Using Facebook's iOS SDK, how does a developer figure out if a user has signed out of his/her account in either Safari/Facebook app? If a developer is saving the access token and expiration date in the app between app launches, is there any flag within the SDK to let the developer know that the phone user has actually signed out/changed accounts? I want a user of my app to have to sign in with the new account if they have changed accounts from a third party app.
The Facebook SDK has a 'isSessionValid' method that you can call, but that method's implementation only checks to see if there is an accesstoken and if the expiration date is past a certain point. It does not check to see if the user has signed off or changed accounts from a different app.
Any ideas?
The current design is that once a user has logged into an ios client app and the app has an auth token, the user is in until the auth token expires or the user uninstalls the FB app (or deletes the app from their device). Suppose you have a server involved where your ios client hands the auth token to the server (they're the same FB app). That server would never know that another FB app on that device had logged out. Your user will probably have to use the logout method in Facebook.m.
Related
I want to use Facebook SDK to login user for my app and on FaceBook API page it says
Mobile apps that use Facebook's iOS and Android SDKs get long-lived tokens by default... long-lived tokens usually have a lifetime of about 60 days
Let say a user logins to my app with Facebook, I then create a unique ID for that user and stores it in Userdefaults. If the user clicks logout, I will remove that unique id from UserDefaults and logout the user from facebook SDK.
My question here is what if the user exit my app without logout and then comeback after 61 days. Will facebook auto generate new token for that user? and of course the user status is still login in my app because the unique ID hasn't been removed. Thank you very much!
According to Facebook SDK Documentation
When you use iOS, Android, or our JavaScript SDK, the SDK will handle making sure that tokens are refreshed before they expire during this 90-day period. Native mobile apps using Facebook's SDKs get long-lived access tokens, good for about 60 days. These tokens will be refreshed once per day, for up to 90 days, when the person using your app makes a request to Facebook's servers. If no requests are made, the token will expire after about 60 days and the person will have to go through the login flow again to get a new token.
So yes, in your case the user needs to go through login flow again.
You can use login status api to validate token every time the user enters the app.
AccessToken accessToken = AccessToken.getCurrentAccessToken();
boolean isLoggedIn = accessToken == null;
boolean isExpired = accessToken.isExpired();
I am integrating facebook iOS SDK 4.0 in my mobile app. I came into scenario where user logged into our mobile app with facebook credentials, after some time the user changed his password and Firstname in facebook. Now How do I track this change in mobile app? and redirect user to validate facebook credentials in mobile app?
In both v3 and v4 of the SDK, the access token is cached locally on the device (by default), and the only way to know if it's still "valid" is to make a graph request.
You can make a /me or /permissions request during app start if you have a cached token, and check for errors, and prompt the user to re-log in if the token is no longer valid. There are also some auto-error recovery mechanisms built into the SDK, see https://developers.facebook.com/docs/ios/errors.
Assuming it is possible to transfer the Facebook API access token from some web app to my mobile app (via physical storage or network), will my mobile app be able to use that token as a regularly acquired token (as if the mobile app itself requested the token from Facebook)?
Is this procedure allowed in the Facebook API's terms of service?
Will the mobile app be able to cache that transferred token and use it as its own?
Basically, what I want is for the user to do Facebook Login and authenticate on one machine, and use the acquired token on a different one (e.g mobile app).
Is there a better way of doing this?
You can set your mobile app to go through facebook's oauth steps onload and if the user has already authenticated the app, he will get logged in right away, since you'll get an access token at this point of time, save that in the mobile app.
Automatic login triggers are now being used on both stackoverflow and quora. (if you sign up here through facebook, when you visit the site, you'll get signed in again - same for quora).
Also, access tokens grant access to a particular 'facebook app'. If your mobile app uses the same app id, then you can certainly reuse the same access token on the mobile device.
yep, we can reuse it. I got an access token from mobile app then it's applicable on web browser.
The instructions on using Single Sign-On (SSO) with the Facebook IOS SDK are to save the access token and expiration date in fbDidLogin and use them on subsequent calls to avoid unnecessary logins.
But what if the user logs out of Facebook outside the app (e.g. in the Facebook app or in Safari)? The app doesn't know about this, so it tries to use the saved token and expiration date, and to my surprise - they are still valid and the app can access the user's data even though the user has logged out.
Any way around this?
no, there is no way to do this. each FB login a user makes is specific to the client they logged in with. A FB login is not universal across all clients. The FB token you get from the SDK is a token for that user with your app. So if a user logs out of FB in their browser or another app, they have not logged of FB from your app so the token will remain valid until it expires or the app or user explicitly logs out from the context of your app.
Not sure why you are concerned about this. Generally you would want your users to remain logged in. If you have a reason you don't want this don't request "offline_access" permission when you authorize a FB user and you can also logout and de-authorize the user via the FB API based on whatever criteria you deem appropriate.
Using the Facebook SDK for iOS, how does one figure out whether or not a user is already signed in so the app does not have to go through a login process?
Currently during the login process, I am saving the access token and expiration date to the user defaults and then reading those back out when I initialize a facebook object at the start of my application's run time.
But what happens if a user backgrounds the app, goes into Safari, changes to a different Facebook account or signs, then comes back into my own app. Shouldn't the Facebook app return that the stored session isn't valid anymore? How would I figure this out? Currently, my facebook object maintains that the session is valid, but unfortunately when I try to publish something, I see nothing on the appropriate Facebook page.
Am I missing something here? Thanks for your help!
You are doing the correct thing saving and restoring the facebook access token & expiration date. Any FB API that requires a valid token will fail with an error if you call it with an expired token. Handle the error and logout locally from FB then ask your user to login again.
In regards to Facebook's login on an iPhone (SDK v3.0+), it ranks the System Level Login 1st, Facebook native iOS app 2nd, and mobile Safari Facebook login 3rd. But if the user logged into your app using mobile safari, backgrounded the app, logged into a different Facebook account using mobile safari, then returned to your app, the access token and session in your app will be valid until you log out of your iOS app. Typically you log out using this line:
[FBSession.activeSession closeAndClearTokenInformation];
Login is initiated by some variation of this line:
[FBSession openActiveSessionWithReadPermissions:
If you're using Facebook iOS SDK 3.2+, you can call the following to see if an authenticated Facebook session is open:
[[FBSession activeSession] isOpen]
Also, you don't have to save the access token or expiration date locally. You can access them with these calls:
[FBSession activeSession].accessTokenData.accessToken
[FBSession activeSession].accessTokenData.expirationDate
Here's a link to some relevant Facebook iOS docs:
Facebook Login - iOS SDK