facebook registration and authentication - facebook

i'm using the registration plugin for my website
http://developers.facebook.com/docs/plugins/registration
i want permission to post users's wall is there any way that on the same log in
( on the registration ) the user will promp to agree for the permissions (authentication)?
thanks !

From the Facebook Developer Forum:
There is no way at the moment to requests extended permissions through
the Registration Plugin so you'll need to request it afterwards.
It goes on to acknowledge that this is a missing feature that should be added at some point.
From what I can find, it looks like the legacy fb:prompt-permission tag would be a great way to ask the user to grant the permission. However, Facebook is in the process of deprecating FBML, so that's probably not a good idea.
The Facebook Authentication documentation explains how to gain the additional permissions using the latest OAuth model. I am still struggling to wrap my head around this myself.

Since you're using Facebook registration I'm assuming you have a database that collects user info. So what you need to do is not rely on Facebook to see which user has registered with your website but instead use the simple login with permissions on first time users and then after they are "connected" to your website check to see if they are in your database or not, if not send them to the Facebook registration plugin page and force them to register. :)

Related

When using Facebook login, how do I skip the permissions page?

I need only the basic permissions "email", "public_profile","user_friends" and I need all of them for my app to work. 
FB login takes the user to permissions page and he/she can just uncheck email and user_friends and I will have to handle it separately.
Yes, I do understand the trust equation here that has been discussed in a lot of questions on SO.But a lot of apps somehow circumvent this. e.g. Uber
Uber is probably using an old App created before end of April 2014. Those basic permissions where included back then. In newer Apps you can´t force a user to authorize all permissions, he will always be able to skip the extended ones.
One good way is to use the "return_scopes" flag of FB.login and check if the user accepted the neccessary permissions right after the authorized your App: https://developers.facebook.com/docs/reference/javascript/FB.login/v2.2

Facebook OAuth 2.0 / connect

Im starting to implement the Facebook apis into my website..
Where i am having trouble is understanding the oauth api. Maybe this inst the correct api?
Basically what i am trying to do is allow the user to sign in / register with Facebook and and storing that information in my database as a new user as i will be creating a profile from this. I would also like the user to be able to login with or without Facebook using his credentials. I understand he would have to create a password on my site. Is it practical to store his information .. Name Address email and other information.
I am very confused with the api and need help. reading through the documentation i cannot find where this explained.
Look at how to authenticate user using facebook login system on your website
About your question on storing emails, check facebook policies are mentioned here
Use graph api for accessing user details and other stuff
Hope this helps

Facebook account to replace registration?

I'm new to all this. This is what i'm after and i'm sure it's possible.
I've got a script where people can register/login in to as members. What i'd like to do is tie it in so that it just uses Facebook users details for the registrations. I've managed to set it up to sign up and and complete a registration using a user's name and email.
What i'd like to do now is automatically log the user in if they're logged in on facebook, is this possible or will they need to click a login button that then takes them to their page? If they need to click a button to login, how do I go about getting the button to take their facebook details and log them in? Also what happens in regards to passwords on my site? Is that stored in the app somehow?
Ideally i'd like to use the popup version of verification rather than the iframe that i've got set up at the moment.
Cheers in advanced for any help for a n00b!
This is in fact possible. Although I for my part was never a fan of such things here's some human-readable (simplified) theory:
Facebook uses a system called OAuth ( http://de.wikipedia.org/wiki/OAuth ). That means, when you want to have the user login onto your site using Facebook you'll of course need to provide a button/facebook-login-frame (see documentation) that says "Log me in with Facebook" or so. You then access Facebooks API (more here: https://developers.facebook.com/ ) and basically tell Facebook who you are ("Hi I'm website XY"). While that happens your user is redirected to Facebooks "permission-landing-page". On that page he needs to confirm whether he is fine with your website accessing certain information (like his name). If he confirms your website receives an access-token granting you access to a subset of his user information which you can then use to personalize his expeirence on your website.
Check out facebooks documentation because they explain exactly your usecase in detail.
(here: https://developers.facebook.com/docs/authentication/ )
PS: You'll of course never have any access to his Facebook login/password. That's kind of the idea behind "delegating" the authentication via OAuth to Facebook. Facebook only provides you with an access token (bound to that particular user who logged in and granted your app/website permissions)

CanvasAuthorizeAttribute with no extended permissions

I am creating a canvas application using the Facebook C# SDK and am trying to authenticate the user without asking for any extended permissions.
When the user adds the application the CanvasAuthorize attribute is not redirecting the user to the facebook permissions page.
This process works fine if I ask for "publish_stream" or any other extended permission but I only want to ask for basic permissions initially.
Is there any way to do this using the SDK?
If i'm guessing right the basic permissions you require are FB User Id or may be first, last name, I don't think you'll require to authenticate the user for that. Simply make an object of FacebookApp and try getting the required data, if it does get the basic data then you are good to go, otherwise in the meanwhile I'll try looking into it :)
Cheers,
Nauman
The new version of the SDK (5.0.3) now uses the new oauth page instead of the php plugin to authorize the user. This installs the app even when no extended permissions are specified.

Facebook app without asking permission on load

How do I make an app that doesn't ask for permission when you load it?
Or is that impossible? The only thing the application does is post to the user's wall, but can't I authenticate for that after they load the application?
You can, not sure why others are so positive that it is not possible.
On your server side you can check through facebook api if current user granted you required permission. If not, pass some flag to your fbml where you can display permission prompt link:
Would you like to <fb:prompt-permission perms="publish_stream">allow us</fb:prompt-permission> to post on your wall?
You are not obligated to require users to authorize your app either (but you need authorization before checking for granted permissions or retreiving any user information), you can still allow users to use your app. In fact allowing users to use an app without authorization is even encouraged by facebook recommendations. For optional authorization you can put such fbml on your page:
<fb:if-is-app-user>
<fb:else><a href="http://www.facebook.com/login.php?api_key=...&v=1.0>Would you like to authorize this app?</fb:else>
</fb:if-is-app-user>
If you want to post to their wall via a prompt instead of requiring prior authorization, you should use the connect library. Then you can use some javascript to open the dialog.
In fact, another SO question gives you exactly what you need.
Or is that impossible. The only thing
the application is going to do is post
to the users wall, but can't I
authenticate them for that after they
load the application?
To publish content to users' walls, you need to have the steam_publish permission from them first.