If a user follows a link to my Facebook application (apps.facebook.com/instantinternetstar) and they are not currently logged into Facebook they are allowed to enter the Application instead of being prompted to 1st log into Facebook and 2nd grant permissions via Auth Dialog.
If a User is logged into Facebook, the new Enhanced Auth Dialog works perfectly and always.
Is there a variable I have missed?
Your settings may be fine. What you can do on the default page of http://instantinternetstar.com is to query the http post parameter called signed_request, decode it and it will tell you if the user is authenticated or not. Then you can display something to them so they know what you're about, before they take their time to login to Facebook, then accept your app.
Related
I'm using the Manual Login Flow from facebook to login users to my site. This means, redirecting them to accept the app, and the getting their info. (my app is also physical, ==> one browser for many people)
I got it working as I wanted, however, as they are only redirected to login, they are kept logged-in at browser-level, meaning that if another user comes after them and tries to login, they will only be shown the other person's profile, or be redirected as if they logged in.
Thus, I need a log-out method at browser-level, but I can't find any links, or api to logout a user from the browser.
Does anyone know how?
Thanks!
I want to test the log-in flow for my website that uses Facebook auth.
Unfortunately, after the first time I log into my site with Facebook, I am never shown Facebook's auth window or flow again. I' just automatically logged in.
How can I remove my permission to a particular website so I am presented with Facebook's login flow again?
just remove your app from https://www.facebook.com/settings?tab=applications
afterwards it will ask for all permissions again.
OK, so my application works fine and dandy, but I recently discovered a problem when a user is logged in "as a page". When the user is logged in as a page and goes directly to the app base url... i.e. apps.facebook.com/... it correctly identifies that the user object is incorrect and sends the user to:
https://www.facebook.com/login/roadblock.php?target_url=...
This makes the user login as the actual FB user, and it works well.
But it does not do this on the app's page tab. It just redirects to:
https://s-static.ak.facebook.com/platform/page_proxy.php?v=4
Is there a command or function in the PHP SDK that can check if the user is using as a page, and redirect them to the referred page?
There is currently no way to check if user logged in as page due to fact that Facebook doesn't provide this information and prompting to switch back to usage of regular Facebook account on any interaction with applications.
I have created a facebook connect login script in addition to the custom login script my site uses, which records FB user id and stores in my DB. It uses facebbok.php scripts provided by facebook and JS based popup login dialog (oauth).
I just authenticate user from FB account and do my own cookie based login on the basis of matched fb user id.
Now the problem is I can get logout url from php using getLogoutUrl() but how to logout silently without changing url in address bar using my logout.php? I tried destroySession() but it didnt logout fb user.
If user dont logout using getLogoutUrl() then next time when some other loggedin FB user tries to use fbconnect login the FB dialog box gives error "An error occurred. Please try later". Then I have go back to IE and logout that FB user from there and it works.
You can't "silently" logout a user using Facebook API. What you can do is test if the user is logged using getLoginStatus
I'm trying to write application for user login to website via Facebook. When user is logging in, he's redirected to http://www.facebook.com/dialog/oauth/?client_id=APP_ID&redirect_uri=REDIRECT_URL&state=STATE, then sees confirmation dialog to use permissions and all goes well. But then FB somehow remembers this application and never asks for permissions confirmation again when user opens this url. Is there any way to always show this dialog? I could do it in Twitter, but couldn't found the answer for Facebook.
If you really want this for some reason, uninstall the app from the user's account with a HTTP DELETE request to /USER_ID/permissions using your app access token.
The next time they come back they'll need to re-authorise the app.
Otherwise, no, there's no way that I'm aware of apart from the reauthentication flow to force the auth dialog to appear, but bear in mind that the reauthentication flow may prompt the user to re-enter their Facebook password even if they're already logged into Facebook, so it adds extra friction to the process
Instead of showing the Facebook OAuth dialog, you could also show the user a page on your application that has some information about the Facebook account that is going to be used (picture/name etc), to log into it. That way, if they like they can choose to log out and re-authenticate or continue knowing they have the right account.