I am trying to get users' permission for 'offline_access' in an iFrame Facebook application coded with the Facebook Java API. I understand that I need to obtain an 'indefinite session key' after the users approves my application. Currently, I can accomplish what I want, but in a very awkward way that is probably not correct. There must be a better way to do this. Any thoughts/ideas would be appreciated!!
What I've done
In a servlet of my app, I check to see if the user currently has 'offline_access' permission. If they do, I get the url by Permission.authorizeUrl(Permission.OFFLINE_ACCESS). I then call response.redirect to get to the permissions page. Two problems I'm having are:
The redirected permissions page is displayed within the iFrame. Hence, the Facebook book home menu bar etc. are displayed twice. i.e. looking like an app is embedded in another app.
The user will be 'stuck' on the permission page once redirected there. I won't be able to obtain the 'indefinite session key' (by calling client.getCacheSessionKey) unless the user goes back to a page in my app manually.
Possible Work-arounds??
Is there a way to open/redirect to the permissions page in a new window? That way maybe I can have a thread in my servlet to keep checking whether the permission is set after the redirection. And then I can get the 'indefinite session key' once I have it and store it somewhere?
Is there a way to set an URL for Facebook to go to after permission is set? (much like the pre-auth and post-auth URL settings?) Or somehow take control after the permission page is hit?
Any other ways to setup my app maybe?? Being a newbie, I might've totally gotten the idea wrong...
Have you tried using the fb:promot-permission tag in XFBML? That would seem the simplest way of getting the permission granted, and XFBML is fairly easy to set up.
Related
I am programming a little web application right now. At some point I need to thing about the user registration. My first thought was do it with a Facebook Authentication. Why? I think it's easier to get user like that, because most of them have already an account on Facebook and don't want to get over the usual registration form(EMail Confirmation, ..).
Now I am asking myself, what happens when I decide to cut of the connection between Facebook and my WebApp? I mean maybe at some point I do not want to be dependent on facebook. Can I easily remove the Facebook Authentication and keep the already registered User? I think the biggest issue would be to set a new password instead using the Facebook ones for the User.
In work I got a task (we MUST work with ASP Classic by the way): when user posts a blog, a link to that blog should be posted automatically on user's facebook timeline and in his twitter. I made everything working, but there is one problem: user needs to be signed in to post. I've made the cheking if he's logged in, and if not he must log in.
But I need to avoid the logging-in step and make it automatic (by sending user's username and password as part of the data sent to twitter/facebook or something like that), but I can't figure out how to do that or if it's even possible at all.
Any ideas? Would greatly appreciate any help.
P.S.: for the twitter part I used http://scottdesapio.com/VBScriptOAuth/
for the facebook part I used a combination of: http://snipplr.com/view/61108/facebook-app-login--authorization-entirely-clientside/
Everything works, but is it possible to automatize the user's sign-in part?
Finally I managed to make the both things automated...
The problem with Twitter was that I didn't store request token in session, that's why I got "Could not authenticate you" error.
Can't remember what I did wrong with Facebook (some co-workers helped me out), but I guess I didn't make proper http requests...
So the answer is: yes, it is possible to automatically post to Twitter and Facebook without user sign in.
If I am not wrong then your logged in user in facebook for current browser is not authorize for your app.
I think you should try googling about "How to authorize users into app". OR
If you don't mind I am giving you the direct URL to go to that setting page for your app:
https://developers.facebook.com/apps and then go to your app then after from left side bar go to roles and then after click on test user tab from top of page and then click on add button it will opne one pop-up to add a user.
In app you have to add test user for testing purpose and have to login for that added test user, so added user will be authorize for that app and you will be able to test.
Thank you...
First let me introduce the problem. I have site where I want to allow users to login using their Facebook account. Also I want to have possibility to post on users wall and access his email. I created Facebook app and every time not logged user comes to login page he clicks on Facebook button and gets to auth dialog of application where he must allow getting his email and on next screen allow posting on wall. To this dialog user gets with link which contains scope=email, publish_stream.
First question: When user clicks do not allow to post on wall, next time he uses this link he must again do that. Shouldn't Facebook remember this? I thought that I should not give the scope in link and use application setting where on permissions page a choose extended permissions. But these permissions are never asked for. Even when I enable referrals.
Second question: Is using FB application for this right? Should I not use fblogin?
Thank you.
When user clicks do not allow to post on wall, next time he uses this link he must again do that. Shouldnt facebook remember this?
No – because then there would be no way to ask a user for an extended permission once they’ve declined it.
Of course it might be annoying to the user to see that dialog asking for posting permission every time again when he just wants to login to your page.
That’s why Facebook themselves advise you to only ask for permissions you actually need for the current task. To provide the ability to log in to your site, you only need basic data and maybe email – so only ask for that, when the user is just logging in.
And then, when you come to the point where the user actively wants to share content through your app – then check if you got the necessary permission already, and ask them for it if it’s not present (by calling the auth dialog again, this time with the extended permission set in the scope parameter).
That way, it’s clear to the user why he gets asked for that permission at this point, and he doesn’t get hassled about it time and time again if he just only tries to log in.
I thought that I should not give the scope in link and use application setting where on permissions page a choose extended permissions. But these permissions are never asked for. Even when I enable refferals.
For these settings to have any effect, the connect to your app must happen in a way that actually triggers Authenticated Referrals. Doing the login by yourself in your app logic does not trigger this way of authentication.
When users invite friends to my application the friend gets a notification in the Facebook.
When they click this link they see a dialogue box asking them to approve my application.
How can I limit the information my app requests to almost nothing so I don't scare away potential visitors.
I don't want their email or friends list or to access their data at any time. I just want them to visit the site.
Ok Thanks to Changing the scope I have the dialogue down to this. Is there any way to get even less. I don't have any code that requires permissions. My call back just extracts the request id's.
Just don't require authentication on your landing page. Make it so that your landing page and primary canvas page do not require authentication and potential users can browse and check information about your app and look if it is what they are looking for.
Then once they make any significant action on your app when their user information is essential to proceed you can open an authentication dialog box. You can detect whether users already authenticated or not with the help of javascript API FB.getLoginStatus method:
https://developers.facebook.com/docs/reference/javascript/FB.getLoginStatus/
hope this helps
You are requesting extended permissions in the url you are directing them to for the allow. Remove anything from the querystring parameter "scope", currently you should see that
&scope=offline_access,email
or similar. Simply change that to
&scope=
Check the page on extended permissions for more info:
http://developers.facebook.com/docs/reference/api/permissions/
Your invitation is linked to application that needs extended permissions, you have two choice first one is change the link that don't needs extended permissions. Second one is if you don't use the data getting from permissions, remove the permissions from oauth dialog.
The second screenshot above it the minimum amount of permissions you can request.
It is not possible to request anything less than basic permissions. You have to have this in order for the user to be connected with your app, and so you can get their user id.
I'm getting into the grimy guts of a problem that has turned out to be rather cumbersome so I turn to you, the experts, for help.
what I've done so far: I am building an iphone app with phonegap. I am using the provided fbconnect (in phonegap github) code which gives some rather convenient javascript based example code to build things like a comment and check in request. I have comments and checkins fully working how I want, and I have an auth_token that I am successfully toting around.
enter the like button: I understand that you cannot make like requests via xmlhttprequest in the same way that you can with comments for example, so I am stuck using an iframe (unless there is a better alternative).
what I need help with: right now, since the iframe is triggering its own login, I have the situation where the user might log in to like, and then have to log in again to comment which is not a viable. Is there a way to pass a valid auth token to the iframe so the user wont be prompted to log in again or some other sneaky way to authorize through the childbrowser solution that I have currently implemented and then share the auth token to the rest of the app?
notes: I havent passed an app ID to my auth implementation but I noticed that the iframe does pass an app ID. would including an app ID in my auth request somehow link the logins so facebook could recognize that the user is already logged in through the app?
I can't think of any specific code to include since this is more of a general question but if there is anything you'd like to have a look at please let me know.
The short answer is no, mainly for security and spam prevention. The only way to have the user like your page is rendering the iframe code in a webview. This requires a traditional email/password login with Facebook. Using the graph api is the only way to use things like commenting and checkins, and this requires a user to login via a separate mechanism and then subsequently approve your app. There is no back door logging in mechanism.