I created a second FB account for the purpose of testing logins, friend relationship functionality, etc. Unfortunately, Facebook is telling me that the other account has not been authorized (even though I did - I'm just going to give it a day or so), however, that's not really the issue.
When trying to log into my app with my original FB profile, which definitely does have access rights, it appears that the app thinks I'm the other user and I'm getting the following message:
"App Not Setup: This app is still in development mode, and you don't have access to it. Switch to a registered test user or ask an app admin for permissions."
I'm getting this despite the fact that I've logged back into my primary FB account on facebook.com. Is there a way for me to break all previous associations or refresh the user? It might even be preferable to prompt the app user to put in his or her FB email and password at each login. Is there a way to do that?
Also, when I log in from my phone, I don't get the error message. It's as if the fact that I logged into the secondary account from my computer is blocking the normal login routine.
This is the Javascript that executes when I click the Facebook login button.
function checkLoginState() {
FB.login(function(response) {
FB.getLoginStatus(function(response) {
statusChangeCallback(response);
}, true);
})
}
Any ideas?
Related
When the user authenticateswith the "sign in" with google button with javascript the user is redirected into my webapp basedon the successful return. I pass the id-token to the backend and use $client->verifyIdToken($id_token); to fetch and can get the userid ('sub'). Great!
When the user wants to logout, I need to kill the session on the backend so I have a page /logout that logs the user out and then redirects to the top page. However, the top page javascript login box still indicates that the user is signed in and triggers a sign in and gets redirected back into the webapp which is bad. If the user has logged out, I want them to have to click the Google "Sign in" button again and have it run automatically.
I've looked through all the documentation I can find for the PHP backend and I can't seem to find any way to log the user out of my app. I've even tried calling $client->revokeToken(); on the backend on the logout page but it has no effect.
Is there anyway to logout the Google user from my app on the backend or am I forced to detect if the user is logged in, call this javascript first and then proceed to my logout page?
<script>
function signOut() {
var auth2 = gapi.auth2.getAuthInstance();
auth2.signOut().then(function () {
console.log('User signed out.');
});
}
</script>
It would seem to me that there should be a logout from google (or revoke the current session in webapp (token?) ) from the backend but I can't find it for the life of me.
Google does not allow for third party logout. That being said your application can not log a user out of Google. If they allowed that then your app could also log me out of Stack overflow and every other third party website that i have logged in using my Google account.
What you need to do is remove the login to your own site by removing the cookie that was probably set somewhere.
I am having issues figuring out how to implement the functionality for my current tasks. I will try to explain the situation simply:
The app is an Angular 2 webapp that uses Firebase for authentication. when the app loads up, the user is automatically authenticated anonymously (since we have database and file storage rules that are set to "auth != null".
Then later in the app there is a feature that the user can only use when authenticated through an auth provider (Google). If I try to just sign in with Google it saying that the user is already signed in.
So we can sign out, and then try to authenticate with Google. But then what if the user closes the auth popup box or denies giving the app permissions? Then the user is not authenticated at all!
And if we re-authenticate anonymously if the Google sign-in fails then we have a completely different username (created from the uid) which is very weird UX for the user.
Perhaps I am not thinking about it correctly, but I just don't see any good solution for what I'm trying to do. Hopefully, someone else can find a better solution. Thanks!
I have read Facebook documentation and it says that FB.logout is used to log the user out of both web application and Facebook. I have made a website on which I use FB.logout() but I want only the session of the user to be revoked not log the user out of the Faceboook.
I have seen this thing been done on many other websites looking at their code I find they are also using code like
function fb_logout(){
FB.logout(function(response) {
console.log('loggedout');
});
}
I also tried using this function but I still log my users out of Facebook too.
Is there a way to accomplish this task?
You can just delete all the data you have on user and show them login button again (mimicking logout from your app) without calling "FB.logout" function(it logs user out of facebook too). This will behave as per your needs, once user clicks on the login button again, you will again get the data without him needing to login to facebook again.
I am building a very small webpage to use in a kiosk stand. The goal is to let people "Like" a facebook page on location with a touchscreen.
Users have to login first to like a page, so Facebook will come up with their regular Login popup, which works like a charm. When the user logged in, the page is liked (since they clicked the "Like"-button) and the user should be logged out again (since no-one wants to be logged in on a public computer). The page should reload after that.
Now this is possible with the Javascript API from Facebook. They have an event listener that calls a function when a user likes a page. I just have to call FB.logout() when that event triggers :) .
Unfortunatly, it isn't working for me. I could be very dumb, or the Facebook API is bugged.
My code:
window.fbAsyncInit = function() {
FB.Event.subscribe('edge.create', function(response) {
FB.logout(function(response) {
window.location.reload();
});
});
}
But this doesn't work, and I think the problem lies in the Login part from Facebook.
Does anyone has any experience with this? It should be very simple, but I can't get it to work...
Some things I have tried:
Prompt a normal login - Possible, but it says that my app needs access to some information. Really the only thing I want to do is get users to like a page.
setTimeout loop - Tried this, but the Facebook Login seems to stop Javascript as a whole on my page?
EDIT: I know that it is a bad idea for people to insert their credentials into a public computer, but the customer wants it this way. There is also a QR-code which links to the Facebook page, but that doesn't solve my problem :) .
TL;DR: Facebook Javascript callback from the "Like"-button works when a user is Logged in, but fails when a user has to log-in via the Facebook pop-up.
Unfortunatly, it isn't working for me. I could be very dumb, or the Facebook API is bugged.
Nope. The problem lies in your approach, resp. the concept.
FB.logout only works with an active access token (since otherwise, any site I visit on the net could log me out of Facebook, and that would be hugely annoying).
But since the user does not connect to your app, you don’t have an access token.
Prompt a normal login - Possible, but it says that my app needs access to some information.
That is the only way you will get an access token, and since the only way you can use FB.logout.
(And if the user logs in to Facebook, but then denies connecting to your app, again you will not have an access token, so you can’t log them out in that case either.)
I have a public-facing web app that will be in a kiosk-like environment. The app requires users to log in with Facebook in order to interact with the app. I am not requiring users to register or to sign up for the site, but rather just log in so the app will have access to their basic info.
This works perfectly, but the issue is when a user logs out and the app is ready for the next user to log in, the previous user's email address is in the OAUTH form.
Is there any way to keep this from being persistant?
EDIT:
To log in, users are being redirected to the Facebook OAuth Dialog page. Once the user logs in it redirects back to the app. It's not really "authenticating" for the app, I am just using Javascript to show the app content once the Facebook JS API detects that a user is logged-in.
Edit
some reason I cannot log in with my account "kevinj". Anyway, I should have been more specific in regard to the setting of this app. It is an iPad web app and the tablet device will be handed out to users for interaction and gathering data.
I have "fixed" this issue by forcing FB to use the desktop browser based OAUTH dialog instead of the Touch version. This allows the user to un-check the "keep me logged in" option and clear out their info after log out.
Thanks for the suggestions and input. I wish I could close this question out but can't log in to my account.
Sine you are on a Kiosk-like environment, I suppose you have access to the browser's options?
If that's the case then I think turning of form history will do the trick. (Firefox example)
Have you tried adding "autocomplete="off"" to the HTML field?