I've got to be doing something very obvious wrong here, because I just can't bring myself to believe that facebook's mobile login isn't working correctly for iPhone users. If you have a look at these urls, you'll see that they work (after you replace the 'YOUR_APP_ID' and 'YOUR_REDIRECT_URL', of course) in web browsers & Androids, but on iPhones (3s and 4s) they take you right into facebook and you never see the Extended Permissions page or get redirected:
https://graph.facebook.com/oauth/authorize?type=user_agent&client_id=YOUR_APP_ID&redirect_uri=YOUR_REDIRECT_URL&display=wap&scope=email,user_location,read_friendlists,publish_stream,offline_access
https://m.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_REDIRECT_URL&scope=email,user_location,read_friendlists,publish_stream,offline_access
I mean, I'm sure they tested their mobile login stuff on an iPhone, right? Anyone know what I'm doing wrong?
Related
Excuse me for the confusing title. We have programmed App which runs with in the Facebook. It can be accessed over the desktop/notebook browsers. However it is not accessible/available if I login to the Facebook app on my iPhone and go to the APP list. Following scenarios does not work.
1) If somebody sends me the invitation to use the APP using Facebook message. If I now login to the Facebook-app on my iPhone and go to the messages and click on the invitation, I see the error. "Page not found". This works perfectly if I login to Facebook using browser (on laptop or iPhone)
2) On my iPhone, in the Facebook APP, if go to list of my APPs then our APP is not available in that list. (Other apps like candy crush and so on can be found)
Are we missing some configuration?
Thanks in advance.
Best Regards
You are talking about a canvas app?
Those are not available on mobile, and never have been. But you can specify a Mobile Site URL in your canvas settings – users on mobile devices, that follow a link to your canvas app somewhere will then automatically be redirected to that external address.
Little cave-at: This has been disabled on a larger scale by Facebook recently, because some people where using it to redirect users to malware sites. Therefor now you have to get your app “white-listed” before this will work. Check this bug report, the FB engineer mentions are form where you can request this: https://developers.facebook.com/bugs/1051463851558493/
I have a website which allows login via facebook functionality and displays photos from facebook.
While accessing from a mobile browser I would like the website to automatically login(when the click on FB login button, without entering username and password) if the user is already logged in via the native FB application (iOS or andriod). It seems to be that I can do that by building a native iOS or android application and use facebook single sign on feature. Is it possible to do that without having the user install anything on their mobile device?
That is not possible.
Auto-Login relies on auth tokens that will be granted to a website or mobile app after a user approves an app. For security reasons, those tokens are tight to the cause they were issued for. Particularly, web tokens and mobile tokens are not interchangeable.
So you could build a native mobile app to get a "native token", but even if you would manage to (cookie-)inject it into a browser view, your website's backend couldn't use it.
More generally, you're raising an issue even facebook can't solve: Say you are using a facebook mobile app and logged in there. If you open facebook's web version on that very same phone, you'll have to log in there again. The root cause is the same as with above. Specifically, any native app is uncapable of setting arbitrary auth cookies into the OS browser. I personally believe this restriction will not fall, because it would have a large security impact - just imagine how any app could set (and possibly get) cookies for any website.
If they've never logged in facebook from their Mobile, how will your website ever know them ?
Is it possible to do that without having the user install anything on their mobile device?
Like PC's, users in a mobile device need to login in their phone in facebook's website before being eligible to login "automatically" to your website. When I say automatically, I mean they still have to go with the first time process of "Do you authorize this app/website to do X things on your account". That message is inevitable when using facebook's api on the web.
Hope this answers your question.
Is it possible to do that without having the user install anything on
their mobile device?
No this would not be possible. You need to have a native or hybrid app (phonegapped etc) to make it work. Mobile web apps run in a browser sandbox and without native code interface - you cannot get to the native SSO of FB on your mobile device
Did you have a look at this facebook page ? I'm not sure what you ask is possible, as basav said, but maybe you'll have some clues there.
I'm building an app that uses OpenID for authentication. I'm giving Google, Yahoo and the general OpenID site as options.
At present, when the user selects a site, I open a UIWebView and the user performs their login with that frame, all within the app.
However, it has struck me that when using UIWebView, you cannot easily show to the user that the connection is over https or that they are indeed at the site I'm claiming they are at. I could be easily harvesting passwords.
Would it be, and I'm looking for opinions on this, be better from a user confidence perspective to actually open Safari when the user selects a login and once they've logged in have Safari direct me back to app?
Thanks
Most people using iOS devices are used to the way Facebook logins work; no URL bar, no nothing. I'd just follow the typical workflow. You could bump out to Safari, and return via a custom URL scheme. However, I think users will think that is more weird. iOS users are not used to being jumped in and out of different apps.
just my 2 cents, it would be also faster if the user has already logged in those services with Safari before.
Prompting out a UIWebView and switching to Safari is using the same amount of steps, so why not?
I thought I'd follow up on this thread to say I'm having difficulties getting the app approved and I think it's because I use the Safari approach. I've had it rejected by Apple twice now because:
"Apps that link to external mechanisms for purchases or subscriptions to be used in the app, such as a “buy" button that goes to a web site to purchase a digital book, will be rejected "
I think it's because I'm launching Safari. I've opened a dispute with Apple and I'll come back with more information once I hear back from them. I really hope a quick change to a UIWebView will help!
I'm seeing a problem requesting permissions with Facebook connect on iPhones. Everything had been working fine and then it just started out of nowhere. I can't seem to sort it out, so I posted it here to see if anyone's experiencing the same issues? I'm trying to log users into a mobile website and here's what I'm seeing:
On Android, everything is A-OK, as are regular web browsers.
On the iPhone 3, users get the login page ok, but are not redirected to the request permissions page, just to mobile facebook. If they leave and come back and click on the login button again, they are taken to the request permissions page, and after they allow/don't allow, they are taken back to our site. This is also the same for iPad users
On the iPhone4, users get the login page ok, but are not redirected to the request permissions page, just to mobile facebook. If they leave and come back, they are taken to the mobile facebook site and never are prompted for their permissions.
Highlights:
Everything was fine 3 weeks ago
Everything is still fine on Android using the very same FBConnect url, but it blows on iOS
What happens on iPhone 3 is different that what happens on iPhone 4
I've tried doing this with 3 different urls, but StackOverflow will only let me put 2 in here because I'm a new user:
http://www.facebook.com/dialog/oauth?client_id=[OUR_CLIENT_ID]&redirect_uri=[OUR_URL]&display=wap&scope=email,user_location,read_friendlists,publish_stream,offline_access
http://m.facebook.com/dialog/oauth?client_id=[OUR_CLIENT_ID]&redirect_uri=[OUR_URL]&perms=email,user_location,read_friendlists,publish_stream,offline_access";
The other URL was similar to these, but used the graph API
Anyone have any ideas?
Thanks!
Facebook has since removed the WAP interface and replaced that with Javascript SDK interfaces for Android and iOS, and now normal wap enabled phones have been shut out.
I'm building an iPhone app that has some social features. I've managed to get the user to log-in to Facebook within my application.
I've also implemented a webview that loads a facebook iPhone-optimized page. What I now want to do is my user to be logged-in within the webview without having to log-in twice (once in the app and once in the webview)
I've tried a few things playing around with the access_token in the URL but it didn't work.
Does anyone know if it is possible to implement that and how to do it?
Thanks in advance for your help
Short answer: You're probably not supposed to be able to do that.
The idea is that your app should only store an authentication token that lets you do stuff as your app (e.g. post to the wall as your app). On the web version, the user is logged in to facebook and facebook additionally passes an authentication token to your website; on the iOS version, I think you never get the Facebook session cookie, and I'm pretty sure you need the Facebook session cookie to be logged in to the web side of things (especially since it's designed for the browser — logging out of Facebook logs you out of Facebook Connect on all sites).
There are loads of things you can do to work around this — it's trivial to just ask the user for a username/password (and the whole idea of a "trusted UI" inside a UIWebView inside your app is flawed, despite Facebook's claims).
The "right" thing to do is to implement everything using calls to the iOS SDK so you don't have to bother with the web side of things.
were you testing your app on the simulator or on the device? The reason i ask is because im trying to get the app to stayed logged into fb which it does, sorta...it still pops a fb dialog saying it logged in fine and the user has to click on an OK button.
I havent had time to test it on the device but i think it may have to do with the fact that with the OAuth 2.0, with 3.2.x or >...if the fb is installed, it uses the fb-app login but if its not installed it uses the safari web login.
Since simulator doesnt have the fb app installed, it actually uses the safari web login (i humbly deduced) which would otherwise store a cookie and maybe it doesnt do so on the simulator..dunno, im still looking for the answer on that one :)