I'm building an iPhone app that has some social features. I've managed to get the user to log-in to Facebook within my application.
I've also implemented a webview that loads a facebook iPhone-optimized page. What I now want to do is my user to be logged-in within the webview without having to log-in twice (once in the app and once in the webview)
I've tried a few things playing around with the access_token in the URL but it didn't work.
Does anyone know if it is possible to implement that and how to do it?
Thanks in advance for your help
Short answer: You're probably not supposed to be able to do that.
The idea is that your app should only store an authentication token that lets you do stuff as your app (e.g. post to the wall as your app). On the web version, the user is logged in to facebook and facebook additionally passes an authentication token to your website; on the iOS version, I think you never get the Facebook session cookie, and I'm pretty sure you need the Facebook session cookie to be logged in to the web side of things (especially since it's designed for the browser — logging out of Facebook logs you out of Facebook Connect on all sites).
There are loads of things you can do to work around this — it's trivial to just ask the user for a username/password (and the whole idea of a "trusted UI" inside a UIWebView inside your app is flawed, despite Facebook's claims).
The "right" thing to do is to implement everything using calls to the iOS SDK so you don't have to bother with the web side of things.
were you testing your app on the simulator or on the device? The reason i ask is because im trying to get the app to stayed logged into fb which it does, sorta...it still pops a fb dialog saying it logged in fine and the user has to click on an OK button.
I havent had time to test it on the device but i think it may have to do with the fact that with the OAuth 2.0, with 3.2.x or >...if the fb is installed, it uses the fb-app login but if its not installed it uses the safari web login.
Since simulator doesnt have the fb app installed, it actually uses the safari web login (i humbly deduced) which would otherwise store a cookie and maybe it doesnt do so on the simulator..dunno, im still looking for the answer on that one :)
Related
I must use facebook integration within desktop app on OSX. I've used part of facebook sdk for ios and modified all ui elements to properly work on desktop.
I'm presenting facebook dialogs within webView, display is set to popup, and redirect url is https://www.facebook.com/connect/login_success.html.
Everything seems to work fine (all the dialogs are working after login, token and expiration date seems to be ok and are stored between web sessions) except for the facebook cookies which are always set to be session only (even with the keep me logged in option turned on). This means user has to log in to facebook everytime app is opened which is really frustrating.
I've already tried setting display to other values (touch, page) with no success. Probably all relevant settings in facebook app are checked (Native or desktop app?, Embedded Browser OAuth Login, Client OAuth Login).
so the question is if anyone has encountered same problem or might know the solution to make keep me logged in option working properly?
Using a web browser e.g. Chrome on Android, if a mobile website requires a user to be logged in to Facebook and they are not, the browser will ask for Login details even though the phone may be logged in to Facebook via the Facebook native App. Is there any way to get details from the Facebook App without the user having to log in again?
If you want to login in website in a browser, using Facebook account from Facebook app - it is impossible, without intermediary application, or service. And even with it, I don't think, that you can get user login data.
Other approach - is try to launch Facebook app from your site, and show site from it, but again, you can't login to it, using app.
Why? Because the app, holds only token data, and nothing more. You can't get other information, like password, or email. Also, the work of browser, that save cookies and the app, that save token is different. You can't connect them together.
Clearly speaking it is not possible using website in browser.
Even it is also not possible if you develop any android app, the reason is that the facebook app will not share any data to any other app (even if it is running on the same device).
I also don't think that launching the facebook app from browser will be feasible for you, as you just want to use the facebook login system and then want the users back on your website (and again facebokk will not send any data to your web or app even if it is launched from your web or app).
I think it's not possible, because we wont link browser and an app.
I developed one android app with facebook login integration.If facebook native app already logged in, now i click my app facebook login button it directly redirect my app to my home page without asking fb username and password.
For me i used localStorage in javascript
localStorage.setItem("userName", userName);
localStorage.setItem("password", password);
var uname=localStorage.getItem('userName');
var pass=localStorage.getItem('password');
I have a website which allows login via facebook functionality and displays photos from facebook.
While accessing from a mobile browser I would like the website to automatically login(when the click on FB login button, without entering username and password) if the user is already logged in via the native FB application (iOS or andriod). It seems to be that I can do that by building a native iOS or android application and use facebook single sign on feature. Is it possible to do that without having the user install anything on their mobile device?
That is not possible.
Auto-Login relies on auth tokens that will be granted to a website or mobile app after a user approves an app. For security reasons, those tokens are tight to the cause they were issued for. Particularly, web tokens and mobile tokens are not interchangeable.
So you could build a native mobile app to get a "native token", but even if you would manage to (cookie-)inject it into a browser view, your website's backend couldn't use it.
More generally, you're raising an issue even facebook can't solve: Say you are using a facebook mobile app and logged in there. If you open facebook's web version on that very same phone, you'll have to log in there again. The root cause is the same as with above. Specifically, any native app is uncapable of setting arbitrary auth cookies into the OS browser. I personally believe this restriction will not fall, because it would have a large security impact - just imagine how any app could set (and possibly get) cookies for any website.
If they've never logged in facebook from their Mobile, how will your website ever know them ?
Is it possible to do that without having the user install anything on their mobile device?
Like PC's, users in a mobile device need to login in their phone in facebook's website before being eligible to login "automatically" to your website. When I say automatically, I mean they still have to go with the first time process of "Do you authorize this app/website to do X things on your account". That message is inevitable when using facebook's api on the web.
Hope this answers your question.
Is it possible to do that without having the user install anything on
their mobile device?
No this would not be possible. You need to have a native or hybrid app (phonegapped etc) to make it work. Mobile web apps run in a browser sandbox and without native code interface - you cannot get to the native SSO of FB on your mobile device
Did you have a look at this facebook page ? I'm not sure what you ask is possible, as basav said, but maybe you'll have some clues there.
I noticed that the Windows desktop Spotify application asks me for my facebook username and password in the login screen. I am wondering what happens behind the scenes.
When I change my fb password in my browser I have to use the new password in the Spotify desktop app login screen. There are even situations when the Spotify desktop application shows me a fb popup where I have to grant permissions for Spotify itself.
I know that Spotify uses an embedded Chromium browser engine to do all the heavy lifting. But isn't it against Facebooks TOS to do it that way?
I mean, does Spotify posts my username and password to the facebook login.php and intercepts the result page to get my cookie? Is there a documented way to handle a login to facebook on behalf of the user in a proper way?
No, they are using an old and deprecated REST API method called auth.login:
https://developers.facebook.com/docs/reference/rest/auth.login/
Obviously I can't stop you using this in your own app, but given how old that API is and how fully REST API is now deprecated, it'd be a bad idea to rely upon it.
Instead, for Windows desktop apps, I believe Microsoft offers a Facebook C# SDK which will contain ideal methods for authentication. I'm more familiar with their newer methods that are offered for Metro Apps called Web Authentication Broker.
These pretty much just load a web frame inside the app, get the user to login to Facebook, then show the Permission Dialog (if required). From there, the app can store the UID of the user and presumably a long-lived access_token that they received upon auth. This way, they only need to ask the user to login again once every 60 days.
There are other device-based authentication methods offered by Facebook, but most are still in private testing, the only one that is currently recommend for desktop apps is stated on this page under the heading Windows, OS X and Linux native apps (at the bottom of the page).
Update December 2013: Because the Facebook Login docs have changed significantly since I wrote this answer, I'd like to point out a couple of new additions:
Manually Building a Login Flow details the steps that desktop apps can take to login users. What is new here is that Windows 8 apps can now use their deep-linking ID in the redirect_uri of the Login dialog, meaning it'll multitask back to their app from a Login Dialog when completed or cancelled. This is an improvement from the previous WebView setup, because a User's default browser will likely have them logged into Facebook already.
Login for Windows Phone is the special guide for Windows Phone 8 apps to use.
I'm working on integrating Facebook with my iPhone/iOS application and I want to know if I'm understanding the nature of the login procedure correctly.
With the old Facebook SDK ('Facebook iPhone SDK'), when we needed to request authentication permission from a user a UIWebView would be displayed with a login prompt. With the new SDK ('Facebook SDK for iOS'), the SDK uses Apple's fast-app-switching feature to temporarily place the app in background mode and then load the iOS Facebook app or Safari to authenticate. Is this basically the gist of it?
I've experimented with authenticating my app via the new SDK's technique and due to the nature of my app, it just can't support backgrounding. Does this mean I have to use the old SDK to launch a UIWebView-based authentication? I think this implementation is a lot cleaner anyway. Will I run into any major disadvantages from doing this?
Check out this question and my answer: Iphone facebook connect example calls safari. I don't want to use safari
You can make it use the UIWebView always. Facebook is trying to make it so the user only has to log in once per device (through either the Facebook app or in Safari) but I didn't like this flow (especially on the iPad). Though I'd rather not muck around with the Facebook code, I did find commenting out a few lines to be a quick way of getting the old behavior back.
I don't believe this is the case.
The Facebook SDK that I'm aware of, available at https://github.com/facebook/facebook-ios-sdk doesn't do anything like you describe. Is this the SDK you're using? I believe the last major update to this SDK from the "old" facebook SDK was to add support for OAuth-style authentication. With this change they broke code compatibility so apps were forced to make changes to incorporate the latest SDK.
When you call 'authorize' in this SDK you pass the app id, the desired permissions, and a callback delegate for notifications of errors or success (did login, did not login, did logout). You can also set any access token that you might have persisted from a previous session. Facebook validates this access token, and if it doesn't exist or is invalid it presents a modal login dialog. I believe the content of this dialog is a web page. The SDK authenticates the user using OAuth and makes the auth-token available for persisting between sessions.
At no time is the app exited to run the Facebook app or Safari. I'm curious - what led you to believe this was the case? (Or, perhaps there is some other SDK out there I'm unaware of?)
Take a look on this page: https://github.com/facebook/facebook-ios-sdk
And look at Single Sign-On. That describes the above scenario with fast switching.