In version 1 of my website, i implemented Facebook Connect with the JavaScript API. This included authentication, permissions, and publishing.
In version 2 of my website (what i'm implementing now), i have implemented Facebook Connect with the Graph API (OAuth).
I haven't touched the Facebook settings in my application. But when i attempted to authenticate using OAuth, it asked for the same permissions again (email, basic information) - even though i had already granted those before (using version 1)
The only difference i can see if that previously i asked for permissions via FB.showPermissionsDialog, now i use the scope parameter in the login page URL (OAuth).
What this means is when i go live, all my users will have to re-authorize my app, when they in fact shouldn't.
Any ideas? Is it because i'm now using AppId/Secret (OAuth) instead of ApiKey/Secret (JS API)?
FYI i'm using the Facebook Connect C# Toolkit.
I don't think that makes sense. Are you using the same application id? The permissions are between the application and the user, as far as I know.
Problem goes on unsolved, but site is live so not much i can do about it now.
Not a huge deal anyway.
I think you need to validate your oauth using javascript-sdk:
Check this response hope this gives you some idea.
Related
I'm a bit confused about Identity Providers in a project I'm doing with Xamarin Forms.
I configured Facebook as an IP with Azure Mobile Apps following this page
https://learn.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-how-to-configure-facebook-authentication
It works, but my doubt is, how can I use the MobileServiceUser result of the authentication process to, for example, post to Facebook or get personal information from Facebook. Is this possible?
Thanks!
This is how I think about it.
Identity providers are used to provide a third party guarantee of WHO a user is.
The Mobile SDK lets you do Authorization. So you can decide WHAT the user can do on YOUR service after you know WHO they are.
Any thing you are doing via facebook would still need to be done through the Facebook API/SDK using the token their Authentication process returned to you.
Finally I found the solution to my problem.
What I was trying to do is get information from Facebook after I have authenticated myself.
All I had to do was invoke
await client.InvokeApiAsync("/.auth/me");
After authentication and thats all, the response of that request has the token to access the Facebook API. These tokens are saved in Azure.
For more information:
https://cgillum.tech/2016/03/07/app-service-token-store/
Thanks!
I need to post message on a certain FB page as a owner by cron, using php and ZF 1.1.X. For this small issue, I don't want to create a full OAuth stack. Is it possible to communicate with FB API (it's desirable, PHP SDK for FB) without it, such as twitter with his precreated access tokens (Access token, Access token secret)?
As long as you need an active user access_token to retrieve desired data this is not possible to skip OAuth flow.
Without authenticating user you only have application access_token (in old format APP_ID|APP_SECRET, but it's still works) and only limited access to most of Graph API endpoints and Application settings.
Actually there is nothing hard in implementing the user authentication with OAuth flow and it is completely transparent with usage of PHP-SDK.
Just look at the sample code in documentation for server-side authentication
Yes, you need to build an app and then authorize the page via the app while requesting the manage_page permission.
You should make yourself familiar with the Server Side Auth process as well.
After following the guide to add Facebook Connect to an Authlogic-enabled Rails app (see http://github.com/kalasjocke/authlogic_facebook_connect), I get the following error when I click on the Facebook's "Connect" button:
You did not provide any details for authentication.
It seems that UserSession.create(params[:user_session]) is trying to authenticate with the standard user and password, but the only params available are the authenticity token.
What additional configuration am I missing?
UPDATE: I've made some discoveries. First, the cookie is named fbsetting_{api_key}, instead of fbs_{api_key} (which is what Facebooker expects), for some reason related to API version. Also, the contents of the cookie don't seem to be what Facebooker expects. I don't know if there's a way to select a specific Facebook API version to prevent this from happening.
Having similar issues here. Lots of the options on http://facebooker.pjkh.com/fb-init-options/app_settings_demo_ifuser work nicely for me, but authlogic facebooker out of the box does not work.
UPDATE: It was my app settings on facebook itself, meant authentication was never being setn back to my site... removing site domain sorted it.
Firstly I understand OpenId is for authentication and OAuth is for authorisation and unlike other questions on the site I am not asking which should be used for which but whether anyone can advise a solution for my issue.
I want to allow users to login to my site via their LinkedIn/Twitter/Facebook account once logged in say via LinkedIn they could also then authorise their Twitter and Facebook account as a optional login method. This would allow the user to authenticate via any of the three but end up with their user account on my site as the end result.
I also want to use the authorisation they have provided to get basic user details (profile pic/name etc) and post status updates.
I don't want to ask a user to login with their account via openId then have to authorise the same account again via oauth to allow my site to publish to their service feed and have to do this for each of the 3 services.
Any ideas or issues to this issue?
If you are using ASP.NET MVC, DotNetOpenAuth is an excellent solution for supporting OpenID/OAuth sites. StackOverflow is using it, and they are quite picky for the code they use in the site.
The integration if OpenID with DotNetOpenAuth is quite straightforward. I have not tried OAuth, but I don't expect it to be of any less quality.
Unfortunately, Facebook does not support OpenID/OAuth, so you need to use a different solution for it. The one I use is Clarity Consulting's Facebook Developer Toolkit. It works, although I do have certain complaints about the quality of the code; unfortunately I haven't found anything better yet. (Note: If anyone knows a better alternative, by all means let me know)
The basic integration of Facebook Connect with the Facebook Developer Toolkit is also relatively straightforward. However, their object model is somewhat messed up, due to their attempt to stay as close to the Facebook APIs, so the HTTP API patterns are bleeding through a lot. Still, it does the work.
Update: Now that Facebook announced that they'll be supporting OAuth 2.0, DotNetOpenAuth might turn out to be the best solution.
Have you looked into RPX?
https://rpxnow.com/
I don't want to ask a user to login with their account via openId then have to authorise the same account again via oauth to allow my site to publish to their service feed and have to do this for each of the 3 services.
I'm afraid you'll have to connect the user's account to each of the 3 services individually. What platform are you using to build your app? If it's Ruby, then a gem like OmniAuth looks promising.
I am working on a site that uses Facebook Connect for user login/creation. I have a development server which is used for QA, and I'd like it to be password protected. We wanted to use HTTP basic authentication, but that seems to break Facebook Connect (it falls in a loop). Does anybody know why that may be happening?
I believe that basic authentication is done on a browser basis, and all the communication between Facebook and our site is done in the browser of the user. What could be the problem?
Facebook Connect uses iFrame inside iFrame hack to overcome cross domain boundaries limitation (see http://wiki.developers.facebook.com/index.php/Cross_Domain_Communication for details). My guess is that when Facebook redirects to the callback page (xd_receiver.htm) it fails because later requires basic authentication.
More information needed on the "falls in a loop". But based on your question, from what I've read is that facebook connect will create a random password on account creation, and if they are logging in over basic auth, it will need to be changed to match up(http://www.boonex.com/unity/forums/topic/facebook-connect-error-.htm)
But you don't specify if that's the way you are using FBconnect.
Are you requiring basic auth to get to the point of FBconnect account link/create?
Or are you using FBconnect to create the login for the basic auth?
How are you requiring basic auth? Server type?
Does everything work without requiring basic auth?