Using Facebook Dialog in Windows 8 HTML5/JavaScript App - javascript

I am following the dialog documentation to try to display dialog in a Windows 8 Store app (html5/javascript).
https://developers.facebook.com/docs/reference/dialogs/
In a Windows 8 Store app, we have to use iframe to display another web page. Here is an example of what I did:
<iframe src="https://www.facebook.com/dialog/feed?app_id=145634995501895&redirect_uri=http://www.facebook.com&show_error=true&display=iframe&access_token={access_token}"></iframe>
Since it is an iframe, I specify display=iframe and access_token={access_token}.
If you want to try it, please remember to change access_token.
I get the following errors:
API Error Code: 110
API Error Description: Invalid user id
Error Message: Missing user cookie (to validate session user)
I guess this may be caused by the fact that user has not login yet. In the documentation (https://developers.facebook.com/docs/reference/dialogs/), it said "If the user is not already logged in, Facebook will prompt them to login before showing the the Dialog you invoked." I am wondering how to prompt the user to login? Did I miss a parameter to prompt user to login? I looked through the parameters, I did not seem to find anything.
Appreciate your help.

I am seeing different behavior from you which I'll document here, even though it may not be "your answer".
I obtained my own access token, and when I use your IFRAME, I do see the attempt to redirect to Facebook.com to login; however, that's followed by a security error in the JavaScript console - including the following:
APPHOST9613: The app couldn’t navigate to
https://www.facebook.com/login.php?api_key=177388709024886&skip_api_login=1...
because of this error: FORBIDFRAMING.
A request to the login.php script generates a response with the X-FRAME-OPTIONS header to DENY. This would indeed prevent the login page from Facebook from appearing in the IFRAME within the app - hence FORBIDFRAMING.
There is some discussion on an MSDN Forum thread as well and it's slightly dated, but am not aware of any changes since then.
I have not tried Facebook logins directly with Window 8 applications using Windows Azure Mobile Services, but it may be something to try. Azure Mobile Services is VERY simple to set up, so you'll know very quickly whether or not there is still an issue within a HTML5/JS Windows Store app.

Related

Single Sign On Html Page with Restful Service

Let me explain what's my plan.
Actually I write a website in HTML5 with Javascript.
This website do an ajax call to a c# RESTful service.
Both, the website and the service, are located on a windows server 2012 at the iis 8.
The website is located in an virtual directory of the default web site.
The service is added as an application to the server.
The server is running inside our intranet including AD.
I access the website by the url: http://example/Auth.
My goal is that the user didn't have to login manually, because it's already done at windows login.
This should be done by using windows authentication i guess, but when i activate it, i'm prompted to enter my credentials.
After entering them everything works fine. If they were correct i can use the website, otherwise i get 401 as expected.
First question: what do i have to do, to be logged in automatically if i'm a valid user of the AD?
Wheter logged in automatically or manually i'm not able to get the username of the logged in user and pass it to the service.
Second question: how to get the username and pass it to the server?
In my case it was finally quite simple to solve my problem.
All i had to do, was to add the domain to the url and get a full qualified url like: example.mydomain.com/Auth.
If i try toaccess this site now, there is no prompt shown and even the credentials get passed to auth following services etc.

How to link from a webpage to Facebook STATUS in iOS native Facebook app via fb://

I've seen a fair amount of stuff about retrieving a Facebook user profile or page via fb:// from within a webpage to direct iOS to open the profile or page in the native Facebook app rather than in the browser on iOS devices. However, I see nothing about how to do so for Facebook status updates.
The behavior I am looking for is to provide a link to a Facebook status on a webpage (HTML5) and when the user clicks on it, to have the user be switched over to Facebook's native app and have the status show up in the app. My question is specific to status updates (sometimes called posts), and not pages or user profiles.
If it helps at all, the link is presented in a Sencha application packaged in PhoneGap/Cordova.
Any help would be much appreciated. I haven't seen anything directly on point around the web.
Isn't a status is just a type of post?
if so, you can find the postid of it and then use "fb://post/(postId)"
The solution is that you need to add userid and an "_" before the actual post id for it to work. most of the data you get back via graph or whatever sdk has the post id as just the single id without the users id and an underscore in front of it.
so it would look like:
fb://post/453453454_34857894375345
first set of numbers being the userid(not an actual one) and the second being the post id(also just random numbers i typed).
haven't tested going from web to native, but just tested it in a native app we made that successfully opens the facebook app to that specific post.

Redirect URL using phonegap

I'm building a phonegap app in which I need to link to facebook, instagram and twitter. I need to allow users to login to each of these with their credentials and return an access token which I will be saving on the device using local storage. I can login the users perfectly fine when working on an actual site (which is a test site I have setup). The way it works is I have to redirect the user to a login page for each brand where they can login. This I can do fine from a phonegap app, but the issue is that each of them require a redirect url which I must supply for them to basically send the access token to once the user logs in. On the internet this works perfect, but I need to redirect url to somehow point back to the mobile device it originated from. I can do this using a proxy but I don't want to employ the use of a server as this comes with way to much overhead. So all that to actually ask my question:
How the heck do I redirect the user back to the mobile app after they have successfully logged in? I'm hoping this is something very simple that I'm missing, but I'm just not seeing it. :/
This is oAuth authentication which logs the user in and then tells the user's browser to go to the second URL. Typically, if you write an iOS app, you can always open it by doing something like this: ://. it should also be able to ready parameters passed this way.
For example: open safari on your iPhone and put "Skype://" as the address and it should open your skype app if you have it installed.
Try setting the return URL similar to what I mention above and see if that works.

Facebook Javascript SDK Security. How do Facebook verify that the JS SDK is loaded in the right domain that specified in the app settings

There are few questions with same name but none of them intended to ask what I have in my mind. So we initialize FB js sdk with only app id. It's easy to know other web site's app id by looking at their facebook initialization source code. One might think that it's possible that a hacker might try to initialize FB JS SDK with other's app id and try to get their user access tokens. But facebook doesn't allow such stuff. You have to load js sdk from the same domain you specified in the site url property in Facebook Developer Apps page. So the question is how do they know that the jsonp whatever calls coming from the right client? It's not safe to that checking in client side since people can copy and modifty the javascript as they wish. So it has to be server side checking. I can only think of "referer checking" but I feel it cannot be considered a safe way.
Well, I'm not sure so this is only speculation..
First of all, when making an http request the HTTP referer header is added, and so when you load the sdk the url from which you're making the request is added as a referer.
Facebook can check on their servers where the request was originated from and compare that to what they have for the app settings.
It's possible of course to modify this header when making the request, which is why you don't get any error just by loading the sdk for an app if you're in the wrong domain.
The error will only occur when you try to interact with the sdk, for example trying to execute the FB.login method will open the auth dialog pop-up which will show the following error message:
An error occurred. Please try again later.
If you check the url of this auth dialog (which the sdk constructs) you'll notice these two query string parameters:
domain=THE_DOMAIN_OF_THE_PAGE
redirect_uri=FACEBOOK_URL which will contain origin, domain and relation=opener
What (probably) happens is that facebook checks the domain against the app settings, if it's ok it presents the user with the auth dialog, when he finished the process he is redirected to the redirect_uri.
Since the redirect_uri opens in the pop-up it can only communicate with it's opener if they are both in the same domain, a facebook domain which no one can have on his page other than pages served from facebook.
When the sdk loads it adds an iframe into the fb-root container which loads a facebook js which is loaded from the same domain as the redirect_uri, because of that the pop-up window can communicate back with the iframe and inform it with the auth response.
After the iframe got the response, the pop-up closes and the iframe informs the loaded sdk in the main page of the response.
I'm not sure which technique they use for that communication, but you can easy find more info about that by googling "cross domain iframe communication".
That's how I see it, but I can't be sure.
You can check the code for the js sdk # github if you want to really know what's going on.

Refused to display document because display forbidden by X-Frame-Options

I'm building a Facebook app and I have noticed that when attempting to get the login status of the user using their Javascript API, I sometimes get the error:
"Refused to display document because display forbidden by X-Frame-Options."
I've been able to reproduce this every time I hit the "check login status" page of the app only while using Facebook as a page, rather than my user account. This is easy enough to avoid now that I know this causes the problem, but obviously my users may not know this.
Is there a way to determine whether or not the user is using Facebook as a Page or not? Since that seems to pretty much ruin my entire app.
I had this problem too, fixed it with:
The app was redirecting the user to a login screen from Facebook (auth dialog box), while the user was already logged in.
So I changed the code to redirect either to the success page if logged in, or to the dialog box if not logged in.
This is a problem when facebook redirects to your app from a web browser and then you redirect to the facebook authorization sign in. You have to make sure that the form replaces the page and does not load into the facebook canvas as it does not like it.
So you have to do a clean redirect like so -this is node example
res.send("<script> top.location.href='"+ "https://www.facebook.com/dialog/oauth?
client_id=*********&redirect_uri=http://apps.facebook.com/myapp" + "'</script>");
Look at this facebook dev page and its in step 3
https://developers.facebook.com/docs/howtos/login/server-side-login/
Does not seem to be a problem with mobile apps just desktop
Does this javascript work?
document.write(isFacebookPage()?"YES, I'm in a Facebook Page!":"No, not a Facebook Page");
function isFacebookPage(){
return (document.location.href.indexOf('/pages/')>0);
}

Categories