On an iOS application, I plan to host Facebook Comments using Facebook Connect within an UIWebView, have already done some tests and read articles where I think that it shall work fine.
My question regards authentication: I wanted to use Facebook iOS sdk to have and store the proper tokens within Objective C, so that the user doesn't have to do it every time. I know how to inject any data in the UIWebView if needed, but my question is WHAT do I need to inject so that the facebook scripts already see the user as authenticated every time ?
Thanks
See https://developers.facebook.com/docs/authentication/. You will get an access token when you authenticate the user which you can then use throughout your application to request information on the users behalf.
Download the latest Facebook iOS SDK.
Create the Facebook object:
Facebook *myFacebook;
[self myMethodToDoSomeAuthenticatedStuffsWithAccessToken:myFacebook.accessToken];
Also, you can see the sample "Hackbook" project to see how the access token is setup for the Facebook object within the application and how it is auto refreshed.
This keeps the user authenticated on the iOS Device and you can use this access token a NSString* type to do your stuffs.
Related
I'm writing an app using Phonegap.
I'd like to give some perks to the user for posting about the app on their wall (or something of the sort) if they wish to do so.
There's a neat Cordova plugin which covers Facebook's functionality pretty thoroughly and more importantly it appears that it does so as natively as it can manage.
If a plugin like that is not available however, what is a high-level overview for having a user:
authorize with FB
post something canned on FB
ascertain that they have in fact posted what was given to them
I believe there's a way to do these things using Facebook's JavaScript SDK, but I've never seen an app ask me for my username and password (that wasn't the actual Facebook app) and I don't imagine Facebook would be happy with that, so what's the best way to go about that?
Additionally, if I want for a user to log in using Facebook in my app, (think Tinder) what is the data that I should be saving? Facebook login token and device ID? What are the best practices when it comes to using facebook and phone data to identify and store user account information server-side?
Facebook Login for Android -
The Facebook SDK for Android provides methods to implement Facebook Login for your app. The SDK provides Facebook Login support for the these common scenarios:
Your app uses only Facebook Login to authorize people using your app.
Your app provides two login options: Facebook Login and your own
login mechanism.
Your app uses your own login initially and Facebook Login is an
option to switch on certain social features.
For more - login-with-facebook.
Manually Build a Login Flow -
The easiest and quickest way to implement Facebook Login is with our official SDKs for JavaScript, iOS, and Android and we recommend you follow our separate guides for these platforms.
However, if you need to implement browser-based login for an app without using our SDKs, such as in a webview for a native desktop app (for example Windows 8), or a login flow using entirely server-side code, you can build a Login flow for yourself by using browser redirects.
This guide will take you through each step of the login flow and show you how to implement each one without using our SDKs:
Checking login status
Logging people in
Confirming identity
Storing access tokens and login status
Logging people out
Make direct HTTP requests to Graph API endpoints to retrieve
and post data.
For more check - manually-build-a-login-flow.
Pros:
No plugin dependency and no uncertainties when new versions of
Cordova or the Facebook SDK are released.
Works for all platforms, including platforms for which a version of
the plugin doesn’t exist.
Works for both browser-based apps and Cordova apps.
Cons:
Not full-fledged, less out-of-the box features.
Integration not as tight. For example, no native dialogs, etc.
The logic is integrated together and is available on github as OpenFB.
Sample Example -
Login using Facebook:
openFB.login(scope, successHandler, errorHandler);
Get the user’s list of friends:
openFB.api({path: '/me/friends', success: successHandler, error: errorHandler});
Post on the user’s feed:
openFB.api(
{
method: 'POST',
path: '/me/feed',
params: {
message: 'Testing the Facebook Graph API'
},
success: successHandler,
error: errorHandler
});
Either you have to use Facebook connect plugin to post something from cordova app, or the other way that I use to post something about my app review is using the URL way. Facebook has feed dialog / share url system to post in facebook. Simply calling it with native browser and correct parameters does the job, facebook takes care about the authorization and posting , I don't need to handle that.
https://www.facebook.com/dialog/share?
app_id=145634995501895
&display=popup
&href=https%3A%2F%2Fdevelopers.facebook.com%2Fdocs%2F
&redirect_uri=https://developers.facebook.com/tools/explorer
Found here Don't know will it work in inAppBrowser or not, I just call the native browser.
And AFAIK to post from within the app, it has to be the plugin.
OpenFB is even better than the Apache Cordova Plugin. The plugin isn't well maintained. Sometimes it takes months to update to the latest version of Facebook OpenGraph. OpenFB is constantly updated.
You would just use the JavaScript SDK to do this. See https://developers.facebook.com/docs/facebook-login/login-flow-for-web/v2.0
You have an option to use standard components or make your own buttons. You can also let users auto-authenticate after granting permissions initially or always press the button etc. The FB docs are easy to follow though.
I am writing a JavaScript-based browser extension (using CrossRider.com).
How can I use JavaScript to logout from Facebook Chat. I want to force the user to go "offline" automatically via code.
I would suggest that the correct way to end a user's FB session is to create an FB app and use the FB.logout SDK method. If this is not possible, then you can try deleting the FB session cookie which should terminate the login.
Javascript SDK provides FB.login function to easily login other users. I just wonder whether there exists a way through PHP SDK that realize the same function --- that is click the login button and then allow the user to login and also allow the app to use the user's info?
The reason I ask the question is that someone told me that it's possible to be hacked if implemented by javascript and it's somewhat securer by the use of server-side PHP. Can anybody tell me the exact idea of this?
You can defiantly use the PHP SDK to log users into your application.
There exists within the SDK a method called getLoginUrl() which receives parameters such as what permissions you want to request from your users. Once you have received the url, you can use the php header function to redirect the user to the login screen or use an anchor tag and let the user login by clicking on it.
Using an instance of the Facebook Object in PHP SDK and getUser method is what you need to be sure of the authenticity of your users.
I suggest you to implement JSDK and PHP SDK to get the best login & register experience possible and also take full advantage of the features of both SDKs.
I usually use Javascript SDK to detect session status and login users, and PHP SDK to integrate the Facebook experience with my CMS (Drupal).
In the signed request travels information as your Facebook user ID and other stuff. Remember that the signed request is encrypted in base64 with you secret key, so it's not an easy thing to manipulate.
Tip: You can use the Facebook register plugin to provide an alternative & fast registration using Facebook data. See https://developers.facebook.com/docs/plugins/registration/
I remember all the stuff from the signed request for canvas apps: http://developers.facebook.com/docs/authentication/signed_request/
Now I'm using the JS SDK (FB.login() method), which already gives you the auth token et al. as well as a signed request. Instead of the info that a canvas app's signed request gets, I get just:
{"algorithm"=>"HMAC-SHA256", "code"=>"2.AQAdX5Zl5gY-Z_D7.3600.1322193600.1-XXXXX|HmarTBK09MSiB0o76cLgaTUd4y4", "issued_at"=>1322188281, "user_id"=>"XXXXXX"}
So what confuses me is: what's the point of the JS SDK's signed_request? I already have all the info I need from just the login reply.
when your app user comes to your https://apps.facebook.com/myapp he comes with signed_request.
Then you serve your user to your landing page. In that landing page fb jsdk loads and writes to cookies to browser.
Then when user comes to your server he comes with these cookies. So writing cookies are not your job but fb jsdk's job.
Then your server reads those cookies and process further actions.
Additional info
While surfing at github, I found
This client library is designed to support the Facebook Graph API and
the official Facebook JavaScript SDK, which is the canonical way to
implement Facebook authentication.
and
If you are using the module within a web application with the
JavaScript SDK, you can also use the module to use Facebook for login,
parsing the cookie set by the JavaScript SDK for logged in users
Taken from here.
There can be extra information provided in signed_request that isn't provided in the login response.
For example, if you need to check if a user is a fan of the page housing the app, this information is provided in signed_request. This can be injected into the page at load time by the server if the user is authenticated at that point, however if you are using an ajax authentication and signed_request were not provided in the login response, you wouldn't be able to check the fan status.
I'm working on a plugin to enable a mailclient to access a users Facebook Inbox. I know I need to request an access token with extended permissions. The thing is: I have no Idea how to do that.
The plugin needs to be written in javascript. I have managed to open a webbrowser to the required URL but I have no idea, how to extract the access token from the webbrowser, in order to use it in the rest of my script.
Is there any way this can be achieved, or do i need to use different technology?
To get an access token you need to first create a Facebook application. To do it, add the developer application to your Facebook profile.
http://developers.facebook.com/
Then the user will need to grant access to your application.
http://developers.facebook.com/docs/authentication/