I want users to able to sign up in my application(rails) using facebook connect.
However I am not very sure what all information of the user will be available ,specifically the email of the user. I know that the emails of the user's friends are not available, but not sure if the email of the user himself is available.
You can prompt the user for email extended permission.
Related
I'd like to offer our users a Facebook login option. But I'm not sure how to identify existing users (without a stored Facebook ID).
From the docs:
https://developers.facebook.com/docs/facebook-login/multiple-providers#addingfacebook
After a successful login using Facebook, you will have the person's
email address, Facebook ID, and access token. Your app should search
for an existing account that has been created with that same email
address. If one exists, you should merge the two accounts and add
the Facebook info to the existing account - as recommended above.
That doesn't sound like a secure approach to me. What would prevent someone from creating a new Facebook account with a fake email address that matches a user account in my app and then use my Facebook login option? (Obviously, this will not work if the user already owns a Facebook account)
Your concern...
That doesn't sound like a secure approach to me. What would prevent someone from creating a new Facebook account with a fake email address that matches a user account in my app and then use my Facebook login option? (Obviously, this will not work if the user already owns a Facebook account)
TL;DR
Facebook Registration process
Go to facebook.com/reg.
Enter the name you go by in everyday life.
Enter your email or mobile phone number.
So...
Facebook needs your email or phone number, that means there's no way someone can use another account's email or phone number to sign up again.
My advice to you is...
You have two or more authentication methods - 1 manual (email & pass) | the rest (social login).
You already have users, so when users login using OAuth and a matching email or phone number is found, you ask permission to link their Facebook account to your app or site account with a matching credential.
At this point you should authenticate the persons identity one last time, by having them enter the password for their account on your app or site.
Now you can safely assume this person is who they say they are and store their info in your DB.
My application allows for user authentication via Facebook. I am calling FB Graph API to get details on a logged in user like so...
https://graph.facebook.com/<fbUserId>
But sometimes I see that email address is not one of the fields which is returned. I think this is because when the user was prompted to allow my app access to their public profile and email address, the user chose not to provide their email address. However my application needs email addresses. Is there any way I can tell FB through the Graph API to make that "Edit the info you provide" dialog to reappear so the user can subsequently choose to give their email address?
I think you're asking about how to re-prompt users who denied a permission, so that they're asked to grant the already-declined permission?
If so, you can check which permissions were granted and then re-prompt for those which were previously declined - as you noted, users aren't prompted multiple times to accept a permission if they've already declined it
To re-request, use auth_type: rerequest in your call to FB.Login() (javascript) or your call to the Login dialog; I believe the mobile SDKs handle this automatically (e.g. FBSDKLoginManager in the IOS SDK)
Note that with your specific example, it's possible a user won't have an email address accessible via the API even if they do grant you the email permission, as they may have an unreachable address, be a user without a confirmed address, have signed up to Facebook using a mobile phone number, etc
As a result, you may need to build a UI for users to manually supply their email address anyway, if that info is truly necessary for your app
I'm implementing a Log In With Facebook button on my website, and will be using the email field for two purposes:
create a new account if I don't have this email in my user database
match an existing account if I have a user with this email address
Does Facebook guarantee that they verified the user owns this email address when they return the field in their API?
Otherwise, in the (unlikely) event that a user of my website does not have a Facebook account, someone could create a Facebook account with this email, without validating it, to log in to my website with their account.
They are supposed to be but Facebook has had issues in the past of unverified emails being allowed to pass through the API Is it possible to check if an email is confirmed on Facebook?.
If you implicitly allow Facebook accounts to link up via email, then the next time Facebook has an issue they can effectively take control of all your users accounts.
The secure way to link users up is to either:
Ask a normal user to link their facebook account by logging into it.
Ask a Facebook-user to login with your sites normal account.
I own an application which has already granted the send-email extended permission. Unfortunately I didn't record the email address's upon their login process. Is there any way to get email of users now, even if they are not logged in?
Keep in mind that they have already granted the email extended permission, but unfortunately I didn't store their emails.
If you recorded their Facebook user ID, you could try to call graph.facebook.com/userID?access_token=... with your application access token or appID|appSecret.
I am developing an iPhone application that will send email to a logged in user friends'. I am using FacebookConnect for the same. The problem is I am getting the uid of all friends but what is the way to send email to these uids(friends UID).
Also I m not able to get the email id of any of the facebook friends.Can I get the emails of the users facebook friends in my iPhone App ?
Please help me out
Thanks
I don't think you can get email of friends. Although you can send an email to uids provided they have granted permission to you app.
A comma-separated list of recipient user IDs. The recipients must be people who have already authorized your application. You can email up to 100 people at a time.
Beyond general information you are require extended permissions which requires authentication (which you are using). Any extended permission works only with the user who has granted it to. So your app's user's friends will have to grant the permission to email before you can send them one. In other words, you can send a notification email to those friends of your user who have added your app and have granted you the permission to email. Facebook has this page on communicating via email.