I want to set up my site to allow people to sign in using a facebook account. But in the near future I would also want to allow a provision to allow people to sign up using twitter, linkedin, even their open id accounts if they have one. However I need to set up my system so that a user may be able to login using whatever way he wishes and yet be able to maintain all his logins with his one account.
I have a users table which has the basic details:
USERS:
ID|NAME|EMAIL|PASSWORD
And think I should set up a logins table in this case like:
USERS_LOGINS
USER_ID|LOGIN_TYPE|LOGIN_ID
like in the second table if he signs up using facebook the Login type would read Facebook and id would be his fb id and so forth.
Is there any kind of service that already does this for you or any open source code I can use? My application is being built on the zend framework
Thanks
You might want to check out Janrain Engage. It will probably be the fastest and easiest way to support multiple login types.
Related
I have a well functioning login system right now. Im in the process of implementing Google+ and Facebook login too. Its works fine. But:
When a user logs in via Facebook or Google shall I create a new user in my web apps users database? If so, what should i fill as password?
Lets say a user has logged in via Facebook and he inserts a new book in the books table. What shall I put in the creator column of the inserted row? Usually I put the user id of the logged in user which has a row in the users table.
A user doesnt have an account on my web app. He signs in for the first time using Google+. What happens to that user if he later on chooses to remove my site from his connected accounts on google? This might be related to the first question.
Thank you.
The Documentation of the both API are really great and understandable. But I could find answers to my questions.
It's technically possible to use Google+ Sign-In without data persistence. As an example, you can see client-side-only Google+ Sign-In features on the Is Too Cute demo site.
There are certain benefits to adding data persistence and managing your own set of users but there is still a ton of great functionality you can get without needing to implement a data store:
Over-the-air Android installs
Interactive Posts
Personalize the site to the user
Access Google APIs while the user is actively browsing your site.
I have a yard sale website that I'm about to revamp, and rather than using my own user database, I'd like to use Facebook connect to authenticate people into my site, and the only reason I need them to do that in the first place is so after a yard sale is posted on my site, I'd like to be able to post on their wall that they're having a yard sale.
So, my two questions are:
Is it possible to use Facebook Connect without my own user database? I understand that I'll have to store the facebook ID, etc.. within a database table, and that's no problem, I just don't want to give the confusing option of "click here to create an account" + "click here to login with your user name and password" + "Or click here to login with facebook". I'd just like the last option.
Second question is, is there any way to force the user to allow me to post on their wall? I understand that they can uncheck that option when signing in with facebook, but can I verify that permission and ask them to re-login with that option checked? I'm not trying to be a prick, I'm offering a fantastic service that is completely free and in exchange I just want the ability to post their sale on their own wall so I can spread the word. I'd prefer for this to not be optional.
To answer your first question, yes. You don't need your own user database, however you will need to save your users auth key and id to be able to post as them - whenever you want. If you dont need to be able to post anytime (like when the user is not online) but only on user actions on your webpage (which is probably most common) there is alternatives like just saving the data in a session. So depending on what your needs are, you don't necessarily need a database at all.
Second question, you can always check if a user has granted a permission using the API. So what you can do is have a page that says that he has to approve to proceed to your page and a link to the auth dialog. Although, I don't recommend it, I doubt It's gonna do you any good and It's possible that Facebook even disapproves of this. The possibility to remove extended permissions is probably there for a reason.
More about checking granted permissions here using the REST API:
http://developers.facebook.com/docs/reference/rest/users.hasAppPermission/
I have the task to integrate some commercial sharing stuff into a website.
The idea is that the user a) logs in/registers in the website, b) the user connects his user account with his facebook account - by adding and accepting the website application.
Here comes the interesting part - is there a way of linking the facebook account with my website's account so that I can send them updates and promotions directly to their walls programatically?
In the application dialog, it's clearly noted that the user allows the application to write to the user wall so they accept and agree this. Then, for example, if I want to send them a promotion or update directly on their wall using the fb application api, how can I achieve this? All the tutorials I've read consider the user using the Facebook Login
The concrete idea is something like weekly promotion feed that my clients want to allow customers to allow being posted directly on their walls. As I don't have any experience with facebook development, I'd appreciate knowing how, if at all possible, this can be achieved?
Most of what you're suggesting is against policy, and isnt' technically possible either as users need to come back to the app once every 60 days for you to have a valid access_token for them.
The Authentication docs explain how to get access to a user's information with their permission, and the Permission documentation explains which permissions grant access to which functions or fields.
I'm creating a database for a site that uses Facebook connect for user login/profiles.
I usually have a unique key (auto-increment) for all users. Is this still a good idea, even if every record (user) is going to have a unique Facebook id that I can use?
Why?
No. It's usually not a good idea even if you're not using Facebook Connect. But since Facebook Connect offers a stable, simple, unique identifier, you should use it. They're doing all the hard work--stand on their shoulders.
If you are going for a single FB id login, then you are fine with they uid that they provide. If you are planning (not necessarily now) to have your own users and also allow a login through FB Connect, then I recommend you to use two tables.
You can always match a FB user and your own users with the email that they provide you into your site and the email that they use for FB.
I've done a little searching and was wondering if there is a way to link a users account in our web app with their social media accounts they choose to link (facebook, twitter, etc). i.e. when they log into our web app they are auto logged into facebook, twitter, etc?
I see facebook has an api to login to our web app using their facebook book account but I want it to work the other way around, I want them logged into facebook when they log into their account via our web app.
Thanks,
Ryan
It is definitely possible-from your question I assume you would like to pull data and make actions on behalf of a user? If so, you will need the offline_access permission as well as all the other permissions you will need (check out the list here to see exactly which ones you require). Then, you can trigger a script on your server that tell facebook as soon as the user is logged in to your site, to log in your application as the user as well.
NOTE: You might be going about this in the wrong way. I would advise that you specify a bit more details on what exactly you need the user to be logged in for, and I can (probably) provide you with a decent answer.
EDIT: In response to your question in the comment, Ryan, here is my answer:
You need to divide this problem into 2 different situations-one: your company wants you to write all the code from scratch and don't use what facebook has to offer, in which case you should create a custom login script that enables your users to use their facebook account as the Actual user account in your web app. This is the best solution in my opinion, and is supported by the ever-so-awesome Jeff Atwood. Here's a link to how to do just this, and a tutorial about this also.
Or your company is comfortable with using Facebook's Social Plugins.
Then you should focus on Like Button & Comments : These social plugins are the best way to enable people to create social experiences if they're already logged in.