Alright, looking at the JS SDK there is this:
auth.statusChange
Typically you will want to use the auth.sessionChange event. But in rare cases, you want to distinguish between these three states:
Connected
Logged into Facebook but not connected with your application
Not logged into Facebook at all.
So I would be using
FB.Event.subscribe('auth.sessionChange', function(response) {
// do something with response
console.log (response)
});
You'd have thought this is exactly what I need, but guess what. Even if I satisfy the condition :
Logged into Facebook but not connected with your application
I'm still getting session = null!
Can anyone please suggest a way of getting the session of a logged in user but hasn't yet approved the app.
Thanks
Can't get session unless the user approved your app.
You can use http://developers.facebook.com/docs/reference/javascript/FB.getLoginStatus to see if user logged in, but not connected.
"The status of the User. One of connected, notConnected or unknown".
Related
Before make the app ask for authorization, i've tried to make an fql request to get user parameters (at least those allowed by the basic permission) in order to check if he has already authorized the app once (users who have authorized the app i will store their names on a cookies for example and i will compare the fql request result with their list..) but i couldn't get anything from that fql request. i think now by also reading this question that it is not possible to know that.. any clue ?
I'm not asking to know wether user has authorized the app in real time but in the past even before being logged in and then out.
When you authorise your app, the user must first login on facebook, and that's means that you can check if the user is logged in or not, if not, that doesn't mean he hasn't authorised the app before, but if yes, then of course the app is authorised, maybe it's not what you exactly want, but I think it does the job.
if(Facebook.loggedIn) {
alert("Must be authorised before");
}
else {
alert("If this is the first time, the app is not authorised yet.");
}
By the way, don't logout from facebook until you need to, so you're always authorised and can request what you want anytime during the app.
I think you can query the user table and check for the value of is_app_user.
SELECT is_app_user FROM user WHERE uid = 'USER-ID'
But the thing is that where exactly would you like to check this? After login itself you can get to know whether the user has authorized the app or not!
I am developing a facebook application. In this application I want to get login status of my application users. If any user of my application leave my application without logout to my
application, then how can I track that user's Login status? can I use access_token or user id of that user for getting status?
Well, if I understood you right, you can get the login status using
FB.getLoginStatus(function(response) {
if (response.authResponse) {
// logged in and connected user, someone you know
} else {
// no user session available, someone you dont know
}
});
I didnt get the second part of ur question, "........If any user of my application leave my application without logout to my application, then how can I track that user's Login status?......" Whatever case, I guess the above FB Javascript SDK should give the login status b/w facebook and ur app..
https://developers.facebook.com/docs/reference/javascript/FB.getLoginStatus/
Hope that helped
I've never been to Yelp on this new computer I'm on, however that site was able to see that I'm a facebook user and cusomized the site for me.
Can someone tell me how this is accomplished, and what I need to do to imitate this?
You've authorized a Yelp owned Facebook application somewhere (from your phone, yelp.com, or somewhere). If you authorize a Facebook application, that application has access to information that you provide to it through your Facebook account. Meaning, you should be able to see a "Yelp-owned" application listed here: http://www.facebook.com/settings/?tab=applications.
If you want to imitate this on your own site you should read more on Facebook Applications at http://developers.facebook.com/docs/authentication/. You simply register a Facebook application, then plop the Facebook JDSK into your site to ascertain if a user has authenticated with your facebook application or not.
FB.getLoginStatus(function(response) {
if (response.session) {
// logged in and connected user, someone you know... customize the experience
} else {
// no user session available, someone you dont know...
}
});
Im using Facebook's SDK for my site so users can login with their FB account. The problem is that if they are logged into FB and go to my site, the get auto logged in(only if they have accepted to use it on my site.)
Is it possible to make it so they have to press the login button if they want to login?
This sounds like a behavior derived from a cookie that's persisting. Maybe they're not getting auto-logged in, but rather they are still logged in from last time.
I don't know what your code looks like, but try running FB.getLoginStatus() when the page is visited and the authResponse object is not null then there's an active cookie showing the user to be both authorized for the app and currently logged in. You could
FB.getLoginStatus(function (response) {
if (response.authResponse) {
// take whatever action you want
}
});
Facebook lets you ask 'offline' permission from users which would be a cookie that never expires; it sounds like you want one that expires as soon as the user closes their browser and I don't know if FB currently gives us a way to control that, but I don't think so.
I'm trying to build a canvas iframe application for Facebook. The app needs to do a couple of things:
Within Facebook display a leaderboard comparing you to your friends
Post messages to your wall
Facebook recommend building all new apps as iframe apps, hence using this API.
I've downloaded the PHP SDK and installed the example as my app.
I'm confused as to why the example.php presents a login button to a user - isn't the idea that the current user is already logged into Facebook?
My current solution redirects the user to http://graph.facebook.com/oauth/authorize for authorisation, then grabs the OAuth token (for posting messages later) and heads back to an application page within the Facebook canvas.
Is this really the only way to get the current Facebook user associated with my app, and to get permissions for posting messages later?
If you want to get the current logged in user on the server side, the best way I've found to do this is to try to make an API call:
try {
$response = $facebook->api('/me');
}
catch (FacebookApiException $e) {
//User not logged in
}
If the call is successful you now have access to the logged in user id, access token, name, and some other basic stuff (ex. $facebook->getUser() or $facebook->getSession()). Otherwise if you catch a FacebookApiException, you know the user is not logged in and will need to redirect the user to get an access token. The simplest way is just redirect to the url returned by $facebook->getLoginUrl() (http://github.com/facebook/php-sdk/blob/master/src/facebook.php line 322) which you can pass in required permissions:
$facebook->getLoginUrl(
array('req_params' => 'email,publish_stream',
'next' => 'http://www.redirct-upon-login.com',
'cancel' => 'http://www.redirect-if-user-clicks-cancel'));
You can basically do the same thing in Javascript (which I prefer since there's a popup dialog/window instead of a redirect):
FB.login(function(response) {
if (response.session) {
if (response.perms.indexOf('publish_stream') != -1) {
//User has logged in and given us publish_stream permissions
);
else {
//User has logged in but not given us publish_stream
}
}
else {
//User is not logged in
}, {perms:'offline_access,publish_stream'});
To answer your other question on the example.php, it looks like the login button should only be shown if no user is logged in. Otherwise, it shows a logout button.
With regards to redirects, that's basically how OAuth need to work if it is to serve the purpose of securely allowing a third party to take actions on a user's behalf (your app posting on the user's wall for example). Facebook needs the user to approve your 3rd party app to take actions so it needs the user to prove his/her identity to give this okay (otherwise you could just impersonate the user). Facebook needs to be the one asking for this okay too, not your app (hence the redirect to Facebook's site) because it would not be very secure at all if your app could just speak for the user. It is a pain though I will agree and Facebook's documentation does not help this in the slightest.
It's helpful to understand that the getLoginUrl() and getLogoutUrl() methods of the new SDK are references to the URLs required for the user to grant or remove the specified permissions - not to actually log in or out of anything in the traditional sense.
Still, the terminology somewhat fits since logging in or out of a site indicates a change in permissions.
Look at this relevant post about javascript authentication.
You can customize the text that shows up for the button with the JS SDK (which is what I would highly recommend using if you're just getting started with a Canvas application):
<fb:login-button size="medium">Authorize MyCoolApp</fb:login-button>
For example: http://apps.facebook.com/fbrelll/xfbml/fb:login-button.
The OAuth approach you mentioned will also work just fine.