires permissions of user_checkins and I think publish_stream.
Related
I develop a robot which is connected to the user Facebook profile. If the user receives a message, the robot tells the user to check his inbox (or it can even read the message aloud).
For that, I want to create a website where my users can register, and where they can connect their accounts with Facebook profiles. The website communicates with Facebook to receive any new information. And the robot connects to the user page on the website to get that information.
My question - is it possible to make it that way? Does the API rules allow it?
EDIT: Especially, I want to know if API rules allow it.
You could make use of the Realtime Update API (https://developers.facebook.com/docs/graph-api/real-time-updates).
Therefore, you need to setup an endpoint (service) with handles the push notification from the Facebook platform.
Once you did that, you can "listen" to the inbox connection of the user object. FB will tell you if something changed, but not what exactly has changed. So you need to implement an active pull of /{user_id}/inbox and compare the actual result to a cached past result.
Be sure to gather the "read_mailbox" permission with your app.
I have a website where users can log in with the Facebook oAuth API.
Once the user logs in or registers via Facebook it is stored in my database.
But what I'd like to achieve is, once the user goes to his Facebook application settings page and removes my website app permissions, the used should also be deleted from my database.
Is there any work around to this problem, if this is not possible via the Facebook oAuth API?
You can add Deauthorise Callback URL by Navigating to Settings > Advanced section of your application. Whenever a User Deauthorises your Facebook app, Facebook performs a HTTP POST of signed request to your URL. You may use the field user_id to determine which User has deauthorised your app.
Actually, I would do the following:
Add a date to his last log in to your site.
Have cron job check for old, unused accounts.
Send an email to the user's email address (or Facebook message mail) telling him his account is due to expire soon.
Delete account from database.
I need to implement a system to retrieve information from a user of facebook independently of the user being logged into facebook.
I have user access token in my database but every time the user needs to login on facebook.
My question is how the authentication of Hootsuite (hootsuite.com) works because there it is not necessary.Just logging in the Hootsuite is possible to recover all data from facebook.
What you are talking about (If I understand you correctly) is a breech of privacy in the eyes of Facebook. A user has to be interacting with an application in order for it to retrieve information about the user.
Facebook's API access works by means of an access_token that is specific to the user and the application that requested it. access_token's have a limited time frame that they are valid, after that the application would have to request a new one or request an extension on that token. In either case, the user would have to be interacting with the application, and therefore logged into Facebook, when such a request is made.
I'm unfamiliar with the website you referred to but it is not in the scope of this site to reverse engineer some one else's application.
When users invite friends to my application the friend gets a notification in the Facebook.
When they click this link they see a dialogue box asking them to approve my application.
How can I limit the information my app requests to almost nothing so I don't scare away potential visitors.
I don't want their email or friends list or to access their data at any time. I just want them to visit the site.
Ok Thanks to Changing the scope I have the dialogue down to this. Is there any way to get even less. I don't have any code that requires permissions. My call back just extracts the request id's.
Just don't require authentication on your landing page. Make it so that your landing page and primary canvas page do not require authentication and potential users can browse and check information about your app and look if it is what they are looking for.
Then once they make any significant action on your app when their user information is essential to proceed you can open an authentication dialog box. You can detect whether users already authenticated or not with the help of javascript API FB.getLoginStatus method:
https://developers.facebook.com/docs/reference/javascript/FB.getLoginStatus/
hope this helps
You are requesting extended permissions in the url you are directing them to for the allow. Remove anything from the querystring parameter "scope", currently you should see that
&scope=offline_access,email
or similar. Simply change that to
&scope=
Check the page on extended permissions for more info:
http://developers.facebook.com/docs/reference/api/permissions/
Your invitation is linked to application that needs extended permissions, you have two choice first one is change the link that don't needs extended permissions. Second one is if you don't use the data getting from permissions, remove the permissions from oauth dialog.
The second screenshot above it the minimum amount of permissions you can request.
It is not possible to request anything less than basic permissions. You have to have this in order for the user to be connected with your app, and so you can get their user id.
How do I make an app that doesn't ask for permission when you load it?
Or is that impossible? The only thing the application does is post to the user's wall, but can't I authenticate for that after they load the application?
You can, not sure why others are so positive that it is not possible.
On your server side you can check through facebook api if current user granted you required permission. If not, pass some flag to your fbml where you can display permission prompt link:
Would you like to <fb:prompt-permission perms="publish_stream">allow us</fb:prompt-permission> to post on your wall?
You are not obligated to require users to authorize your app either (but you need authorization before checking for granted permissions or retreiving any user information), you can still allow users to use your app. In fact allowing users to use an app without authorization is even encouraged by facebook recommendations. For optional authorization you can put such fbml on your page:
<fb:if-is-app-user>
<fb:else><a href="http://www.facebook.com/login.php?api_key=...&v=1.0>Would you like to authorize this app?</fb:else>
</fb:if-is-app-user>
If you want to post to their wall via a prompt instead of requiring prior authorization, you should use the connect library. Then you can use some javascript to open the dialog.
In fact, another SO question gives you exactly what you need.
Or is that impossible. The only thing
the application is going to do is post
to the users wall, but can't I
authenticate them for that after they
load the application?
To publish content to users' walls, you need to have the steam_publish permission from them first.