I'm working with Oauth and I have one question for the following scenario:
If I'm already logged in with twitter in my app, then the user opens a new tab and browses through twitter and then sign out from twitter (from the twitter tab).
What I want to achieve: once the user logs out of twitter, I want my app to notice this and automatically log out the user from the app.
Is this possible?
Thx
AFAIK None of the big oauth providers broadcast a log out event you can listen to.
You can achieve close to what you want by setting the timeout of your session cookie shorter.
Related
today I've an hard question that it causes me some problems.
I'm beginning to implement, for the first in my life, the Facebook Login/Connect in my iOS application.
What's strange? Nothing so far, except I want that the users can ONLY login in the app with Facebook Login, not signup. I explain better: only the users that are already registered in my website can use Facebook Login for logging in.
Website: users can signup with Facebook Connect
iOS app: users can use Facebook Connect only if they're already connected in the website with Facebook Connect.
Is it possible or is an illusion? For example if there's a way to get the facebook uuid of the logged user before show the permission popup it would be great, because I check for this uuid in my database and if exists I'll allow to connect the user.
On the website side
Your user logs in, then authorizes to use your app. As soon as she is authorized, add her user id to your database.
On iOS side
Your user logs in. As soon as she logs in you have access to her user id. So, before showing the main app screen display a loading graphic. Send a request with the user id to your server. The server replies that she is authorized and you proceed to show your main app screen. OR, the server replies that she is not authorized and you proceed to show an error message that instructs the user to first authorize on the website (maybe this screen should have a retry button).
if i get your question .. you can build an Api_service on your website through it you can send the user email from the application and check if this mail registered on your website .. so before the user login to Facebook you make a request to call this api > you returned a value to your app tell you that the user is registered in your site or not .. so then you can allow just the user's you want to login fb.
I'm trying to write application for user login to website via Facebook. When user is logging in, he's redirected to http://www.facebook.com/dialog/oauth/?client_id=APP_ID&redirect_uri=REDIRECT_URL&state=STATE, then sees confirmation dialog to use permissions and all goes well. But then FB somehow remembers this application and never asks for permissions confirmation again when user opens this url. Is there any way to always show this dialog? I could do it in Twitter, but couldn't found the answer for Facebook.
If you really want this for some reason, uninstall the app from the user's account with a HTTP DELETE request to /USER_ID/permissions using your app access token.
The next time they come back they'll need to re-authorise the app.
Otherwise, no, there's no way that I'm aware of apart from the reauthentication flow to force the auth dialog to appear, but bear in mind that the reauthentication flow may prompt the user to re-enter their Facebook password even if they're already logged into Facebook, so it adds extra friction to the process
Instead of showing the Facebook OAuth dialog, you could also show the user a page on your application that has some information about the Facebook account that is going to be used (picture/name etc), to log into it. That way, if they like they can choose to log out and re-authenticate or continue knowing they have the right account.
I'm implementing facebook connect for my iPhone app. The current facebook SDK would keep you logged in unless you log out explicitly, which is fine with me as stay logged in is actually the requirement. However, I don't want the users to go press the log in button if they never logged out. In this case, I won't be able to grab the facebook object, which I'll need in other parts of my app. So I was planning to simulate the log in event anyways, but that led me to another problem: even though permissions are granted to my facebook app before, it will still pop up the authorization dialog to my users saying they have granted permissions to my app. My question is, how do I hide this? Or, is there a way that I can grab the valid facebook object without calling authorize on my facebook object when my app is restarted and the user stayed logged in?
Any suggestion would be appreciated.
You could redirect the user to https://www.facebook.com/login.php?api_key=<YOUR_APP_ID>. (This is the URL that the PHP Facebook SDK returns when you call getLoginUrl()).This will avoid the dialog and still allow users to authorize your app.
I'm writing a Windows Phone App and am using the OAuth interface.
When I navigate to the auth url the first time it shows the login UI. Subsequent times I'm redirected directly to my facebook app page with showing the login UI. Presumably because the login is cached in a cookie or something. All good so far.
The problem comes in when I need to switch users. Is there a way to force the facebook oauth url to clear previous creds and show the login screen?
Thanks!
Log the user out of Facebook using the url below:
https://www.facebook.com/logout.php?access_token=ACCESS_TOKEN&confirm=1&next=REDIRECT
Now, in order to log a user out of Facebook you need to use this url:
"https://www.facebook.com/logout.php?next="+your_site_url_registered _on_fb+"&access_token="+accessToken
I want to implement a "remember me" feature on me website using the facebook connect.
On my website, i have the possibility to do the login by two distinct ways:
Normal login
Facebook Connect
When an user performs the login with facebook connect, even if he logs out on his facebook account, i want to keep him logged in on my website. He will only log out if he clicks on the logout button on the website.
Is there a way to do this?
Thanks in advance
Here is a tutorial using PHP that demostrates how to use Facebook connect. If you read the section about the login page, you'll see that Facebook does some funky javascripting that creates session cookies on your domain based on the login status on Facebook. You might be able to manipulate the API to give yourself the persistance that you're looking for.
Good luck, and hope this helps some in your project.