I'm implementing facebook connect for my iPhone app. The current facebook SDK would keep you logged in unless you log out explicitly, which is fine with me as stay logged in is actually the requirement. However, I don't want the users to go press the log in button if they never logged out. In this case, I won't be able to grab the facebook object, which I'll need in other parts of my app. So I was planning to simulate the log in event anyways, but that led me to another problem: even though permissions are granted to my facebook app before, it will still pop up the authorization dialog to my users saying they have granted permissions to my app. My question is, how do I hide this? Or, is there a way that I can grab the valid facebook object without calling authorize on my facebook object when my app is restarted and the user stayed logged in?
Any suggestion would be appreciated.
You could redirect the user to https://www.facebook.com/login.php?api_key=<YOUR_APP_ID>. (This is the URL that the PHP Facebook SDK returns when you call getLoginUrl()).This will avoid the dialog and still allow users to authorize your app.
Related
I've been scratching my head for the past day trying to solve this one, and cant seem to find anything on the internet related to this relative common use case.
I have an app built using React(JavaScript) and I am making use of Facebook's JavaScript SDK to bring in Facebook authentication to one of my pages.
The issue I'm having is around this specific scenario whereby a person logs into Facebook, then logs into your app. Upon calling FB.login from my app it doesn't ask the user for any details and automatically logs him in, upon calling FB.logout from your app, the person is still logged into Facebook.
I want to be able to give the ability to my user to essentially switch to a different account from my app, so if the user is logged into his personal Facebook account upon calling FB.login from the app rather than it automatically taking his personal account the user will have the ability to enter in the details to another account, or at least when calling FB.logout rather than just invalidating the access token in the current app it will force logout the user from Facebook so that on FB.login this time he will be promoted for login details.
Any idea on how this can be accomplished with the Facebook SDK?
Thanks
James
You can remove permissions FB.api('/me/permissions', 'delete', function(response) {}); and if after that you will login again then you will have the posibility to switch the facebook account. enter image description here But you will loose the access token for current account.
I'm developing a Facebook canvas app and I'm testing how the whole permissions thing work.
One thing is calling my attention and I think it's kind of weird: The first time, a user enters the app, Facebook sends the signed_request without the user_id and access token (as expected). Then my app redirects to the Login Dialog, so the user can authorize the app and give the asked permissions.
At this point something strange happens: Facebook is automatically redirecting the user to my app with the given permissions (and user_id and access token), but without prompting the user to give the permissions.
I have verified this behavior with test users and testers.
Is this normal? Is it possible to "force" (for testing purposes) the "ask for permissions" screen?
It is normal on a second or later use of the Facebook app.
Remove the app's permission from the Facebook account before starting the app to get back the ask for permission screen.
I'm trying to write application for user login to website via Facebook. When user is logging in, he's redirected to http://www.facebook.com/dialog/oauth/?client_id=APP_ID&redirect_uri=REDIRECT_URL&state=STATE, then sees confirmation dialog to use permissions and all goes well. But then FB somehow remembers this application and never asks for permissions confirmation again when user opens this url. Is there any way to always show this dialog? I could do it in Twitter, but couldn't found the answer for Facebook.
If you really want this for some reason, uninstall the app from the user's account with a HTTP DELETE request to /USER_ID/permissions using your app access token.
The next time they come back they'll need to re-authorise the app.
Otherwise, no, there's no way that I'm aware of apart from the reauthentication flow to force the auth dialog to appear, but bear in mind that the reauthentication flow may prompt the user to re-enter their Facebook password even if they're already logged into Facebook, so it adds extra friction to the process
Instead of showing the Facebook OAuth dialog, you could also show the user a page on your application that has some information about the Facebook account that is going to be used (picture/name etc), to log into it. That way, if they like they can choose to log out and re-authenticate or continue knowing they have the right account.
How can I login to facebook without showing permission window. ?
I never want to show that window in my web.
If you mean that you're using OAuth 2.0 in your app to authenticate your users using facebook, then you can't. It's a necessary part of the process.
You can consider reducing the permissions your app requires to improve your bounce rate.
If you want a user to authorise your application then you have to show the authorisations screen as either a page that you redirect to or a pop-up, otherwise it is impossible for Facebook to securely verify the user.
If you want Facebook functionality without having the user grant permissions you are restricted to certain social plugins like the share and like buttons, but be aware that if the user is not signed in to Facebook in another tab they will still see a pop-up requesting that they sign in.
I am developing and testing a facebook app for which I have granted the permissions with my facebook account. Then the app is authorized to access my info, etc. nicely. The next time I close the browser, reopen it, login to facebook successfully then access the app, facebook wants me to login to that app again. I can access the current user id, but how can I automatically authorize the app (if the user has already authorized in the past) without needing the user to press that dread 'Login' button again and again upon each session's end?
UPDATE - offline_access has been deprecated. Read this post for more details: https://developers.facebook.com/roadmap/offline-access-removal/
You will need to request a token that has offline_access so that you can use their authentication token over and over again. Then you will need to set a cookie yourself that stores something indicating who the user is. Facebook does not support a "remember me" feature in their authentication so you have to build it yourself. Store the access token in your database and set the cookie to identify the user.
Unless you are building this for a very specific reason like an app that runs on work computers only, I would really encourage you to not implement this feature. The facebook connect authorization is well understood by users and is very easy to use. You are going to get a lot more security if you make your users press the button every time. Just make sure you make this optional. You never know if somebody is on a public computer.