How to specify Extended Permissions in the JS SDK Auth request - facebook

UPDATED TO BE MORE CLEAR (hopefully :)):
Related to this page, specifically the SSO section: http://developers.facebook.com/docs/authentication/
You've got the option Facebook says to use either that facebook connect button (whatever connect means nowdays with Facebook is a grey fog to me now) or just roll your own image as a button and on click call FB.Login().
So I tried the facebook button route which lead me to a complete brick wall. I mean I can get it working, auth, login, all that but I have no clue how to pass extended permissions through this entire process with the button:
window.fbAsyncInit = function () {
FB.init({ appId: facebookApplicationID, status: true, cookie: true, xfbml: true });
FB.Event.subscribe('auth.sessionChange', function (response) {
...rest of code
Ok, how do I attach extended permissions to this call? Of course you can do it easily if using Login() but why doesn't facebook show any examples or state whether the perms parameter exists in terms of placing it somewhere in this process of using that button!
related links: http://forum.developers.facebook.com/viewtopic.php?pid=248096#p248096
I don't even know why they have that button in here when it looks to me like most everyone is just simply calling Login() inside the Init. I assume then calling Login() still manages the SSO in terms of cookie, etc.?
Is anyone using this button or are you just going with FB.Login() ?
I'm running this in an iframe on our own hosted website...not embedding code into the facebook site itself (which I believe is called canvas right?).

RTFM. Yes, I mean friendly.
Right below the Single Sign-on section is the Account Registration Data section and I've copy-pasted this from there.
<fb:login-button perms="email,user_birthday"></fb:login-button>

Not exactly sure what you are trying to accomplish here. If you want to get information about your user or take actions on their behalf on Facebook, you need the user to tell Facebook it's okay to do so (this only needs to happen once) which is why you need to you call FB.login as described here: http://developers.facebook.com/docs/reference/javascript/FB.login.
FB.login(function(response) {
if (response.session) {
if (response.perms) {
// user is logged in and granted some permissions.
// perms is a comma separated list of granted permissions
} else {
// user is logged in, but did not grant any permissions
}
} else {
// user is not logged in
}
}, {perms:'read_stream,publish_stream,offline_access'});
They need to enter in their password to prove it's really them to authorize your app. If you need extended permissions, the second parameter in FB.login allows you to do this.
If the user is already logged in to Facebook (for example in another tab) then there's no need to log in and the login screen should be skipped. If the user is both logged in an has already authorized your app then there's no need to call FB.login.
You check check the user's login status (and permissions) with FB.getLoginStatus: http://developers.facebook.com/docs/reference/javascript/FB.getLoginStatus before deciding whether or not to call FB.login.

Related

Cannot list Ad Accounts in facebook app

I'm developing a pure-html/js web application (actually I'm using AngularJS; with "pure" I mean: I'm not using any server side technology) which uses a Facebook-Connect button like this:
<fb:login-button max_rows="1" size="xlarge" scope="email,public_profile,ads_management" show_faces="false" auto_logout_link="false"></fb:login-button>
Such button asks for permission: ads_management and basic user data. I'm testing ad-management functionality.
However, I ask two queries to facebook inside a controller:
$scope.fetchData = function() {
FB.api('/me', function(response){
$scope.$apply(function(){
console.log("InApp::fetchData()");
console.log(response);
console.log("~InApp::fetchData()")
});
});
};
$scope.fetchAccounts = function() {
FB.api('/me/adaccounts', function(response){
$scope.$apply(function(){
console.log("InApp::fetchAccounts()");
console.log(response);
console.log("~InApp::fetchAccounts()");
});
});
};
$scope.fetchAccountData = function(account_id) {
};
$scope.fetchData();
$scope.fetchAccounts();
For narrow-purposes I just printed the contents of a controller. Assume such controller exists, requires the person is logged in Facebook, and the user is currently logged in.
My Issues are:
The Login button does not update the page when I login. This is because no onlogin= was put. Question: How can I assign such attribute in an Angular way? (i.e. the handler coming from the scope).
$scope.fetchData is successfully executed. However, $scope.fetchAccounts is not. I'm asking this because I included the ads_management permission in the button. Question: What am I missing? (error: code: 10
message: "(#10) You do not have sufficient permissions to perform this action"
type: "OAuthException"). Edit - Additional notes: I deauthorized the application in my account, and reauthorized it: It never asks me the ads_management permission in the popup dialog.
The first question, no idea. The second question, your app is not whitelisted for Ads API usage. Look into the Ads APi documentation on how to request access.

FB.getLoginStatus with "force"=true only working for some usersadmins when used twice

We have a requirement on our site which forces a user to like a fan page before they can proceed on our site. Since Facebook requires a user to allow access via an app for this type of data, we have an initial call to FB.getLoginStatus which sends the user down three paths, based on the 3 responses (unknown, not connected, connected). Our problem exists in the "unknown" branch. This initial call to FB.getLoginStatus works fine for everyone, if the user is unknown (logged out) we show them the Like Box social widget, then the user clicks on it and logs in (thus liking the page), and then we use the callback of FB.Event.Subscribe('edge.create') to run FB.getLoginStatus again (to check if the user was simply logged out but has previously allowed our app). At that point, if the user previously allowed our app, we allow them to continue, if not we show them an "allow" button and on that user interaction and callback we allow the user to continue. This logic flow works for a hand full of people, including a few of the administrators listed for the app, but not the majority of users. On the second call to FB.getLoginStatus we are using the second parameter "force=true". Can anyone give insight into this behavior and/or point to a thread with a similar glitch? Thanks in advance, this one is a head scratcher!
FB.getLoginStatus(function(response) {
if (response.status === 'connected') {
} else if (response.status === 'not_authorized') {
} else {
}
}, {force: 'true'});

How to Detect a user declining a permissions request dialog that redirects to a Facebook TAB application

I posted this on the Facebook Dev forum and heard crickets...hopefully stackoverflow is a better bet.
This question is regarding the request permissions dialog being spawned from within a Facebook Application Tab specifically (not a canvas application).
If a user clicks "Allow", or "Don't Allow" the user is redirected to the same URL as specified in the redirect_uri parameter.
If the case of a canvas application I can use the error information that is passed in the URL to distinguish between the user who has accepted or declined the permissions request.
However, if the redirect URI specifies an Page TAB Application (and not a canvas app) I cannot pass this information into the iframe -- the only thing that gets passed through is the app_data parameter through the signed request parameter. (I can set the app_data parameter with the redirect_uri but since this is the same if a user accepts or rejects the permissions dialog, its of no help)
If anyone could let me know if its possible for a Tab Application to "know" if a user clicks "Don't Allow" within a request permissions dialog (or has any other suggestion) I would be very grateful!
Thanks very much
I don't think you can do what you require within a Facebook tab using a login url. Have you considered using the JavaScript SDK instead?
FB.login(
function(response) {
if (response.session) {
if (response.perms) {
// user is logged in and granted permissions
} else {
// user is logged in, but did not grant any permissions
}
} else {
// user is not logged in
}
}, {perms:'list,of,permissions'} // if required eg {perms:'publish_stream, email'}
);

How to show the Extended Permission Dialog in FB using new Graph API?

I used the old rest api for showing the Permission Dialog in Facebook before.
Now, with the new graph API, what can I do? (I'm in IFrame Apps).
I know that I can cheat and popup the permission in a seperate window:
FB.login(function(response) {
if (response.session) {
if (response.perms) {
// user is logged in and granted some permissions.
// perms is a comma separated list of granted permissions
} else {
// user is logged in, but did not grant any permissions
}
} else {
// user is not logged in
}
}, {perms:'offline_access'});
like that.. call the FB.login again (let say I want people to click on a different button and trigger the extended permisison dialog)
However,it looks ugly,and it doesn't look like a dialog.
Is there a way to generate the dialog? I try to figure out whether FB.ui can help but there is only little information about that.
In addition, I don't think the 'response' callback ever execute. Neither I click "Don't allow" or "allow", won't trigger any call back. any idea?
hihih..anyone can help me?
Finally. find out the solution from another website.
first. after FB.init( ... ); do that:
FB.provide("UIServer.Methods",
{ 'permissions.request' : { size : {width: 575, height: 300},
url: 'connect/uiserver.php',
transform : FB.UIServer.genericTransform }
} );
Then, whenever you need to call the permssion dialog, do that:
FB.ui({method: "permissions.request", "perms": 'email,offline_access'},
callBack);
It took me so long to figure out by looking at the FB object and find out there is UIServer with permissions.request then from that, I keep searching and find this solution. and FB.ui talks nothing about it.. and FB.provide is not documented. THANKS facebook.
You don't need to use javascript or any SDK for this although it would make it easier. You need only to redirect the user to a url like this:
https://graph.facebook.com/oauth/authorize?
client_id=...&
redirect_uri=http://www.example.com/callback&
scope=user_photos,user_videos,publish_stream
You should always redirect the user to the top window either with javascript or the link.
window.top.location = <login_url> or Login
If you are using the PHP SDK or the C# SDK you could have the sdk generate the url for you, but the process is the same.
Also, not that the redirect_uri has to be on the same domain as your iFrame application's url. This will cause Facebook to redirect your user outside of Facebook to your website, you then should redirect the user back to the app inside of facebook. For example:
User clicks login
user goes to Facebook login page
User clicks allow
Facebook redirects the user to http://www.example.com/callback
Your app redirects the user to http://apps.facebook.com/myapp/loggedin
One of the answers suggests a hack in which you call FB.provide() and then FB.ui() to pop up the extended permissions dialog. That solution doesn't work for me, but there is a documented solution now that does. Just call FB.login() to get the permissions you need.
FB.login(function(response){
if (response.authResponse) {
alert('success!');
} else {
alert('fail!');
}
},{scope: 'email'});
Even better, you can ask for extended permissions with the login button.

Facebook Connect require login for some links

Is there any fb tag i can use to wrap around my html anchor tag so that if the user isn't logged in, they will get prompted to login before getting access to the link?
I'm using python/django in backend.
Thanks,
David
You simply need an if statement to check whether a facebook session exist or not. If not redirect them to the login page.
-Roozbeh
First I think you must create a Facebook App.
Second: if you are programming in PHP, you should use the PHP SDK.
See: https://developers.facebook.com/docs/reference/php/
Third: Use getUser method:
https://developers.facebook.com/docs/reference/php/facebook-getUser/
I'm almost sure that getUser will return 0 if the user has not accepted your app, so IMO it's not the best method to find the user connection status on Facebook.
Also, getLoginStatusUrl could help, with this function you could make redirections based on the user status on Facebook, and think of a mechanism to show or not the contents based on parameters and session variables (it's an idea).
See: https://developers.facebook.com/docs/reference/php/facebook-getLoginStatusUrl/
Hope that helps.
Using the JavaScript API you'll want to use FB.getLoginStatus to wrap around the anchor tag. See https://developers.facebook.com/docs/reference/javascript/FB.getLoginStatus/
Example from that page:
FB.getLoginStatus(function(response) {
if (response.status === 'connected') {
// the user is logged in and connected to your
// app, and response.authResponse supplies
// the user's ID, a valid access token, a signed
// request, and the time the access token
// and signed request each expire
var uid = response.authResponse.userID;
var accessToken = response.authResponse.accessToken;
} else if (response.status === 'not_authorized') {
// the user is logged in to Facebook,
//but not connected to the app
} else {
// the user isn't even logged in to Facebook.
}
});
Note: I would simply make this call up front and set my own JS variable boolean on the response so I didn't have to use the FB API call again. Then wrap any dependent code with a simple JS boolean test.