Is it possible to have a client app which can authenticate using Facebook but without requiring browser(I mean no embedded browser in the code)?? User inputs the username/password and allow access to app using the client app only.
Any Suggestions will be of great help.
Thanks,
Tara Singh
Edit: I have created app in Python which requires browser interaction. Now I want to get rid of that and do it using my client app only. Any Links/Tutorials??
Thanks Again
I know this is an old question and it's answered but I thought 'horse mouth GET'. From Facebook: https://developers.facebook.com/docs/authentication/...
Our OAuth 2.0 implementation does not
include explicit desktop app support.
However, if your desktop app can embed
a web browser (most desktop frameworks
such as .NET, AIR and Cocoa support
embedding browsers), you can use the
client-side flow with one
modification: a specific redirect_uri.
Rather than requiring desktop apps to
host a web server and populate the
Site URL in the Developer App, we
provide a specific URL you can use
with desktop apps:
https://www.facebook.com/connect/login_success.html...[cont]
Actually the answer is absolutely not.
In order to authorize your app a user has to enter their facebook username and facebook password on facebook site and you need web browser for this. There is no way to skip this step (you can't ask what their username and password are and then exchange it automatically for access token). You can read more about this here.
absolutely yes, but, we'll need to know which programming language you want to use before we can give much advice.
For example, it's possible using httpclient for java and python to encapsulate all the functionality you need, others can chime in with libraries that they use for C, C++, perl, etc.
[edit]
search for httpclient and how it's used with python. if you run wireshark on your system, you will be able to watch the data interchange (if you don't understand the http protocol completely) and then implement that in your code.[/edit]
Some good links in this regard:
http://developers.facebook.com/blog/post/289/
https://developers.google.com/identity-toolkit/
https://developers.google.com/accounts/docs/OpenID
http://facebooktoolkit.codeplex.com/
http://csharpsdk.org/
http://blogs.msdn.com/b/appfabric/
Apparently now you can, if you're a beta tester for their newest feature: https://developers.facebook.com/docs/authentication/devices/ Reminds me of PIN's on Wifi
Yes and no,
I've had the same problem with my server. It was console only, so I had to make a solution. First I've logged in using the lobo java webbrowser. I've transfered the cookies of lobo to my server.
Related
I built a native Windows app (non Windows-Store) that uses the Facebook API.
I wanted to make it public which means going through their review process which means (among other things) selecting the app's platform.
Sadly a native Windows app is not one of the choices: Facebook app platform selection screenshot
I found 2 unanswered questions on SO on the same topic:
one
two
How should this be done in a proper way?
Thanks in advance.
PS:
I found a post a few days ago where the poster said he registered such an app by setting the platform to "web site" (I didn't keep the link).
This does not look like a good long term solution and also I don't have a domain to provide.
In short, you must set your platform to Web.
The reason for this can be found in the official documentation on building your native logon flow. There is no secure way of creating a logon flow without a server, as this would imply storing your App Secret inside your binary or app config file.
So the recommended (and only supported) way is to create a server which stores the App Secret and handles authentication for you. And use this server from the WebBrowser/WebView control which you embed into your native application.
This means you use the logon flow from a web browser via a custom server and you should have a domain for it (a domain is quite cheap nowdays, it should not be a problem). So you are building a web app embedded into a native app.
For a successful login review do the following:
Choose Web as your platform
On the Settings page in the Advanced tab choose Native App.
Create a screencast (Start your app, logon, use all the requested permissions and that's it. Do not edit it!) and upload it to the web (YouTube/Vimeo/...)
When submitting provide a link to your screencast.
I am building a mobile app with jQueryMobile and I intend to deploy it onto iPhone thanks to PhoneGap.
My question is : how can I authenticate myself with Foursquare using the OAuth2 protocol in my jQueryMobile app ? One solution would be to use the useragent flow of OAuth2 but this would force the iPhone to launch Safari and thus not stay within the app. Are there any better solutions than this ?
For an iPhone-based or client-side application like you would have in PhoneGap,
Foursquare recommends one of these methods.
If you have no substantive server code, you can embed a web browser and use the token flow, redirecting the user to a dummy page on your domain. You can then grab the token off of the URL and close the browser. We have sample Android and iOS code for your reference.
If you have a server as part of your application, you can use the server flow above, possibly in an embedded browser. Similar to the Facebook API, you can add display=touch to your authorize or authenticate URLs to get a mobile optimized interface.
An alternative to the above is to use the server flow and an external browser, but redirect to a custom URI handler that brings the user back to our application. You can embed the secret in your application and exchange the provided code for an access token. PLEASE take steps to obfuscate your client secret if you include it in released code, and be prepared to rotate it if needed.
https://developer.foursquare.com/docs/oauth.html
This could probably be handled with the ClientBrowser plugin for PhoneGap or just adapting the sample code they have provided into PhoneGap plugins.
One of the core intentions of OAuth2 is to not allow browserless authentication flow like we did with XAuth in the past. Service providers want consumers to see what permissions they are signing off on, and want control of that process.
I'm not very experienced with Phonegap, as I'm a native developer, but if there's a way of instantiating a UIWebView and showing it to the user, you could at least keep the web interaction 'inside' of the application. Given phonegap is basically showing a UIWebView this should be possible. It is possible to examine the source of the html within a UIWebView using
- (NSString *)stringByEvaluatingJavaScriptFromString:(NSString *)script
For a middleware system with internet (which works inside a set-top box) I want to develop a primitive Facebook interface where users can type their user-names and password, showing their latest notification, messages and other casual stuff on the TV screen by using the recent Facebook Graph API.
This middleware program uses Java ME to run programs (such as this simple facebook app) and it can connect to internet however it doesn't have a real web browser. Without browser it can connect to any url to retrieve the JSON response however I am not sure how to achieve authentication without a real browser.
Under this circumstances, is it possible Facebook authentication? If you think so, what approach would you suggest ?
Thanks
Facebook provides trusted partners with a private Authorization API to get an OAuth 2 token from a username / password.
A more complicated approach would be doing something similar to how Netflix enrolls a device:
device calls server to obtain a Code
device shows code on screen and directs user to go to URL on server and enter Code
server redirects user to Facebook and obtains OAuth token, user told to go back to device
device calls server with Code and obtains OAuth token
device can now make calls directly on behalf of user
According to this documentation on "Desktop Application Authentication" I don't believe your desired result is possible:
Facebook's OAuth implementation does not include explicit desktop application support. However, if your desktop application can embed a Web browser, you can add Facebook support to your application easily using the same OAuth User-Agent Flow used by JavaScript clients.
However, it is clearly possible for certain vendors to do this, since Microsoft's Xbox 360 Facebook application does exactly what you are proposing. I'd be interested to see if anyone has dug up any API for doing this that Facebook doesn't want in their most obvious documentation.
This isn't an answer but I'm trying to do the same thing. Check out this guy's blog which uses another server to proxy the requests:
cory wiles blog
If you figure it out please post a detailed answer here so I can do it to.. :)
I think it is possible though it is pretty complicated and subject to sudden changes of Facebook interface. It might break the agreement between you and Facebook.
What you do is to emulate the Facebook.
One path you have to set up a Facebook application. Once you got the authorisation from user, you can to something with Graph API.
You need to the Facebook log-in process and authorisation process. There are some capturing tools on http/https request and response. Analyse them, both header and body.
Once you know the authorisation mechanism, you can replace it with you own. Everything afterward is on Graph API.
Another path is to emulate Facebook login and message and notification process. Capturing and analysis is needed.
In the past I have used a tool called screen-scraper (full disclosure: I used to work there) to automate logging in to facebook. Basically, it imitates a browser session; it allows you to set session variables (i.e. username, password) which would then be submitted to facebook, just as if the user had submitted them in a browser.
You may not be able to use screen-scraper in your set-top box environment (although it is java-based, so it's possible it would work). Even if it doesn't, you could implement a similar strategy in java, making the HTTP calls a browser would make to load the login page and submit the user's credentials. To keep the user's info safe make sure whatever HTTP client library you use supports HTTPS.
Proxy tools and extensions like Charles, Fiddler2, Firebug, Chrome's dev tools, etc. are helpful in seeing exactly what the browser is sending to the server in requests.
I have a link to a Facebook page from a website. I know I can use the URL scheme href="fb://" to open up the Facebook application from within an iPhone, but if the iPhone user does not have the native application installed, an ugly error message pops up. I would rather just send this user to the Facebook website.
There's gotta be a way to do this, but everything I've tried has had some short-coming:
Can't make a HEAD request to a different server
Can't run a try catch javascript function since the event leaves the client page
Can't seem to access information about the user's applications... or can I? I've read a bit about a cookie called "appInstalled" but can't find any real documentation about it.
Any ideas out there? Thanks a ton in advance.
Denis
Can a website determine if a device [iPhone] has certain applications installed ? I'm pretty sure that's a big NO because of privacy and security concerns.
Not a really technical answer, but you could change the user interface to give the user an option. For example, having:
Click here if you have the facebook application installed on your iPhone.
If you do not, click here to go through to the site.
Sorry that I cannot offer a "proper" solution, I'm not really that familiar with iPhone development.
I'm writing a sort of visualization desktop (non-web) application, just for fun.
However, ideally I'd want it to be able to pull information from the user's facebook account. (after getting its credentials, of course)
What's the best way to do this? Should I register a new 'facebook app' even though I'm not really making it web-based? I've never written a facebook app before.
I'm using Java as my prog language, btw.
Thanks!
Yes. Facebook supports desktop applications, but they must go through a special authentication mechanism. Essentially, the user will need to be directed to facebook through a web browser window as part of the authentication process.
Here is the documentation on the authentication process: http://wiki.developers.facebook.com/index.php/Login_Desktop_App
There is a relatively polished Java library for facebook here: http://code.google.com/p/facebook-java-api/
If the Java library above does not meets your needs, you can build an implementation on your own. Essentially, you will need to interact with the Facebook REST server, as described at the top of the page here: http://wiki.developers.facebook.com/index.php/API
Edit: After doing some more research I have a few more resources to provide:
Here is a list of some applications written using Java for facebook:
http://wiki.developers.facebook.com/index.php/Facebook_apps_written_in_Java
And there's even a neat desktop application that is open source here:
http://code.google.com/p/fb-photo-uploader/
Good luck!