Using the Facebook SDK for iOS, how does one figure out whether or not a user is already signed in so the app does not have to go through a login process?
Currently during the login process, I am saving the access token and expiration date to the user defaults and then reading those back out when I initialize a facebook object at the start of my application's run time.
But what happens if a user backgrounds the app, goes into Safari, changes to a different Facebook account or signs, then comes back into my own app. Shouldn't the Facebook app return that the stored session isn't valid anymore? How would I figure this out? Currently, my facebook object maintains that the session is valid, but unfortunately when I try to publish something, I see nothing on the appropriate Facebook page.
Am I missing something here? Thanks for your help!
You are doing the correct thing saving and restoring the facebook access token & expiration date. Any FB API that requires a valid token will fail with an error if you call it with an expired token. Handle the error and logout locally from FB then ask your user to login again.
In regards to Facebook's login on an iPhone (SDK v3.0+), it ranks the System Level Login 1st, Facebook native iOS app 2nd, and mobile Safari Facebook login 3rd. But if the user logged into your app using mobile safari, backgrounded the app, logged into a different Facebook account using mobile safari, then returned to your app, the access token and session in your app will be valid until you log out of your iOS app. Typically you log out using this line:
[FBSession.activeSession closeAndClearTokenInformation];
Login is initiated by some variation of this line:
[FBSession openActiveSessionWithReadPermissions:
If you're using Facebook iOS SDK 3.2+, you can call the following to see if an authenticated Facebook session is open:
[[FBSession activeSession] isOpen]
Also, you don't have to save the access token or expiration date locally. You can access them with these calls:
[FBSession activeSession].accessTokenData.accessToken
[FBSession activeSession].accessTokenData.expirationDate
Here's a link to some relevant Facebook iOS docs:
Facebook Login - iOS SDK
Related
I am integrating facebook iOS SDK 4.0 in my mobile app. I came into scenario where user logged into our mobile app with facebook credentials, after some time the user changed his password and Firstname in facebook. Now How do I track this change in mobile app? and redirect user to validate facebook credentials in mobile app?
In both v3 and v4 of the SDK, the access token is cached locally on the device (by default), and the only way to know if it's still "valid" is to make a graph request.
You can make a /me or /permissions request during app start if you have a cached token, and check for errors, and prompt the user to re-log in if the token is no longer valid. There are also some auto-error recovery mechanisms built into the SDK, see https://developers.facebook.com/docs/ios/errors.
We have an app that integrated the facebook login, recently we had received an email from Facebook stating the following:
"1. Your Android or iOS app does not use our native SDKs to initiate Facebook Login. We suggest you implement our native SDKs so that people who are already logged in to their Facebook accounts don't have to log in again. Note that starting October 2, using our native SDKs for login will be required by Facebook Platform Policy I.3. For more information on this, visit:https://developers.facebook.com/docs/facebook-login/using-sdks/"
But the fact is, our app uses the following for login
session openWithBehavior:FBSessionLoginBehaviorForcingWebView
Which obviously is a function PROVIDED WITHIN Facebook's SDK
And also the app does not require the user to re-log in if he/she is already logged in. We tried to contact FB for clarification but they had not replied since. So can someone tell if our app's facebook login needs to be changed? Or has FB "wrongfully accused" us?
The instructions on using Single Sign-On (SSO) with the Facebook IOS SDK are to save the access token and expiration date in fbDidLogin and use them on subsequent calls to avoid unnecessary logins.
But what if the user logs out of Facebook outside the app (e.g. in the Facebook app or in Safari)? The app doesn't know about this, so it tries to use the saved token and expiration date, and to my surprise - they are still valid and the app can access the user's data even though the user has logged out.
Any way around this?
no, there is no way to do this. each FB login a user makes is specific to the client they logged in with. A FB login is not universal across all clients. The FB token you get from the SDK is a token for that user with your app. So if a user logs out of FB in their browser or another app, they have not logged of FB from your app so the token will remain valid until it expires or the app or user explicitly logs out from the context of your app.
Not sure why you are concerned about this. Generally you would want your users to remain logged in. If you have a reason you don't want this don't request "offline_access" permission when you authorize a FB user and you can also logout and de-authorize the user via the FB API based on whatever criteria you deem appropriate.
I previously had my IOS app integrated with the Facebook Graph API using the IOS SDK. I recently recreated the app on Facebook and now when it tries to authorize using:
[facebook authorize:permissions delegate:self];
My app gets redirected to a blank Facebook page with a cancel button at the top and then I get a callback to the fbDidNotLogin() method in my IOS app.
What's wrong?
I tracked it down to line 315 of Facebook.m:
if (!accessToken) {
It then eventually calls fbDialogNotLogin:NO. The errorCode and errorReason don't appear to be helpful.
Most likely your access token is expired or you removed the app from your facebook. You can log what error is returning to you from facebook to find out. In any case if you get to fbDidNotLogin implementation you need to remove access token details from NSUserDefaults (if you store it there) and reauthorize.
hope this helps
Using Facebook's iOS SDK, how does a developer figure out if a user has signed out of his/her account in either Safari/Facebook app? If a developer is saving the access token and expiration date in the app between app launches, is there any flag within the SDK to let the developer know that the phone user has actually signed out/changed accounts? I want a user of my app to have to sign in with the new account if they have changed accounts from a third party app.
The Facebook SDK has a 'isSessionValid' method that you can call, but that method's implementation only checks to see if there is an accesstoken and if the expiration date is past a certain point. It does not check to see if the user has signed off or changed accounts from a different app.
Any ideas?
The current design is that once a user has logged into an ios client app and the app has an auth token, the user is in until the auth token expires or the user uninstalls the FB app (or deletes the app from their device). Suppose you have a server involved where your ios client hands the auth token to the server (they're the same FB app). That server would never know that another FB app on that device had logged out. Your user will probably have to use the logout method in Facebook.m.