Here's the problem,
I want to have the user auto login to my MVC3 website if they already login from facebook.com.
If they are not login from facebook.com, I will just simply show a login button and they can login by clicking on it as usual.
I cant seem to find a way to detect whether user had login from facebook.com unless I force the application to direct go into LoginUrl of Facebook, which is not good for user who was not logged in as this will prompt them a page where they have to login. I still want to allow guest access without facebook account.
Any idea? Thanks a million.
EDIT:
Sorry I forgot to mentioned the situation only apply to user who approve to use my app. Once they approve to use my app, I'll be able to detect their facebook login status.
The answer is: You can't. At least not without violating the facebook TOS and probably at least one or two laws.
EDIT: Your original question sounded like you wanted to try and hijack the facebook user session. What you are talking about here in the comments requires you to use facebook connect / facebook for websites.
You would want to start here: https://developers.facebook.com/docs/guides/web
Related
I am having some doubts about the proper facebook authorization/login flows and maybe some of you have more experience on the subject.
Basically I have a guest area on my website for non authenticated users and a button to connect through Facebook or the platform login/registration system.
As per the Facebook flow: once the guest clicks on the button, a popup dialog opens asking to login to fb (if needed) and to grant some permissions to the app. Once accepted, my website saves user data to the DB tables as if the user also registered to the website itself. This all works fine and once done, my users can navigate to the protected areas as expected.
Now... I don't totally get if it's mandatory to logout from Facebook AND to revoke permissions once the user chooses to logoff from my website or if it's allowed (and how) to simply log the user out of facebook (and so from the app) while the app still retains the user permissions.
I know this might sound like a silly question but last part of the flow is still foggy to me and i found the Facebook docs quite sparse. I hope I could explain it well enough!
Thanks.
In work I got a task (we MUST work with ASP Classic by the way): when user posts a blog, a link to that blog should be posted automatically on user's facebook timeline and in his twitter. I made everything working, but there is one problem: user needs to be signed in to post. I've made the cheking if he's logged in, and if not he must log in.
But I need to avoid the logging-in step and make it automatic (by sending user's username and password as part of the data sent to twitter/facebook or something like that), but I can't figure out how to do that or if it's even possible at all.
Any ideas? Would greatly appreciate any help.
P.S.: for the twitter part I used http://scottdesapio.com/VBScriptOAuth/
for the facebook part I used a combination of: http://snipplr.com/view/61108/facebook-app-login--authorization-entirely-clientside/
Everything works, but is it possible to automatize the user's sign-in part?
Finally I managed to make the both things automated...
The problem with Twitter was that I didn't store request token in session, that's why I got "Could not authenticate you" error.
Can't remember what I did wrong with Facebook (some co-workers helped me out), but I guess I didn't make proper http requests...
So the answer is: yes, it is possible to automatically post to Twitter and Facebook without user sign in.
If I am not wrong then your logged in user in facebook for current browser is not authorize for your app.
I think you should try googling about "How to authorize users into app". OR
If you don't mind I am giving you the direct URL to go to that setting page for your app:
https://developers.facebook.com/apps and then go to your app then after from left side bar go to roles and then after click on test user tab from top of page and then click on add button it will opne one pop-up to add a user.
In app you have to add test user for testing purpose and have to login for that added test user, so added user will be authorize for that app and you will be able to test.
Thank you...
I'm new to all this. This is what i'm after and i'm sure it's possible.
I've got a script where people can register/login in to as members. What i'd like to do is tie it in so that it just uses Facebook users details for the registrations. I've managed to set it up to sign up and and complete a registration using a user's name and email.
What i'd like to do now is automatically log the user in if they're logged in on facebook, is this possible or will they need to click a login button that then takes them to their page? If they need to click a button to login, how do I go about getting the button to take their facebook details and log them in? Also what happens in regards to passwords on my site? Is that stored in the app somehow?
Ideally i'd like to use the popup version of verification rather than the iframe that i've got set up at the moment.
Cheers in advanced for any help for a n00b!
This is in fact possible. Although I for my part was never a fan of such things here's some human-readable (simplified) theory:
Facebook uses a system called OAuth ( http://de.wikipedia.org/wiki/OAuth ). That means, when you want to have the user login onto your site using Facebook you'll of course need to provide a button/facebook-login-frame (see documentation) that says "Log me in with Facebook" or so. You then access Facebooks API (more here: https://developers.facebook.com/ ) and basically tell Facebook who you are ("Hi I'm website XY"). While that happens your user is redirected to Facebooks "permission-landing-page". On that page he needs to confirm whether he is fine with your website accessing certain information (like his name). If he confirms your website receives an access-token granting you access to a subset of his user information which you can then use to personalize his expeirence on your website.
Check out facebooks documentation because they explain exactly your usecase in detail.
(here: https://developers.facebook.com/docs/authentication/ )
PS: You'll of course never have any access to his Facebook login/password. That's kind of the idea behind "delegating" the authentication via OAuth to Facebook. Facebook only provides you with an access token (bound to that particular user who logged in and granted your app/website permissions)
I have added Facebook Connect to my application via the JavaScript SDK. I'm using Spring Security (this is a grails app) and I have added code that when someone clicks the FB Connection button to login, I manually authenticate them against their user account and everything gets wired up appropriately. I have 2 questions:
When a user first logs in with FB and I don't have an account for them, I create an account for them with their FB info, generate a random password, and use their email for their login name. If the user then uses the regular login form instead of the FB button to sign in, how do I sign them in to FB as well?
Every time the user clicks the FB Connect button, the popup window shows up. If they are already authenticated, it just goes away and then my web site redirects correctly. How do I keep the popup window from showing up in this case?
Thanks
To you first question, the user might be connect on Facebook when landing on your page after registration. So you can rely on the Javascript SDK to help you out.
See here: http://developers.facebook.com/docs/reference/javascript/FB.getLoginStatus
To your second question, I think you can't, except you might get a work around if you use the Javascript SDK mentioned for the first question!
This is how I did it for moviezine.se and it works just fine, but it might be a little irritating to be logged in without asking for it when you come back a few days later. Then there is the use case of the logout: if you are automatically logged in, are you automatically logged out too; and if not, what if your Facebook session is replaced by your girlfriend's one who is also a user on your site! :)
I want to implement a "remember me" feature on me website using the facebook connect.
On my website, i have the possibility to do the login by two distinct ways:
Normal login
Facebook Connect
When an user performs the login with facebook connect, even if he logs out on his facebook account, i want to keep him logged in on my website. He will only log out if he clicks on the logout button on the website.
Is there a way to do this?
Thanks in advance
Here is a tutorial using PHP that demostrates how to use Facebook connect. If you read the section about the login page, you'll see that Facebook does some funky javascripting that creates session cookies on your domain based on the login status on Facebook. You might be able to manipulate the API to give yourself the persistance that you're looking for.
Good luck, and hope this helps some in your project.