I am developing an application, which gives the user an option to share feeds using facebook connect. I am stuck at the start itself. I dowloaded the FBConnect sdk and implemented the code as explained in the documentation. Now when the fconnect button is touched in the application, instead of connect page opening, to grant the application permission, the facebook login page opens. Signing on to this page directs the user to facebook home. The facebook window never closes and the application doesn't get permission.
Please help me on this.
This behavior is caused by [FBSession session] not being a valid session.
I had this problem and it turned out to be because the session object had been deallocated. When you set the global session by calling [FBSession setSession:session] or if you initialize any FBSession object, FBSession doesn't retain it as it should, so make sure you retain the session object even if you don't actually use it or even keep a reference to it. If the session is there, make sure your api key and secret are correct.
Related
I have an application which asks for a registration through facebook but before a user can proceed to the registration, the system should first determine if there is an active session. If a user is logged in to facebook, it should then automatically logout for a fresh start.
But here is where I'm stuck. The SDKs only let the user log out from facebook if he is connected to your app. It uses the app's access token. But what if he is still not registered to your app? Their log out means to log out from your app, and not really from facebook.
My requirement :
1. How can i log out from facebook.
2. How can i clear the browser cookies?
Not on a specific app but the whole facebook session.
[from comments] But to use the getLogoutUrl() function, the user has to be connected to your app. What I need is to logout from the whole facebook and not just from the app
If the user is connected to your app, then the URL provided by the getLogoutUrl method does that – log the user out of your app (web-app) and out of facebook.com.
If the user is not connected to your app however, you don’t have an active user access token – and then logging out of Facebook is not possible. The obvious reason being that if it was, every website that I visit could log me out of Facebook in a “drive-by” manner – without me actively wanting that, so people would get annoyed quite quickly.
If a user is logged in to facebook, it should then automatically logout for a fresh start.
If this is a security consideration, then you are in fact looking for re-authentication, which can be done using the auth_type parameter, quote from docs:
In apps where security is very important, you may want to double-check someone's identity - perhaps before they make a purchase within the app, or use it to access some sensitive personal data.
To prevent situations where a user could leave a device logged in or man-in-the-middle hijacking of the user session, re-authentication forces a person to re-enter their Facebook password before they can continue to use your app.
Be aware to use the server-side Auth flow though – because in the client-side flow, using the JS SDK, there is a bug that allows the user to bypass re-entering his password by simply closing the popup, which is still open: https://developers.facebook.com/bugs/248632218597467 (Has been assigned Priority: High, but received still nothing more than a “we will follow up” response yet.)
Use the logout.php url.
https://developers.facebook.com/docs/reference/php/facebook-getLogoutUrl/
Basically,
http://facebook.com/logout.php?next=YOUR_NEXT_URL_FOR_LOGOUT&access_token=USER_TOKEN
1) logging out from facebook by using
facebook=>getLogoutUrl();
2) clearing the session by using :
$facebook->destroySession();
example:
Log Out
logout.php page codes as follow:
<?php
require 'facebook.php';
$facebook->destroySession();
header( "location:index.php" );
?>
I have a desktop application that uses facebook authentication in offline mode. There is no session key as the app returns me an access token.
It stores the access token and allows the user to post to facebook at other desktop app locations around an event.
The problem I'm having is that after a user goes through the oauth, I can't clear the session data for the next user.
I've tried deleting all the cookies, but that causes a facebook script error when the next user tries to authenticate...
I'm simply looking for a way to remove the session cache from the machine and not cause javascript errors...
This is the closest I've found to anyone figuring this out. It doesn't work for me, though:
http://forum.developers.facebook.net/viewtopic.php?id=84232
My problem is that I can't log the user out if they haven't authorized my app and returned an access token yet.
I recently integrated Facebook support into an iPhone application that I work on. I'm able to log the user in and make API calls fine, but I recently noticed some strange behavior.
After the user logs in I store the access token and the expiration date in NSUserDefaults. Before executing Facebook API calls I use [session isSessionValid] to make sure the session is valid.
The problem occurs if the user logs into Facebook from a desktop and then logs out. [session isSessionValid] still returns YES, but Facebook API calls fail with the error:
"Error validating access token: This may be because the user logged out or may be due to a system error."
Is there anything that I am doing wrong, or is this a Facebook bug?
Even if you store the access token and the expiration date in NSUserDefaults, you need to validate them when the user enters your app each time, even offline_access permission access tokens might be invalidated for example when users change their password.
When your app is started you just need to make a call to graph API "me" and in case you get exception you need simply to re-authorize, then you proceed with regular workflow of API calls.
hope this helps
I'm implementing facebook connect for my iPhone app. The current facebook SDK would keep you logged in unless you log out explicitly, which is fine with me as stay logged in is actually the requirement. However, I don't want the users to go press the log in button if they never logged out. In this case, I won't be able to grab the facebook object, which I'll need in other parts of my app. So I was planning to simulate the log in event anyways, but that led me to another problem: even though permissions are granted to my facebook app before, it will still pop up the authorization dialog to my users saying they have granted permissions to my app. My question is, how do I hide this? Or, is there a way that I can grab the valid facebook object without calling authorize on my facebook object when my app is restarted and the user stayed logged in?
Any suggestion would be appreciated.
You could redirect the user to https://www.facebook.com/login.php?api_key=<YOUR_APP_ID>. (This is the URL that the PHP Facebook SDK returns when you call getLoginUrl()).This will avoid the dialog and still allow users to authorize your app.
I am developing and testing a facebook app for which I have granted the permissions with my facebook account. Then the app is authorized to access my info, etc. nicely. The next time I close the browser, reopen it, login to facebook successfully then access the app, facebook wants me to login to that app again. I can access the current user id, but how can I automatically authorize the app (if the user has already authorized in the past) without needing the user to press that dread 'Login' button again and again upon each session's end?
UPDATE - offline_access has been deprecated. Read this post for more details: https://developers.facebook.com/roadmap/offline-access-removal/
You will need to request a token that has offline_access so that you can use their authentication token over and over again. Then you will need to set a cookie yourself that stores something indicating who the user is. Facebook does not support a "remember me" feature in their authentication so you have to build it yourself. Store the access token in your database and set the cookie to identify the user.
Unless you are building this for a very specific reason like an app that runs on work computers only, I would really encourage you to not implement this feature. The facebook connect authorization is well understood by users and is very easy to use. You are going to get a lot more security if you make your users press the button every time. Just make sure you make this optional. You never know if somebody is on a public computer.