Is it possible to authenticate to facebook without using one of their web page dialogs? I'd like to build a windows service that runs in the background and does a few FB tasks periodically for me.
Depending upon what you're trying to do you should only really need a valid token which you can generate at the developer portal under your application settings. Make sure you enable offline_access to generate a long lasting token.
Related
I want to provide the ability for my users to log-in to my app using OAuth providers like Google, Facebook, etc. For those purposes, I've built a unified OAuth login system that involves my server, based on instructions like this: Manually Build a Login Flow. From my users' accounts, I need only default permissions plus e-mail, with those permissions I've publish my Facebook app, and review was not required.
Today I've received a message from Facebook where I was asked to specify my Facebook app platforms, and this is where the problems begin. All provided but Facebook platform templates are not quite suitable for me:
currently, I'm using my system on the mobile app, but it is pointless to specify my package ID or provide some hashes because the app is not using Facebook SDK and those data will never be, received by Facebook
also, it is not correct to give the Facebook just my website URL it doesn't use Facebook login buttons or so, for log-in process communicates only mobile app and back-end
So, here my question.
Which platform I need to specify in my Facebook App if I've used instruction Manually Build a Login Flow to build my log-in flow.
Any ideas? May be someone have experience with this?
P.S. my app built on Flutter.
I have an app with SwiftyDropbox that function correctly, but I need to insert email and password for Dropbox every time that I use the app.
The app it's only for my use, it's not a security problem if the app auto-login in my account.
I don't find examples or documentation to make an auto-login with SwiftyDropbox. It's possible?
While the Dropbox API was designed with the intention that each user would link their own Dropbox account, in order to interact with their own files, it is technically possible to connect to just one account. We generally don't recommend doing so, for various technical and security reasons, but those won't apply if you're the only user anyway.
So, there are two ways to go about this:
1) Implement the normal app authorization flow as documented, and log in and authorize the app once per app installation. The SwiftyDropbox SDK will store the resulting access token for you, which you can programmatically re-use after that point each time using authorizedClient.
2) Manually retrieve an access token for your account and hard code it in to the app, using the DropboxClient constructor shown here under "Initialize with manually retrieved auth token".
I wrote a facebook app that works and am now going through the process of making it available to everyone. It has been repeatedly denied by their vetting team for not using Facebook Login and Facebook Connect.
But I want to use a manual process to login, and on their Facebook Login page, they mention that using a manual login process is still an option.
If for some reason you can't use our JavaScript SDK you can also
implement login without it. We've build a separate guide to follow if
you need to implement login manually.
Also I noticed that Web is no longer an option for Platform, not sure why or if that's needed.
Is there any step or setting I am missing?
I am successfully using OpenID and OAuth in development mode. Once I am ready to move to Production will the process change in a way that the authentication/authorization process will not require manual intervention? Today I click on the "signin" button to authenticate using OpenID. I then click on the "Authorize Quickbooks" button to authorize using OAuth. During these two processes I am redirected to Intuit where I click on buttons to allow authentication/authorization. Will I be able to achieve this process through code? I am working on a SaaS application and need to authenticate/authorize in code because the manual steps will not work with the application I am working on.
Your app should work the same way in development as in production.
Make sure you have gone through the requirements checklist - http://docs.developer.intuit.com/0025_Intuit_Anywhere/0010_Getting_Started/0040_Publishing_Your_App/0010_Reviewing_the_Requirements_Checklist
There are different requirements if you are just doing the Connect to QuickBooks flow or you are also wanting to be listed on Appcenter.
Do the free trial on a couple of the apps in the app center to see what they are doing. I tried out eBillity, their app picks up OpenID and OAuth without user interaction during the subscription process.
Based on that, yes, I think you can achieve it all in code. Personally I have not been able to get the OAuth tokens without user intervention.
Update: Use this JS method to do the OAuth authorization during the subscription process:
http://docs.developer.intuit.com/0025_Intuit_Anywhere/0060_Reference/JavaScript_Functions/directConnectToIntuit
I noticed that the Windows desktop Spotify application asks me for my facebook username and password in the login screen. I am wondering what happens behind the scenes.
When I change my fb password in my browser I have to use the new password in the Spotify desktop app login screen. There are even situations when the Spotify desktop application shows me a fb popup where I have to grant permissions for Spotify itself.
I know that Spotify uses an embedded Chromium browser engine to do all the heavy lifting. But isn't it against Facebooks TOS to do it that way?
I mean, does Spotify posts my username and password to the facebook login.php and intercepts the result page to get my cookie? Is there a documented way to handle a login to facebook on behalf of the user in a proper way?
No, they are using an old and deprecated REST API method called auth.login:
https://developers.facebook.com/docs/reference/rest/auth.login/
Obviously I can't stop you using this in your own app, but given how old that API is and how fully REST API is now deprecated, it'd be a bad idea to rely upon it.
Instead, for Windows desktop apps, I believe Microsoft offers a Facebook C# SDK which will contain ideal methods for authentication. I'm more familiar with their newer methods that are offered for Metro Apps called Web Authentication Broker.
These pretty much just load a web frame inside the app, get the user to login to Facebook, then show the Permission Dialog (if required). From there, the app can store the UID of the user and presumably a long-lived access_token that they received upon auth. This way, they only need to ask the user to login again once every 60 days.
There are other device-based authentication methods offered by Facebook, but most are still in private testing, the only one that is currently recommend for desktop apps is stated on this page under the heading Windows, OS X and Linux native apps (at the bottom of the page).
Update December 2013: Because the Facebook Login docs have changed significantly since I wrote this answer, I'd like to point out a couple of new additions:
Manually Building a Login Flow details the steps that desktop apps can take to login users. What is new here is that Windows 8 apps can now use their deep-linking ID in the redirect_uri of the Login dialog, meaning it'll multitask back to their app from a Login Dialog when completed or cancelled. This is an improvement from the previous WebView setup, because a User's default browser will likely have them logged into Facebook already.
Login for Windows Phone is the special guide for Windows Phone 8 apps to use.