I am using the Graph API for Facebook on my iPhone application. The problem is, I don't want the user to have to re enter their email address each time they want to login to integrate Facebook with my app. Is there a way to save and auto fill the login information using the Graph API?
Using the Graph API, there is no need for you to store the credentials, more than that, you should NOT store the credentials. As explained in the API dedicated help page the authentication process is handled by a secure token.
Meaning that if the user is already authenticated on Facebook using another application, it might be ( based on authentication process used ) already authenticated within your app.
You might check the token validity by using the isSessionValid method from the Facebook class.
Have a look to the iOS Facebook SSO link, it explains everything you need.
Related
In stead of website build-in login form, I use Facebook login to get user authentication, then they can browse all other page on my website.
My question is how to store user permission so that in all page, my website recognize that the current user is a authenticated user?
Is there any function in Facebook SDK provided these feature or I should use basic PHP function?
Thanks
The SDK itself doesnt offer you such a method to store the data. You have to do this by your own. There is own programmed component that can manage such for you. It stores the access_token for the users in a database. This can directly done via ajax. You can request for users permissions and store the data in the database...in one step!
Have a look at http://www.facebook.com/pages/Helper-Component-Community/222933037808340?sk=app_412923142052609
Suppose that I make an app that is using Facebook login (basically for dealing with who is who). Is it possible that the app to fetch the user's history from Foursquare if it get the user's permission? (The user uses Facebook's login on Foursquare as well)
No. You need to go through each authorization flow separately. First, the user grant your application access by going to Facebook and coming back with an access token (or authorization code you later exchange). Then you need to send them over to Foursquare to approve access again. Foursquare might need to authenticate them via Facebook but that's really not your concern (and should be transparent if they have an active Facebook session). Foursquare will issue you another access token for their API.
There are discussions in the community about the use case of allowing your application to pass the Facebook access token to Foursquare so they can validate the user identity with Facebook and then issue you an access token. However, there are many issues with that. By not directly interacting with the user, Foursquare has no way of knowing that the user wants to give one application access to their data stored on another application.
I want to allow users connect to my website using their facebook account.
First, the user authorizes my application and then I get an access token. Problem is, that I'm supposed on the first time to register the user, and the next time to auto login him based on his facebook email.
How do I create a SECURE way to auto login the user?
I'm using pure javascript, but I can't find any way to create a secure mechanism.
Thanks.
Facebook should handle all that for you - when they come back to your website, they can click the 'login' button(javascript SDK) and facebook should pass you back an access token.
I may, however, have misunderstood the question.
I am trying to understand, how facebook authentication works and how the flow should look like. I am working with Google App Engine and I have managed to obtain first the code and then access token. Using it I can for example retrieve user's friends list. This is all cool.
However, how can I store this access_token? I wan to allow my user to access different pages in my facebook app and I will need this access token on those pages. How can I store it and how can I retrieve it? Or maybe no matter which page user accesses I first need to get the code and then access token and only then can I perform some operations on his behalf?
I don't want to use javascript sdk for now. Is it possible to do it all from server side?
how can I store this access_token? I
wan to allow my user to access
different pages in my facebook app and
I will need this access token on those
pages. How can I store it and how can
I retrieve it?
just store the access_token in the datastore.
https://github.com/facebook/python-sdk/blob/master/examples/appengine/example.py
line 50.
It is from the facebook python sdk.
https://github.com/facebook/python-sdk/
If you don't want to use javascript sdk, you need to see this document. It has all details for facebook Oauth.
http://developers.facebook.com/docs/authentication/
While facebook redirect your user to your page assigned by redirect_uri. It will give your the code (A_CODE_GENERATED_BY_SERVER), then your server can get the user's access_token/facebook id with server side facebook api + code. Then you can login your user (set the session/cookie) and do whatever you want.
We're hoping to create mobile phone applications for (among other features) posting video to a user's FaceBook page. However, using their API, it looks like we would need to open a web viewer and have the user enter their login credentials every time the application is used. We would prefer to store these credentials so the user only has to login once.
We could of course save the http login post and resend it as needed, but this breaks if FaceBook changes their API and I worry about their terms of service and using an unofficial hack such as this.
Maybe someone knows of another application that uses Facebook this way?
You should have been returned an oAuth token to use.
The new Facebook API has a service you can call with the old tokens and it returns you a new oAuth token.
You just have to add offline_access to your permissions. You do this by adding &scope=offline_permissions at the end of your authorization url. Then your oAuth token won't expire.