I've created an app that works fine, however if the user has not authorized my app yet, they have to do the following (assuming they are in facebook AND logged in) -
go to my app
click login/authorize
popup with facebook permissions opens
accept in the popup
However I noticed with Zynga games like Mafia Wars 1/2, Farmville etc, when you go to the app, if it hasn't been authorized, it takes you straight to the permissions which is in a PAGE and not a popup, thereby eliminating one step. Also, the permissions dialog is full width, there is not app sidebar.
Does anyone know how I can duplicate this flow? It would be much easier to have users authorize within a facebook page rather than through a popup. How can I get permissions inside the page?
thanks in advance
Once user visit a Page tab with your application you can check if he is connected with your application by comparing Page ID with User ID in signed_requests, for unauthorized users ID's will be same. In that case you can start authentication flow by redirecting user's browser to "login url".
If you want it to be full page just do the redirect with JavaScript like this:
window.top.location = 'https://www.facebook.com/dialog/oauth?
client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=COMA_SEPARATED_PERMISSIONS'
If you using PHP you can construct Login URL by calling Facebook->getLoginUrl method.
Read the docs on Facebook authentication
Related
I want to build a facebook application and don't know how to plan it. A facebook user should find that application and click a button there, something like: "Add this Application to your facebook page". After that (or when the user first opens the app tab) the user will be asked to log into an external website. When the credentials are okay and the user is the owner of that facebook page/tab then this external web application will display an external profile page of that facebook user (the owner of the facebook profile the app has been put in). After that the user doesn't have to log in anymore and every user that visits that tab will see the external profile of that facebook page.
...To make it more clear an example:
User Foo has got an account at example.com and a public visitable profile there example.com/profiles/Foo. User A has also got a facebook page. Now example.com tells its users that they developed a facebook app to integrate their example.com-profiles into their facebook profiles. So the user A opens that apps page, clicks a button, logs into example.com and now has a new tab at her facebook page that contains example.com/profiles/Foo. If user B visits the facebook page of user A, he will find the example.com-profile of user A (not B) in the application tab.
What I would need is the following information:
How can I make an application available for the facebook users?
Update: found this tutorial: http://www.hyperarts.com/blog/facebook-removing-app-profile-pages-on-feb-1-2012/
Is it possible to make something like an installation process of an app? Otherwise if user A clicks the button to integrate the app into her page and user B opens the tab before user A could open it and log into the example.com, then user B could log in and his example.com profile would appear in the facebook page of user A. Or how can I solve this problem.
Next problem is that--I think--the URL of the application will be the same for all users, that integrate this app into their profile. So I would need to be able to detect the facebook page of a app request.
Update: I will be able to read the page ID from the signed request. Problem seams to be that the page administrator must know his/her page ID, but I think it will be possible to retrieve it through the graph API (if it is not part of the URL).
I was wondering if it is possible to create a "logout" button for my site that will log a user out of facebook and then redirect them to a specific URL ? Let me elaborate, I work in a retail store and I have a mounted iPad so customers can "like" our facebook page (by using a traditional facebook like button). Currently, when customer's select "like" it opens a new window where facebook asks for a username and password, and then immediately after the customer hits "Submit" it re-directs them back to a specific URL where I say "thanks for liking us"...the only problem is that it keeps them logged into facebook.
I'm hoping to put a logout button on my "thank you for liking us" URL so they can click that to logout (without going back to facebook) and then it re-directs back to the page with the like button for the next customer.
I have tried facebook connect but it's so many steps because users have to allow the app etc. that I'm hoping to avoid that. Maybe a way that clears the facebook cookies or anything else? I'm so out of ideas that anything will help!
Include the Facebook JS SDK and then call FB.logout() either on click of the link, or on the thank you page.
Tested, not working even with FB.logout(), because once you logged in facebook.com, then fb cookie will be injected automatically, there's no way to remove it unless you've logout from facebook.com.:/
I'm coding a facebook like gate and this is a screenshot of my config : http://www.kreatoo.com/rav/facebook_info.png
I need the Signed Request ($facebook->getSignedRequest()) for know if the user like this page or not, and i have this information only the first time. If i click on a link i loose this information..
In second time, when i login my user (with $facebook->getLoginUrl()), facebook redirect on the server (www.vibrantmarketing.ca/...) and not on apps (https://www.facebook.com/coppertone/app_432377713445313..).. I try with "redirect_uri" or "next" option but nothing...
Thank you all for help
PS : For interested the application is : https://www.facebook.com/pages/TestCactOos/255835411190164?sk=app_335457189856398
Let's start in your first quesiton
Facebook Like Gating - you actually don't need to request to sign in your app just to gate your Facebook Like. In your situation for example, you use the app for Facebook page and you can get the SignedRequest on that moment buy not requiring the user to sign to your app.
Again , I check out your app and it redirects me in the url below: which is good for me, the only thing you need to do is redirect your user if the page was not viewed in the iFrame.
https://www.vibrantmarketing.ca/coppertone/facebook/littlemiss/en/like#_=_
Note:
One thing, when I checked your app it redirects time to time. I think it's because of your Javascript at the bottom of your page which logins everytime.
How can you detect if a user previously authorized a tab application, without showing the user an authorization dialog? This is a user experience concern. We don't want to throw the user at an authorization dialog without a call-to-action, but we don't want a call to action to be shown to log the user in if the user previously authorized the app.
Here's the scenario. A tab application is hosted on a page that has several other applications. In Facebook, the 'Like' button does not work at the tab level but on a page level, so a user may have liked a different application without having seen the current application. Therefore, if any 'Like gate' is used on the landing page of a tab application, and authorization is required to use the app, then when we log the user in the user will be immediately shown the authorization screen without a call to action, unless we can detect that the user previously authorized this application.
You could use the javascript SDK and check the login status to see if they have authorized your application. If they have, you could redirect with javascript elsewhere or make the calls you need. If they haven't you could then show the call to action on your page. Something like:
FB.getLoginStatus(function(response){
if(!response.authResponse){
// redirect to authorization page
top.location.href="http://www.facebook.com/dialog/oauth?client_id=appid&redirect_uri=http://facebook.com/somefanpage";
// or instead show a call to action div
} else {
//load fan page specific content
}
});
But this will only tell if you if they are currently logged in and authenticated with your application or not. The only way you would be able to tell if this is a returning user vs a brand new user is if Facebook sent over the userId in the signed_request like ifaour mentioned (then you could call /userId/permissions with your app access token or look up in your database), but Facebook most likely won't send the userId since your users probably aren't authenticating with your individual tab application but a different shared application key.
Well Facebook will send the user id in the signed_request only when the user authorize your application. So as long as that piece of information is missing then this means the user didn't authorize your application yet i.e. show the auth dialog (or redirect to auth screen)!
More about this in the Page Tab Tutorial:
Integrating with Facebook APIs
When a user navigates to the Facebook Page, they will see your Page
Tab added in the next available tab position. Broadly, a Page Tab is
loaded in exactly the same way as a Canvas Page. Read more about this
in the Canvas Tutorial. When a user selects your Page Tab, you will
received the signed_request parameter with one additional parameter,
page. This parameter contains a JSON object with an id (the page id of
the current page), admin (if the user is a admin of the page), and
liked (if the user has liked the page). As with a Canvas Page, you
will not receive all the user information accessible to your app in
the signed_request until the user authorizes your app.
Forgive me if this has been asked before, but I was unable to find an answer to what seems a simple question. I have an app that is authorized to a user & user's fan page via a process from a website I've constructed. The process is this:
Visit Website --> authorize website to view list of fan pages --> Select Fan Page to install app to --> Authorize app to user account --> Authorize app to Fan Page
I've got all that working (a process, let me tell you), and everything functions as intended. I'm working on an admin interface to manage the app which is not housed in the Canvas App location but on the website itself. I haven't found a way to figure out if the app is installed or not. It appears that the Graph API / FQL doesn't support this.
My two issues are:
I have the user id & the fan page id but I can't figure out whether said fan page has my app authorized or not. Depending on this answer will determine whether I show the "Install This App" panel or the Administration panel.
I've read that the best method is to store the userid when the app is initially authorized, but after the app is authorized, the user is sent to the Fan Page's Wall and I can't figure out how to notify my iframe app.
[edit] I misunderstood your question and thought you had less implemented than you seem to have: If you have manage_pages permission for a user, you can get the Page access token for each of their pages, and access a list of apps currently installed as tabs on that page - the instructions are at https://developers.facebook.com/docs/reference/api/page/#tabs
[/edit]
Each request made to your app's 'page tab url' will include a signed_request parameter.
The method to decode it is explained at https://developers.facebook.com/docs/authentication/signed_request/ - when your app is loaded on a page tab you'll get the 'page' parameter.
So:
The first time the tab provided by your app is loaded on a new page, you can detect the page ID from the signed request.
This callback will also tell you if the user currently looking at the page tab is an admin of that page (which can be useful for your own edit interface, if applicable)
If you haven't already got an interface where the app user tells you which pages they admin you can get a list of all the pages that user administers by accessing the 'accounts' property on their user object (/me/accounts in the Graph API) once you have the manage_pages permission
can you keep track of who has the app authorized in a database on your website?
i.e. call a script on your website server from your app that returns whether or not the user has authorized the app.