Well i developing a Flex desktop app and i cant logout form facebook. I mean after loggin in and updating the photo i want to update, i run the method to log out, which looks like this
FacebookDesktop.logout(handleLogout);
Where handleLogout is a function where i can do other things.
The method runs but never log out. I think that maybe loading an other request i could log out, and i find that using:
"https://www.facebook.com/logout.php?" + info.get_accessToken() +
"&next=http://www.Google.com"
would log out, but i dont know where i ca get the accesToken.
Thanks in advance!
The following code is implemented in for asp.net page using C# code.
EXPLANATION
First you need to send a request to authenticate the user(the IF part). You will get a "CODE" on successfull authentication. Then send a request with this code to authorize the application. On successful authorization you will get the access token as response.
protected void Page_Load(object sender, EventArgs e)
{
if (Request.QueryString["code"] != null)
{
Response.Redirect("https://graph.facebook.com/oauth/access_token?client_id=CLIENT_ID&redirect_uri=CURRENT_URL&client_secret=APP_SECRET&code="+Request.QueryString["code"]);
}
else
{
Response.Redirect("https://www.facebook.com/dialog/oauth?client_id=CLIENT_ID&redirect_uri=CURRENT_URL&scope=read_stream");
}
}
HERE IS THE PROCEDURE
Create an asp.net website
In the default.aspx page implement the above code.
Replace CLIENT_ID,APP_SECRET with the AppId and AppSecret respectively
CURRENT_URL should be the url of the page in which you are implementing the code.
The part "&scope=read_stream" is not mandatory. If you need any additional permissions please enter it here as comma separated values.
You will get a string in the format
access_token=ACCESS_TOKEN_VALUE&expires=EXPIRY_TIME
as response.
Try this to send a POST request using flex
var urlLoader:URLLoader = new URLLoader();
var request:URLRequest = new URLRequest("https://www.facebook.com/logout.php?next=YOUR_URL&access_token=ACCESS_TOKEN");
request.data = binaryData;
request.method = URLRequestMethod.POST
urlLoader.load(request);
Related
I have a request to Quickbooks online in order to implement the proper single sign on (SSO) flow. I am using openid4java and getting back the first name, last name, and e-mail address just fine, but no realm id.
I used the published Intuit code as an example, my fetcher looks like this:
final FetchRequest fetch = FetchRequest.createFetchRequest();
try {
fetch.addAttribute("FirstName", "http://axschema.org/namePerson/first", true);
fetch.addAttribute("LastName", "http://axschema.org/namePerson/last", true);
fetch.addAttribute("Email", "http://axschema.org/contact/email", true);
fetch.addAttribute("RealmId", "http://axschema.org/intuit/realmId", true);
} catch (MessageException e) {
mLogger.warning(e.getLocalizedMessage());
e.printStackTrace();
}
My Auth request looks like:
openid.ns:http://specs.openid.net/auth/2.0
openid.claimed_id:http://specs.openid.net/auth/2.0/identifier_select
openid.identity:http://specs.openid.net/auth/2.0/identifier_select
openid.return_to:http://localhost:8888/qbopenid
openid.realm:http://localhost:8888/qbopenid
openid.assoc_handle:o5SH!IAAAACLd1tm9oBJwwIhLZnb4uHYSvphLvPKupx_kJsjquipfQQAAAAEgqUSt5DXPSGwQ79I7lFlHh8gGWpBFaXdjr6diKdticDtCpv8EgpBpO3lDHIhT-275K8lDxZWoeLxqABigxYjf
openid.mode:checkid_setup
openid.ns.ext1:http://openid.net/srv/ax/1.0
openid.ext1.mode:fetch_request
openid.ext1.type.FirstName:http://axschema.org/namePerson/first
openid.ext1.type.LastName:http://axschema.org/namePerson/last
openid.ext1.type.Email:http://axschema.org/contact/email
openid.ext1.type.RealmId:http://axschema.org/intuit/realmId
openid.ext1.required:FirstName,LastName,Email,RealmId
But when the request is returned I don't see any mention of the realm id either in the request. It's almost like it goes missing. Any idea what's wrong? Thanks!
Please see the note here:
https://developer.intuit.com/docs/0025_quickbooksapi/0010_getting_started/0030_integrate_your_app/0030_signing_into_and_out_of_intuit_from_within_your_app/sign-in/implement_sso_and_openid_in_your_app
This field can only be fetched when there is an active connection between the realm and the app and when the user is launching the application from the App Center or navigating to the application from the Blue Dot menu.
You will be returned the realm at the end of the OAuth flow to associate it to the access tokens. It is not always returned by OpenID.
I'm trying to add facebook login to my application. To that extent I'm using a following snippet of code:
[FacebookAuthorize]
public ActionResult About()
{
ViewBag.Message = "Your app description page.";
return View();
}
And I register a filter FacebookAuthorizeFilter.
When I navigate to /Home/About what I get is an endless redirect to
/Home/About?code=AQAPoxl1J-.......
I can login using facebook if I just use OAuth provided in ASP.NET MVC4 project template.
What am I missing?
I delved into the FacebookAuthorize filter code more. The reason the Filter does not work with non-canvas applications is that inside the filter's OnAuthorization method the the method is relying on Facebook's signed_request being present in the POST requset when the user is redirected back to your application. If signed_request is never present the filter will continue to redirect:
...code omitted...
if (signedRequest == null || String.IsNullOrEmpty(userId) || String.IsNullOrEmpty(accessToken))
{
// Cannot obtain user information from signed_request, redirect to Facebook OAuth dialog.
string redirectUrl = GetRedirectUrl(request);
Uri loginUrl = client.GetLoginUrl(redirectUrl, _config.AppId, null);
filterContext.Result = CreateRedirectResult(loginUrl);
}
...code omitted..
An alternative approach may be to create a similar filter that checks for the existent of the code query string parameter. Once code is obtained you may use your application's appId and appSecret to exchange the code for an access token. Once the access token is obtained you may determine which permissions the user has granted and process appropriately.
After hours spent debugging, reflecting, source-code analyzing I came to the conclusion that FacebookAuthorizeAttribute and FacebookAuthorizeFilter can only meaningfully be used in a Facebook Canvas application.
I used to be able to create a WebBrowser control, navigate to the login URL (e.g. "http://www.facebook.com/dialog/oauth/?response_type=token&display=popup&scope=user_about_me&client_id=179873125388138&redirect_uri=http%3a%2f%2fwww.facebook.com%2fconnect%2flogin_success.html"), then use the code below (from Facebook-C#-SDK sample code) to catch the Navigated event and extract the access token. Lately, however, it seems that this just redirects to the RedirectURL, and doesn't append the access token. Has there been some sort of change in how Facebook handles the auth flow between February and June 2011? Maybe this is an IE9 problem?
The strange thing is, I can manually send a regular IE9 browser to the same URL and the access token is appended fine. It's only when I do this programmatically using the WebBrowser.Navigated event that I no longer see the token.
Thanks, Jon
private void webBrowser_Navigated(object sender, System.Windows.Navigation.NavigationEventArgs e)
{
FacebookOAuthResult oauthResult;
if (FacebookOAuthResult.TryParse(e.Uri, out oauthResult))
{
this.FacebookOAuthResult = oauthResult;
this.DialogResult = oauthResult.IsSuccess;
}
else
{
this.FacebookOAuthResult = null;
}
}
I'm pretty sure this is http://facebooksdk.codeplex.com/discussions/261528, an interaction between a change in Facebook behavior and an issue with the WPF WebBrowser control. I was able to work around my issue by switching to WinForms. The link discusses an alternate approach which stays with WPF but adds a call to FacebookOAuthClient.ExchangeCodeForAccessToken().
Okay, if cookies are a no-no, then I need a little guidance as to the best way to implement the application(s) that I'm creating.
The scenario is that I'm trying to create a single Asp.Net MVC application that can authenticate a user regardless of whether the user visits a site directly or via an iFrame in Facebook. There are separate actions (in separate controllers, actually) for getting INTO the app depending on whether the user enters via Facebook or not, but there are also places in the Facebook app where I'm opening up a new window to "extended" functionality in other areas of the application that can't really work well within the iFrame. It is supposed to transition seamlessly. It's currently working quite well using cookies, but I've from multiple sources that this is not a good thing for iFrame apps. However, I'm not sure exactly what this means.
Without cookies, can you still somehow get server-side access to the authentication token? If not, then what is the "right" way to handle this. Do I need to resort to manually parsing the token using the JS API and sending an AJAX notification to the server of the fact that the user is authenticated and create a forms auth token? Will the CanvasAuthorize attribute work without cookies? Right now I have added code to the FormsAuthentication_OnAuthenticate event in Global.asax to create the forms auth token if the user is logged in via Facebook (and properly associated with a valid user in the external app) as follows:
protected void FormsAuthentication_OnAuthenticate(Object sender, FormsAuthenticationEventArgs args)
{
if (FormsAuthentication.CookiesSupported)
{
if (Request.Cookies[FormsAuthentication.FormsCookieName] == null)
{
// Attempt to authenticate using Facebook
try
{
FacebookApp fbApp = new FacebookApp();
if (fbApp.Session != null)
{
dynamic me = fbApp.Get("me");
String fbID = "" + me.id;
MembershipUser mUser = AppMembershipProvider.GetUserByFacebookID(fbID);
if (mUser != null)
{
FormsAuthentication.SetAuthCookie(mUser.UserName, false);
AppMembershipProvider.UpdateLastLogin(mUser.UserName);
Session["FacebookLogin"] = true;
}
}
}
catch (Exception e)
{
Elmah.ErrorSignal.FromCurrentContext().Raise(e);
}
}
}
else
{
throw new HttpException("Cookieless Forms Authentication is not " +
"supported for this application.");
}
}
Will I need to change this?
Sorry if this is basic knowledge, but I'm confused as to how best to implement this. Thanks!
First, let me address the issue with the cookies. So, when I say to not use cookies in iFrames I am saying that for a couple reasons. First in IE, there are some security issues. You need to add the following header to your app to make cookies work correctly inside iframes:
P3P: CP="CAO PSA OUR"
The second big issue with cookies in iframe apps is Safari. Due to security settings in Safari, cookies cannot be created by iframes. As such, you will not be able to rely on cookies for authentication inside of iframes.
Give that you are using the app inside and outside of the iframe, you should have cookie support turned on. However, your app must be designed in a way that will work around the iframe issues. That is going to be the hard part.
The most reliable authentication inside iframe apps is the signed request method. What happens is facebook will append a query parameter to your url when the url is rendered inside the iframe. This query parameter contains the user's session. The Facebook C# SDK handles reading this for you, so you dont need to parse it etc. But you need to be aware that it is there. If you view the incoming request url of your iframe app in facebook you will see something like http://www.mysite.com/page/?signed_request={blahblahblah}.
So the key is that you need to make sure that if you are in the iframe you keep that ?signed_request value on the url.
You can do this several ways. First, you can use the CanvasRedirect methods. These are extension methods on System.Web.Mvc.Controller in the Facebook.Web.Mvc namespace. The canvas redirect uses javascript to redirect your page in the top url. This way Facebook is actually handling the redirects and will always add the signed_request to your iframe url. The problem for you is that this method of redirecting will only work in the iframe, not outside.
The second way would be to manually add the ?signed_request to the url when you redirect. You would do something like:
public ActionResult Something() {
return RedirectToAction("something", new { signed_request = Request.Querystring["signed_requets"]);
}
There are other ways also, like storing data in the session or something, but I wouldn't recommend going down that path.
What you are doing is definitely an advanced senario, but hopefully the above will help you get going in the right direction. Feel free to contact me directly if you have any questions. nathan#ntotten.com or #ntotten on twitter.
I am in a similar situation to you. What I do to handle the various situations that can arise is:
Enable cookies in both the C# and
JavaScript SDK.
Create a custom actionfilter that
inherits from
FacebookAuthorizeAttribute and
overrides the
HandleUnauthorizedRequest method to
redirect to either a connect
authorization page or an action
decorated with the
CanvasAuthorizeAttribute.
Pass either the signed_request
(canvas app) or auth_token (connect
app) as a querystring parameter to
everything.
Check for null sessions and oauth
tokens that don't match what has been
passed in the querystring.
The main point is to ensure that both the session and oauth tokens are valid. When inside Facebook the signed_request will ensure this is true. By passing the token from your connect auth page you can ensure you have a valid token to inject into the FacebookApp constructor.
public class FbAuthenticateAttribute : FacebookAuthorizeAttribute
{
private FacebookApp _fbApp;
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
base.OnActionExecuting(filterContext);
var accessToken = filterContext.HttpContext.Request.Params["access_token"];
if (FacebookApp.AccessToken != accessToken && !string.IsNullOrEmpty(accessToken))
{
_fbApp = new FacebookApp(accessToken);
}
else
{
_fbApp = FacebookApp;
}
filterContext.Controller.ViewBag.Context = GetContext().ToString();
filterContext.RequestContext.HttpContext.Response.AppendHeader("p3p", "CP=\"CAO PSA OUR\"");
try
{
dynamic user = _fbApp.Get("me");
var signedRequest = filterContext.HttpContext.Request.Params["signed_request"];
filterContext.Controller.ViewBag.QueryString = string.IsNullOrEmpty(signedRequest)
? "?access_token=" + _fbApp.AccessToken
: "?signed_request=" + signedRequest;
}
catch (Exception ex)
{
string url = GetRedirectUrl(filterContext);
filterContext.Result = new RedirectResult(url);
}
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
string url = GetRedirectUrl(filterContext);
filterContext.Result = new RedirectResult(url);
}
private string GetRedirectUrl(ControllerContext filterContext)
{
return new UrlHelper(filterContext.RequestContext).Action(GetRedirectAction(GetContext()), "Authentication");
}
private Enums.AppContext GetContext()
{
//Note: can't rely on this alone - find something more robust
return FacebookApp.SignedRequest == null ? Enums.AppContext.FBWeb : Enums.AppContext.FBApp;
}
private string GetRedirectAction(Enums.AppContext context)
{
return context == Enums.AppContext.FBWeb ? "ConnectAuthenticate" : "Authenticate";
}
}
It could definitely do with a refactor and still has problems but is the best solution I have found so far.
My requirement was to update members status from my site, i am also thinking about displaying their friends photos and their last status update.
I have looked all over the docs and cant decide which works for my need. RESTful API, JavaScript API, FQL, XFBML, FBML, FBJS ?? whcin one works best? or best way?
It should be like, when they first go to the page,there will be nothing but a login option. when they click on it, a pop up should appear and when they are authorized, we display a text area to post update. Here, i wanted to show their friends pics too
when they came back later, they should able to post right away, must not ask for login again.
Can some one help me with the code?? I dont expect you to write everything, get the friends pic and their last update into a PHP array would be nice.
Many thanks
If u need to update users data stored at ur database so u will use the facebook API to check user signed in and get his data. i have an ifram application at facebook and i am using C# code (asp.net application) and when the user request the application i authenticate that he is signed in to facebook and check if he is already exist in my database? if not so i get his information(by using facebook API) and add the user in my data base and each time he visits the application i update his information.
With respect to his friends i get all facebook ids of the user friends and then loop these IDs and get the pic of each ID.
Download Facebook Developer Toolkit that enables u communicate with facebook and use facebook API to get user information.
hope that is will help u
Visit my application in facebook and u will see these features at the following link :
http://apps.facebook.com/hanggame/
Getting the session Key :
protected void Page_Load(object sender, EventArgs e)
{
//Facebook code for integration with facebook users:
_fbService.ApplicationKey = "Application Key";
_fbService.Secret = "Secret Key";
_fbService.IsDesktopApplication = false;
string sessionKey = (string)Session["Facebook_session_key"];
if (Session["Facebook_userId"] != null)
userId = (long)Session["Facebook_userId"];
// When the user uses the Facebook login page, the redirect back here will will have the auth_token in the query params
string authToken = Request.QueryString["auth_token"];
if (!String.IsNullOrEmpty(sessionKey))
{
_fbService.SessionKey = sessionKey;
_fbService.uid = userId;
}
else if (!String.IsNullOrEmpty(authToken))
{
_fbService.CreateSession(authToken);
Session["Facebook_session_key"] = _fbService.SessionKey;
Session["Facebook_userId"] = _fbService.uid;
Session["Facebook_session_expires"] = _fbService.SessionExpires;
}
else
{
Response.Redirect(#"http://www.Facebook.com/login.php?api_key=" + _fbService.ApplicationKey + #"&v=1.0");
}
userId = _fbService.uid;
//End of Facebook code
}