I have seen many web apps supporting Facebook Connect...
But when i login through those apps sometimes the authentication is successful but nothing is returned to the app and the login page just goes to a blank page in that new windows and stops... The whole process fails... And this has not occurred once but many times...
So my question is:
Is Facebook Connect a good solution to use in apps or should i use something like Google Login or Twitter Login or OpenID or just a simple password based login or all of the things and let users choose what they want?
And if your answer is app the solutions then wont my database become messy and the app slower because it has look for more data now?
I know it depends on various factors but I just want your opinion, what would u choose and why?
Supporting Facebook connect as login function make sense only if your app has something to deal with Facebook (which is the most of our app today ;-)).
The behave of some app when sucessfully Authenticated and then Authorized is up to these app.
FB login give you all the tools to build you own user experience.
The things become a bit more difficult when you want to introduce FBConnect within already existing login base, while you have to find a way to bind the Identified FB user with your user account.
Related
As you can see on the image, spotify has a modified version of facebook login.
On the spotify app shown, user can login using either facebook or spotify account.
I wonder if its only on the looks or they were using other facebook authentication process.
I also wonder and worried if spotify could get facebook password entered by the user.
What facebook authentication they were using in here?
As you have noticed, Spotify is using a different Facebook login flow that is not listed anywhere in the official Facebook developer documentation. Since the Facebook password is entered into a closed source client, there is no way for you to know for sure what happens without heavy reverse engineering and debugging of the client. In that sense you should be worried. It goes against and devalues the good policy of "Please don't enter your password anywhere else". Thinking about differently, Facebook trusts this company enough to allow this. There might be a few more companies that have the ability to use this login flow, but I don't know.
I work at Spotify and was there when it was introduced (September 2011). We worked very closely with Facebook (I helped build some parts of the backend integration). It is not my favorite part of the client though. I would much prefer a standard Facebook OAuth 2 authorization flow. That was however one of the main technical problems in spring 2011 when we started to build this. We basically needed to embed a browser in the client to make it work properly or redirect the user to a browser and then back to the client again. There were also other reasons that I can't remember why we didn't do this.
Now when we have an embedded browser (since December 2011) it would be much easier to change. I believe this type of login flow will be phased out eventually.
Several WP7 apps (like the official FB application) provide their own login dialog and after filling it you get connected to facebook.
Further you are automatically logged in when you call the application later.
In general it's no problem to store the credentials encrypted on the device.
My question - has anyone an idea how to achive what the "offical FB app" does?
I searche around - but found nothing more then "must use the dialog / there is no other way...".
But for sure there is a way - since apps do this.
The "official fb app" also requires authentication.
the "Built in facebook support" works by connecting your LiveID to your facebook, and you still gave it your credentails when you connected it the first time.
There is nothing that exposes the "built in" credentials for any of the accounts (twitter, linked in, etc)
Can you imagine what would happen if ANY app could just automatically log in to any of those apps and do whatever they want?
I have an app that can be accessed on mobile phones, both iOS and Android. The app has a social component to it, so people are sending data to and from my server.
I also have an interface for this app that will be accessible through Facebook.
When logging into the app via mobile device, using the native app for that device, one can just log in with standard username and password.
However, obviously if a user accesses the app in Facebook, they will expect to already be logged in since they are already logged into Facebook.
So I need to make it so that my app can take a log in from Facebook, pretty much automatically (?) for users who are coming at it from within Facebook.
Further, it's possible (dare I say "likely"?) a user might access the interface from both Facebook and one of the mobile versions of the app. In which case I need to be able to ensure that the username/password authentication they use on the device points to the same account associated with their Facebook login.
So... all that said... what kind of Facebook authentication should I be studying and implementing.? I'm looking at their documentation right now, and like all documentation, it's not easy to grasp. There is server-side (authentication code flow?) and client-side (implicit flow?), and authentication tokens, and I'm already a bit lost.
Also, I assume Facebook's approach is to want to take over my login in process completely, not live side by side with my mobile-device-only login, but I'd like to make sure users have the option of not using Facebook authentication if they don't want.
Can someone point me in the right direction for how to do this? Basically let me know which part of the documentation I should be focusing on.
And are there any gotchas I should watch out for?
Your server will receive a signed request when your app on facebook.com is loaded; from this you can find the FB uid of the user.
If you obtain the FB uid for users of your mobile device clients you'll be able to match your app's accounts between mobile device & facebook.com clients.
The bottom of the main authentication docs page gives links to further documentation for different client types. The main mobile authentication page has side-bar links to tutorials & SDKs for iOS & Android. Alternatively you could use the server-side OAuth flow as your devices have browsers that support this.
Once you've completed authentication on the mobile device it's simple to obtain the uid.
You can also use the Facebook authentication flow instead of your own username/password authentication.
I've been trying to get this to work for a while, but I've apparently missed something.
All I want is to have the latest 3 or so posts from my clients Facebook page to populate and animate in a screensaver that I am building using Flash (AS3).
So far, every time I try to bring anything in, it requires a complete oAuth login and account link, but it's only a one way exchange (read-only, absolutely no writing, posting or even linking, since it's a screensaver) I'm not even sure the client wants pictures or anything.
I am currently trying to use the facebook-actionscript-api, but there isn't an option for the "App Login" type of Authentication that would solve most of my problems.
I'm at wits end and about to have to tell my client it can't be done. At least they'll always have twitter...
I don't think it is possible to get facebook feeds without an accesstoken (even if they are public). So I guess you need to define an app within Facebook and add login stuff to your app so users can give permission to your app for basic access.
Maybe this article offers some help: http://www.adobe.com/devnet/facebook/articles/flex_fbgraph_pt1.html
I'm building an iPhone app that, in part, allows the user to log in to, pull data, and post data back to a Wordpress site (more specifically, Buddypress). One way I'm considering approaching this problem is to use a series of UIWebViews to display the mobile-themed version of the site.
Ideally, I want the user to be able to, upon first-launch of the app, input their username and password, and then never have to do it again (functionally similar to tons of other social apps out there, like Facebook, Twitter, etc.)
Here's my question - obviously it is easy to store the user's login credentials, but how do I, in the background, establish an authenticated and persistant session with those credentials each time the app opens, so for the user, they are never presented with a login screen again, and can just use the app like normal?
Does anybody have any suggestions?
WordPress uses XMLRPC to authenticate. You can, on top of the API given, write your own codes to store credentials. Persistent session can then be made.
Read this FAQ : XML-RPC Support for WordPress