I'm using Facebook connect for request credentials to the user's information.
I'm doing it from the web browser.
If the user is using a mobile (Android/Iphone) device, all the authorization process goes inside the browser.
Is it possible to raise the Facebook application (if it's already installed) and pass all the authorization process there? instead of keep using the browser (to improve the user experience).
I can detect if the user is coming from a mobile device (by his user-agent for example), maybe I can add some special url schema to raise the Facebook application?
Thanks,
Itay.
For iPhone: try to see with openURL function. See this article for more information to launch Facebook app
Related
I have a query regarding to session maintain between application and web browser.
I'm developing an iPhone application and there is also one website (in wordpress) same for this application.
My question is , is it possible to show user login in mobile's web browser if he/she is login into application from same mobile device?
In short, I want to know where is this session stored? In application or in device? If it is in device then how can I check same for the web browser?
Cookies are stored per app, not per device. Safari has its own sandbox whereas each native app runs in its own sandbox, otherwise Safari's security model would be compromised.
In OS X, cookie storage is shared across all apps; in iOS, cookie storage is per-app. Reference: About the URL Loading System.
So for your scenario, this is how you should be able to make it work (I haven't tried it though):
In your mobile app, open website in Safari. Send a HTTP header to tell the web server that this hit is coming in from your native app
If you are already logged in via Safari, then your server will identify the user. Code your server to send back a redirect response (only in case when the request is from native app). This redirect response will contain a session cookie / auth_token with it. Also, the redirect location would use the iOS custom url scheme, e.g. myapp://mydashboard
In your native app, register the app as the handler of that custom url so that it can catch and handle the redirect appropriately
In subsequent requests from the native app, send the session cookie / auth_token
Hope it helps.
I have a website which allows login via facebook functionality and displays photos from facebook.
While accessing from a mobile browser I would like the website to automatically login(when the click on FB login button, without entering username and password) if the user is already logged in via the native FB application (iOS or andriod). It seems to be that I can do that by building a native iOS or android application and use facebook single sign on feature. Is it possible to do that without having the user install anything on their mobile device?
That is not possible.
Auto-Login relies on auth tokens that will be granted to a website or mobile app after a user approves an app. For security reasons, those tokens are tight to the cause they were issued for. Particularly, web tokens and mobile tokens are not interchangeable.
So you could build a native mobile app to get a "native token", but even if you would manage to (cookie-)inject it into a browser view, your website's backend couldn't use it.
More generally, you're raising an issue even facebook can't solve: Say you are using a facebook mobile app and logged in there. If you open facebook's web version on that very same phone, you'll have to log in there again. The root cause is the same as with above. Specifically, any native app is uncapable of setting arbitrary auth cookies into the OS browser. I personally believe this restriction will not fall, because it would have a large security impact - just imagine how any app could set (and possibly get) cookies for any website.
If they've never logged in facebook from their Mobile, how will your website ever know them ?
Is it possible to do that without having the user install anything on their mobile device?
Like PC's, users in a mobile device need to login in their phone in facebook's website before being eligible to login "automatically" to your website. When I say automatically, I mean they still have to go with the first time process of "Do you authorize this app/website to do X things on your account". That message is inevitable when using facebook's api on the web.
Hope this answers your question.
Is it possible to do that without having the user install anything on
their mobile device?
No this would not be possible. You need to have a native or hybrid app (phonegapped etc) to make it work. Mobile web apps run in a browser sandbox and without native code interface - you cannot get to the native SSO of FB on your mobile device
Did you have a look at this facebook page ? I'm not sure what you ask is possible, as basav said, but maybe you'll have some clues there.
I'm writing a Facebook plugin for my desktop application. Once user authorizes application, the access token will be appended to callback URL. If I will use regular browser (I don't like to use any html module in my app), then question is how can I get that token back to my desktop program?
Thanks!
With the Device flow, a user presses a button on their device. The device then displays a short code generated by Facebook, and the user then types this code into Facebook in a standard web-browser in order to authorize that device to access their Facebook data.
Please note that we are currently testing Device Authentication with a limited number of partners. It is not currently available for general use, and we are not accepting additional applications for access.
http://developers.facebook.com/docs/authentication/devices/
I'd like to enable users of my app to associate their twitter accounts so that some application interaction is automatically tweeted.
Users can already associate their twitter accounts via the web interface, and I'd like them to be able to do the same from the mobile (iOS) app.
The problem is, when the application is registered as a web app, a callback URL is specified. So when users log into twitter using SA_OAuthTwitterEngine, the response is redirected to that URL, and the callback events on the client never fire.
Can I use SA_OAuthTwitterEngine, and override the callback parameter (nullify it) so that I get the same interaction (PIN) as a desktop client?
For a mobile client, best to use xAuth. Using the pin method is suboptimal for mobile. After all your application isn't a web app.
The new MGTwitterEngine has xAuth support, so switching should be painless :)
I'm building a (Rails-based) web service with a mobile app (iPhone) as frontend. In order to allow people to login using Facebook, I've built something using devise and omniauth that allows the user to log in using Facebook and store the credentials in the database. This works perfectly, all from the web app.
However, now the second part: I want to let users log in via the mobile app. Of course, there are the FB Connect libraries, but they give the mobile app access to the Graph API. Instead, I would like a mobile log-in screen that authorizes Rails to access the data. This is because later on, users might use both the iPhone app and web app.
What would be the recommended way of doing this? Are there any best practices?
I solved it by doing the authorization using FB Connect and the FB app. After authorizing, the FB app opens my app again, and I can read out the access token. Which I can then send to the server and use there.