We are using Echo (aboutecho.com) so that users can add comments by logging in through Google, Yahoo, AOL, and OpenID. Echo does this by using JanRain.
All is well except Facebook is missing, but to add Facebook login, we need to change the Facebook app's Base URL to oursite.rpxnow.com (rpxnow is JanRain's website)
It works except, is it true that the website's existing method of using Facebook Connect to log user's in will stop working? Because the existing Facebook login need to match our domain, such as www.oursite.com, as registered in the Facebook app setting, but JanRain also wants to change that to oursite.rpxnow.com? Since Facebook can only accept one domain, it will choke on one or the other? thanks.
If you are using Janrain Social Login(Engage) then you will be replacing the Facebook Connect method with the Janrain authentication method.
When you use Janrain Social Login you will get back a Janrain Social Login oAuth token. This token can be used to retrieve the user's normalized payload of data from the successful authentication event through thisAPI endpoint: (https://{your-engage-domain.com}/api/v2/auth_info). There are code samples for this on the Janrain website.
This payload will contain the oAuth token for the user's Facebook authentication that you can use to perform additional calls against the Facebook API.
Janrain Social Login also supports this API Call: (https://{your-engage-domain.com}/api/v2/add_or_update_access_token) which allows you to use a token generated using Facebook Connect (assuming you are using the same Facebook Application ID for both Facebook Connect and the Janrain Social Login) and add or update the Facebook token stored by Janrain's server.
Related
I am trying to connect Instagram to my app. The users will not be able to use the app without connecting to Instagram, therefore I technically need Instagram auth. But Facebook states the following:
Note that Basic Display is not an authentication tool. Data returned by the API cannot be used to authenticate your app users or log them into your app. If your app uses API data to authenticate users, it will be rejected during App Review. If you need an authentication solution, use Facebook Login instead.
So I had to implement a Facebook login. After Facebook login is complete, I am sending the user to Instagram auth window for a second authorization which feels weird for a user.
The other solution that I can think of is the following:
Use Instagram's user_id that is retrieved after Instagram auth and use it to create a custom auth method with Firebase. (I believe this would be rejected at app review)
What is the correct way to achieve this?
Sources:
Instagram auth: https://developers.facebook.com/docs/instagram-basic-display-api/reference/oauth-authorize
Firebase custom auth: https://firebase.google.com/docs/auth/web/custom-auth
NOTE: Facebook login has "instagram_basic" scope but that doesn't allow me to get instagram info or media of normal users (non-business accounts)
I have a facebook messenger bot that sends a webhook to my web app. People can login to my app via facebook login.
The first user contact is normally with my facebook bot on which they can create a profile. When they make contact I take their facebook id, name, profile pic, etc.
Users can then login with facebook to my web app to enhance their profile.
My problem is facebook uses different scoped ids for messenger and their login.
How can I recognise if a user has already been on my facebook bot if they use my web app, and vice verca.
I think it has something to do with the business mapping api: https://developers.facebook.com/docs/apps/for-business but I'm struggling to understand how it works.
I am sending a get request using:
GET /me?fields=token_for_business
But the docs do not specify the full url to use. I'm also unsure if you can use this in developer mode.
facebook provides an id-matching api
for the app and pages owned by the same business manager. More informations:
https://developers.facebook.com/docs/messenger-platform/identity/id-matching
I want to create application on iOS and Android where user can use Facebook, Google+, Twitter and LinkedIn to login and register to backend. Then I want to use WS to get data. Is it possible to validate on backend (WS) that user can access to data based on his credentials/tokens from those sites?
Are services like Facebook and twitter using the same oAuth mechanism for their own (mobile) apps as the rest of us? Or are the using some kind of "special mode" in oAuth which bypasses the permissions stuff etc. ?
Would really like to know how they are authenticating their users.
Facebook is not using oauth and have special login/private API for their own purposes. Only Facebook is 1st class citizen for these APIs and they don't need to bother with public APIs.
Facebook's iPhone,Android,etc apps can log users in directly with username and password and create a new Facebook session directly, but other apps using the API need to use Oauth to get a user access token
If you're using android or iphone SDKs, this can be without the user needing to log in again, they simply need to authorise the app in a dialog, which is rendered by the Facebook app and uses the session created by the Facebook-supplied app
yes, they use oAuth
Twitter oAuth
Facebook oAuth
Facebook Connect is based on OAuth 2.0. In OAuth 2.0. SSL is required while signatures are not required for the actual API calls once the token has been generated. It has only one security token.
Twitter uses 1.0a. OAuth 1.0 requires client to send two security tokens for each API call, and use both to generate the signature.
Is it possible to search Facebook using the Graph API without having the user log in? I specifically want to search for Places, but I notice with the example on Facebook's Developers site they include an access token in the URL, which I believe is generated by having the user log in.
Here's a relevant link describing the API: http://developers.facebook.com/docs/reference/api/
After some more searching, I found the "App Login" section of the Authentication page of the Facebook Developers site.
More info here (scroll down to the App login section): Facebook Authentication
Using App Login, you can retrieve an access token using your application ID and your app secret, and then use that access token to perform Place searches. This avoids requiring any user interaction.