I'm building a (Rails-based) web service with a mobile app (iPhone) as frontend. In order to allow people to login using Facebook, I've built something using devise and omniauth that allows the user to log in using Facebook and store the credentials in the database. This works perfectly, all from the web app.
However, now the second part: I want to let users log in via the mobile app. Of course, there are the FB Connect libraries, but they give the mobile app access to the Graph API. Instead, I would like a mobile log-in screen that authorizes Rails to access the data. This is because later on, users might use both the iPhone app and web app.
What would be the recommended way of doing this? Are there any best practices?
I solved it by doing the authorization using FB Connect and the FB app. After authorizing, the FB app opens my app again, and I can read out the access token. Which I can then send to the server and use there.
Related
I want to provide the ability for my users to log-in to my app using OAuth providers like Google, Facebook, etc. For those purposes, I've built a unified OAuth login system that involves my server, based on instructions like this: Manually Build a Login Flow. From my users' accounts, I need only default permissions plus e-mail, with those permissions I've publish my Facebook app, and review was not required.
Today I've received a message from Facebook where I was asked to specify my Facebook app platforms, and this is where the problems begin. All provided but Facebook platform templates are not quite suitable for me:
currently, I'm using my system on the mobile app, but it is pointless to specify my package ID or provide some hashes because the app is not using Facebook SDK and those data will never be, received by Facebook
also, it is not correct to give the Facebook just my website URL it doesn't use Facebook login buttons or so, for log-in process communicates only mobile app and back-end
So, here my question.
Which platform I need to specify in my Facebook App if I've used instruction Manually Build a Login Flow to build my log-in flow.
Any ideas? May be someone have experience with this?
P.S. my app built on Flutter.
My hybrid mobile application (for android and iOS possibly windows as well) requires users to authenticate in Facebook.
How should I setup the Facebook application (mobile application or web application) since I am using Javascript SDK
If I need to setup the application as a web app, How should I configure the app domain and site URLs in Facebook application as the files are going to reside in the local app folders of the hybrid mobile application.
If I need to setup the application as a mobile app, How can I use the Javascript SDK?
The OAuth Login system verfication helps to increase the registration , since your application is hybrid and its a mobile based you need to create a php based web login auth to authenticate the login , there are many an enumeros website that help in aiding to achive the determined goal of this, the first thing is to create a facebook application , secondly you need to configure App Id and App Secret ( this will require you to input details about your domains and other information related to the app infos ) , your solution can be found here www.oauthlogin.com also check this out simply download and implement video instruction out there http://www.9lessons.info/2011/09/update-login-with-facebook-and-twitter.html
You will need to register your app with facebook to get developers API Apps Id and App Secret.
you have to follow a screenshot of Friends Invite from Facebook in the links below.
http://www.webtuts.info/webdevelopment/facebook-api-invite-friends-website/172/
The set up are all the same and that is what am using in my phonegap app to set facebook login authentication. Once you have created an account with facebook, you can follow a tutorial in the link below to build your facebook login for IOS,Windows and Android etc
http://asif18.com/5/facebook/facebook-login-using-php-sdk-and-javascript-sdk/
You can write back if you find it difficult to integrate. Rate this response if you findin it helpful. Thanks
Using a web browser e.g. Chrome on Android, if a mobile website requires a user to be logged in to Facebook and they are not, the browser will ask for Login details even though the phone may be logged in to Facebook via the Facebook native App. Is there any way to get details from the Facebook App without the user having to log in again?
If you want to login in website in a browser, using Facebook account from Facebook app - it is impossible, without intermediary application, or service. And even with it, I don't think, that you can get user login data.
Other approach - is try to launch Facebook app from your site, and show site from it, but again, you can't login to it, using app.
Why? Because the app, holds only token data, and nothing more. You can't get other information, like password, or email. Also, the work of browser, that save cookies and the app, that save token is different. You can't connect them together.
Clearly speaking it is not possible using website in browser.
Even it is also not possible if you develop any android app, the reason is that the facebook app will not share any data to any other app (even if it is running on the same device).
I also don't think that launching the facebook app from browser will be feasible for you, as you just want to use the facebook login system and then want the users back on your website (and again facebokk will not send any data to your web or app even if it is launched from your web or app).
I think it's not possible, because we wont link browser and an app.
I developed one android app with facebook login integration.If facebook native app already logged in, now i click my app facebook login button it directly redirect my app to my home page without asking fb username and password.
For me i used localStorage in javascript
localStorage.setItem("userName", userName);
localStorage.setItem("password", password);
var uname=localStorage.getItem('userName');
var pass=localStorage.getItem('password');
I have a website which allows login via facebook functionality and displays photos from facebook.
While accessing from a mobile browser I would like the website to automatically login(when the click on FB login button, without entering username and password) if the user is already logged in via the native FB application (iOS or andriod). It seems to be that I can do that by building a native iOS or android application and use facebook single sign on feature. Is it possible to do that without having the user install anything on their mobile device?
That is not possible.
Auto-Login relies on auth tokens that will be granted to a website or mobile app after a user approves an app. For security reasons, those tokens are tight to the cause they were issued for. Particularly, web tokens and mobile tokens are not interchangeable.
So you could build a native mobile app to get a "native token", but even if you would manage to (cookie-)inject it into a browser view, your website's backend couldn't use it.
More generally, you're raising an issue even facebook can't solve: Say you are using a facebook mobile app and logged in there. If you open facebook's web version on that very same phone, you'll have to log in there again. The root cause is the same as with above. Specifically, any native app is uncapable of setting arbitrary auth cookies into the OS browser. I personally believe this restriction will not fall, because it would have a large security impact - just imagine how any app could set (and possibly get) cookies for any website.
If they've never logged in facebook from their Mobile, how will your website ever know them ?
Is it possible to do that without having the user install anything on their mobile device?
Like PC's, users in a mobile device need to login in their phone in facebook's website before being eligible to login "automatically" to your website. When I say automatically, I mean they still have to go with the first time process of "Do you authorize this app/website to do X things on your account". That message is inevitable when using facebook's api on the web.
Hope this answers your question.
Is it possible to do that without having the user install anything on
their mobile device?
No this would not be possible. You need to have a native or hybrid app (phonegapped etc) to make it work. Mobile web apps run in a browser sandbox and without native code interface - you cannot get to the native SSO of FB on your mobile device
Did you have a look at this facebook page ? I'm not sure what you ask is possible, as basav said, but maybe you'll have some clues there.
I have an app that can be accessed on mobile phones, both iOS and Android. The app has a social component to it, so people are sending data to and from my server.
I also have an interface for this app that will be accessible through Facebook.
When logging into the app via mobile device, using the native app for that device, one can just log in with standard username and password.
However, obviously if a user accesses the app in Facebook, they will expect to already be logged in since they are already logged into Facebook.
So I need to make it so that my app can take a log in from Facebook, pretty much automatically (?) for users who are coming at it from within Facebook.
Further, it's possible (dare I say "likely"?) a user might access the interface from both Facebook and one of the mobile versions of the app. In which case I need to be able to ensure that the username/password authentication they use on the device points to the same account associated with their Facebook login.
So... all that said... what kind of Facebook authentication should I be studying and implementing.? I'm looking at their documentation right now, and like all documentation, it's not easy to grasp. There is server-side (authentication code flow?) and client-side (implicit flow?), and authentication tokens, and I'm already a bit lost.
Also, I assume Facebook's approach is to want to take over my login in process completely, not live side by side with my mobile-device-only login, but I'd like to make sure users have the option of not using Facebook authentication if they don't want.
Can someone point me in the right direction for how to do this? Basically let me know which part of the documentation I should be focusing on.
And are there any gotchas I should watch out for?
Your server will receive a signed request when your app on facebook.com is loaded; from this you can find the FB uid of the user.
If you obtain the FB uid for users of your mobile device clients you'll be able to match your app's accounts between mobile device & facebook.com clients.
The bottom of the main authentication docs page gives links to further documentation for different client types. The main mobile authentication page has side-bar links to tutorials & SDKs for iOS & Android. Alternatively you could use the server-side OAuth flow as your devices have browsers that support this.
Once you've completed authentication on the mobile device it's simple to obtain the uid.
You can also use the Facebook authentication flow instead of your own username/password authentication.