I'm new to all this. This is what i'm after and i'm sure it's possible.
I've got a script where people can register/login in to as members. What i'd like to do is tie it in so that it just uses Facebook users details for the registrations. I've managed to set it up to sign up and and complete a registration using a user's name and email.
What i'd like to do now is automatically log the user in if they're logged in on facebook, is this possible or will they need to click a login button that then takes them to their page? If they need to click a button to login, how do I go about getting the button to take their facebook details and log them in? Also what happens in regards to passwords on my site? Is that stored in the app somehow?
Ideally i'd like to use the popup version of verification rather than the iframe that i've got set up at the moment.
Cheers in advanced for any help for a n00b!
This is in fact possible. Although I for my part was never a fan of such things here's some human-readable (simplified) theory:
Facebook uses a system called OAuth ( http://de.wikipedia.org/wiki/OAuth ). That means, when you want to have the user login onto your site using Facebook you'll of course need to provide a button/facebook-login-frame (see documentation) that says "Log me in with Facebook" or so. You then access Facebooks API (more here: https://developers.facebook.com/ ) and basically tell Facebook who you are ("Hi I'm website XY"). While that happens your user is redirected to Facebooks "permission-landing-page". On that page he needs to confirm whether he is fine with your website accessing certain information (like his name). If he confirms your website receives an access-token granting you access to a subset of his user information which you can then use to personalize his expeirence on your website.
Check out facebooks documentation because they explain exactly your usecase in detail.
(here: https://developers.facebook.com/docs/authentication/ )
PS: You'll of course never have any access to his Facebook login/password. That's kind of the idea behind "delegating" the authentication via OAuth to Facebook. Facebook only provides you with an access token (bound to that particular user who logged in and granted your app/website permissions)
Related
Now, I wish to redirect to a private Google group on click of a button on my website along with search parameters. I have generated the required URL using perl. Then I made a simple redirection using . It works when the user is already logged in(using cookies). But it doesn't work if the user has not logged in. I wish to redirect to Google's login page to make sure the user has logged in and thus can access the private group. How do I do this? I read some documentation mentioning OAuth. Is this the only way?
Typically Google handles the login themselfs. A user not logged in will be redirected to their login page first.
You can't use OAuth to log someone into a foreign (aka Google own) service. You could use OAuth to check if a user is logged in at all, but it's not necessary.
The Dancer::Plugin::Auth::Google documentation has a pretty good description on how to setup a Google OAuth login. The Auth::GoogleAuth module might do the job (with less documentation) without using Dancer, but I never tried it myself.
The Facebook Platform Policies section 1.6 clearly states
Your website must offer an explicit "Log Out" option that also logs the user out of Facebook.
The Login Flow for Web without Javascript SDK says on Logging people out
You can log people out of your app by undoing whatever login status indicator you added, for example deleting the session that indicates a person is logged in. You should also remove the stored access token.
On the other hand the Login Flow for Web says about Logging people out
Note: This function call will also log the person out of Facebook. The reason for this is that someone may have logged into your app and into Facebook during the login flow. If this is the case, they might not expect to still be logged into Facebook when they log out of your app. To avoid confusing people and to protect personal security, we enforce this logout behavior.
So in my understanding the Login Flow with JS SDK does what the policy says, it logs the user out of Facebook as well. How do I implement the Login Flow without JS JSDK correctly, such that i do not violate the Facebook Platform Policy? So far i don't see that the Graph API offers a similar functionality.
That should be easy, looking at the PHP SDK’s method getLogoutUrl, that creates an URL of the following scheme:
https://www.facebook.com/logout.php?next=FOO&access_token=USER_ACCESS_TOKEN
For FOO you just place the URL of your website where you want the user to be redirected to after they are successfully logged out of Facebook (don’t forget to properly URL-encode that value), and USER_ACCESS_TOKEN should be self-explanatory. (You need an active user access token to log the user out of Facebook – obviously, because otherwise every site on the web could just redirect me to this address and log me out of Facebook, without me actually wanting that to happen.)
Here's the problem,
I want to have the user auto login to my MVC3 website if they already login from facebook.com.
If they are not login from facebook.com, I will just simply show a login button and they can login by clicking on it as usual.
I cant seem to find a way to detect whether user had login from facebook.com unless I force the application to direct go into LoginUrl of Facebook, which is not good for user who was not logged in as this will prompt them a page where they have to login. I still want to allow guest access without facebook account.
Any idea? Thanks a million.
EDIT:
Sorry I forgot to mentioned the situation only apply to user who approve to use my app. Once they approve to use my app, I'll be able to detect their facebook login status.
The answer is: You can't. At least not without violating the facebook TOS and probably at least one or two laws.
EDIT: Your original question sounded like you wanted to try and hijack the facebook user session. What you are talking about here in the comments requires you to use facebook connect / facebook for websites.
You would want to start here: https://developers.facebook.com/docs/guides/web
i'm using the registration plugin for my website
http://developers.facebook.com/docs/plugins/registration
i want permission to post users's wall is there any way that on the same log in
( on the registration ) the user will promp to agree for the permissions (authentication)?
thanks !
From the Facebook Developer Forum:
There is no way at the moment to requests extended permissions through
the Registration Plugin so you'll need to request it afterwards.
It goes on to acknowledge that this is a missing feature that should be added at some point.
From what I can find, it looks like the legacy fb:prompt-permission tag would be a great way to ask the user to grant the permission. However, Facebook is in the process of deprecating FBML, so that's probably not a good idea.
The Facebook Authentication documentation explains how to gain the additional permissions using the latest OAuth model. I am still struggling to wrap my head around this myself.
Since you're using Facebook registration I'm assuming you have a database that collects user info. So what you need to do is not rely on Facebook to see which user has registered with your website but instead use the simple login with permissions on first time users and then after they are "connected" to your website check to see if they are in your database or not, if not send them to the Facebook registration plugin page and force them to register. :)
I want to implement a "remember me" feature on me website using the facebook connect.
On my website, i have the possibility to do the login by two distinct ways:
Normal login
Facebook Connect
When an user performs the login with facebook connect, even if he logs out on his facebook account, i want to keep him logged in on my website. He will only log out if he clicks on the logout button on the website.
Is there a way to do this?
Thanks in advance
Here is a tutorial using PHP that demostrates how to use Facebook connect. If you read the section about the login page, you'll see that Facebook does some funky javascripting that creates session cookies on your domain based on the login status on Facebook. You might be able to manipulate the API to give yourself the persistance that you're looking for.
Good luck, and hope this helps some in your project.