I don't know what to choose. I have a standard Silverlight app hosted in an aspx page.
From the aspx page, in JavaScript, I call some methods like: FB.init() and FB.getLoginStatus().
From the silverlight app code I call the https://api.facebook.com/method/fql.query endpoint using WebClient() class.
Is it Web or Native/Desktop, and what difference does it make regarding OAuth flow, API calls and Security ?
It is web. Native desktop apps run on user computer and web run in the browser.
The difference between Oauth flows on desktop vs. web is described well in details in docs:
https://developers.facebook.com/docs/authentication/
hope this helps
Related
In my work we often need to build Facebook apps in the form of Facebook Canvas and Website. These apps are available on Facebook direclty (an iframe) and as mobile versions (outside Facebook, in the browser).
We are working with a code base which mixes Facebook JS SDK (authentication and authorization) with PHP SDK (API calls). I find it rather dirty, and not easy to understand for people freshly working on the projects.
It's inconvinient to make API calls with JS, and making them with PHP forces extending access tokens. Authenticating user with JS SDK involves client-side redirects which are ugly to be honest, as they usually occur moments after the current page starts rendering, and so on...
I googled a lot about separating these two SDKs but did not find a clear answer to my questions:
Is it possible to create Facebook app (Canvas, Website) which bases ONLY on PHP SDK? Check login status, login, permissions, making API calls, etc. Would signed request be enough?
Is JS SDK the only full-proof way to determine user's login status at any time?
This link seems to describe what I'm thinking of, however the docs are rather brief (which seems to be a problem of Facebook documentation in general). Can anyone suggest other sources that might help? Does anyone have experience with builing FB aplications based only on server-side?
Thanks.
EDIT:
The link I posted above covers the case of not using ANY SDK, so no, it's not what I'm looking for.
You can even create an App WITHOUT any SDK - with simple CURL calls, for example. So yeah, it is indeed possible to use the PHP SDK only, but the login process is much better with the JS SDK (no redirection needed) and you can´t auto-refresh a user session like it is possible with FB.getLoginStatus afaik.
In short, i would not recommend it, the JS SDK is the very best way to authorize users and refresh Access Tokens. I would only use the PHP SDK (or simple CURL calls) for stuff that MUST happen on the server, and for stuff that includes using the App Secret, for example.
Documentation on the net seems to be VERY scarce. The only option I can think of at the moment
is to have my SPA app break convention and to have the (initial) logged out page be different to the logged in one (eg my app).
My app is built using Durandal 2.0.0.
In one of my OAuth tests app's I've managed to implement this link successfully. But as Durandal does not work in the same way (Server-side controller, & razor views), I'm thoroughly confused in how to achieve what I want to.
I'd like to have my app remain a single page app. But I've got little to no experience with the OAuth SDK
My only requirement is that the user log into my app using his FB account.
I've had an initial stab at this using the FB java script API, and got it working, but after discussions with another developer this side, it doesn't seem like the purpose of the java script API is to facilitate secure application login's? As the way we had it, would allow any user to pass a valid fb userId, then he would be logged into our app. :/
How would I go about achieving this process flow in a Durandal/Web API Single Page App?
User logs in using fb ->
then on the server we get his fb userId ->
retrieve our internal appID
I'm not asking for a complete answer/for someone to do my work....
But any documentation to get me started/less confused would be greatly appreciated.
Here is a sample project which demonstrates how to use OAuth with Durandal and Web API:
DurandalAuth.
However there are some modifications in viewmodels needed, since router changed in Durandal 2.0.0.
My Web based offline app which will run using phonegap (html, css, jquery)
The app doesn't have an actual web address.
Is it still possible to use the Facebook JavaScript API?
Using the Facebook JavaScript API requires an active internet connection so it is not possible to use it offline.
If by "offline" you mean that your app is not hosted from a web server but locally inside the app "web app" container, then the answer is yes, you can use the Facebook JS API in this setup using phonegap (Cordova).
I am building a mobile app with jQueryMobile and I intend to deploy it onto iPhone thanks to PhoneGap.
My question is : how can I authenticate myself with Foursquare using the OAuth2 protocol in my jQueryMobile app ? One solution would be to use the useragent flow of OAuth2 but this would force the iPhone to launch Safari and thus not stay within the app. Are there any better solutions than this ?
For an iPhone-based or client-side application like you would have in PhoneGap,
Foursquare recommends one of these methods.
If you have no substantive server code, you can embed a web browser and use the token flow, redirecting the user to a dummy page on your domain. You can then grab the token off of the URL and close the browser. We have sample Android and iOS code for your reference.
If you have a server as part of your application, you can use the server flow above, possibly in an embedded browser. Similar to the Facebook API, you can add display=touch to your authorize or authenticate URLs to get a mobile optimized interface.
An alternative to the above is to use the server flow and an external browser, but redirect to a custom URI handler that brings the user back to our application. You can embed the secret in your application and exchange the provided code for an access token. PLEASE take steps to obfuscate your client secret if you include it in released code, and be prepared to rotate it if needed.
https://developer.foursquare.com/docs/oauth.html
This could probably be handled with the ClientBrowser plugin for PhoneGap or just adapting the sample code they have provided into PhoneGap plugins.
One of the core intentions of OAuth2 is to not allow browserless authentication flow like we did with XAuth in the past. Service providers want consumers to see what permissions they are signing off on, and want control of that process.
I'm not very experienced with Phonegap, as I'm a native developer, but if there's a way of instantiating a UIWebView and showing it to the user, you could at least keep the web interaction 'inside' of the application. Given phonegap is basically showing a UIWebView this should be possible. It is possible to examine the source of the html within a UIWebView using
- (NSString *)stringByEvaluatingJavaScriptFromString:(NSString *)script
I am looking for a barebones facebook connection from pure actionscript to use in a mobile. Does anyone know of any examples. Been having a hard time finding what I want in Google
Thanks!
You cant connect to facebook with only actionscript - flash does not implement OAuth which you need to get a valid access token.
You have to either get an access token through PHP, or Javascript.
If you are making a mobile web-app you can check out
http://blog.yoz.sk/2010/04/facebook-now-with-oauth-and-open-graph/
Jozef Chúťka put together a great walkthrough and classes for AS3 and facebook.
So you can make a web app or use a web view in AIR to handle your authentication.