Is there a way, using the new Facebook API, to detect whether a user is logged in or not on facebook, without any relation to the facebook app? This should be all done in client-side javascript on a page on a website.
In more detail:
According to the facebook documentation, getLoginStatus will detect a user is logged in if "the user is logged in and connected to your application." On the other hand, it will report the user is logged out if "the user is either not logged into Facebook, or has not authorized your application."
To me, this implies that getLoginStatus will never work the first time a user uses your application, because the first time any user is using your application, he/she has not granted any permissions to your application.
Moreover, what specific permissions does the user have to grant the app for getLoginStatus to work if the user is logged in? I have checked this list of permissions (on the Facebook API documentation):
http://developers.facebook.com/docs/authentication/permissions/
and have seen no mention of any permission that relates to this sort of detection.
This my first time using the Facebook API and it is very frustrating. I have scoured the internet and it seems like the general consensus is that you simply cannot detect whether a user is logged in or out.
I have found that when a non facebook user accesses the page you can check the persons [age] from the signedRequest (this information does not need permission as far as I've tested) and it will have both a max and min property.
A logged in facebook user will only have a min property as that is their actual age. I believe this information is given in order to deliver content restricted by age limits.
A logged in facebook user who then gives access permissions to connect with your app will have a user id so you can detect that seperately too.
This gives 3 user states by taking information from the signed request:
Anonymous: Has max and min age properties
Facebook User: Has only a min age property
Facebook User (who gave permission): Has a user id
Remember that facebook could revoke this functionality at any time and I've really only tested this a little. Good luck.
Related
This is for a messaging web app. Is there a universal ID assigned to each device
that can be pulled through a web browser, which is brand/operating software agnostic?
I'd like to grab a unique ID related to a user that visits my website and save it to my database as that unique user for that device. Is this possible?
My goal is to assign users based on them accessing through a given device rather than signing up with a username. Theoretically, everyone is a user as soon as they access the site.
It's a messaging app run through the mobile web browser only but I don't want to hassle users through a sign up or login process. The device accessing the site would prompt me to send them data based on their user profile.
signInAnonymously seems appropriate for that.
If there is already an anonymous user signed in, that user will be
returned; otherwise, a new anonymous user identity will be created and
returned. https://firebase.google.com/docs/reference/js/firebase.auth.Auth#signinanonymously
Due to the unauthenticated nature of this kind of user, they are not
transferrable across devices.
https://developers.google.com/android/reference/com/google/firebase/auth/FirebaseAuth#public-taskauthresult-signinanonymously
A user's UID never changes. So after you sign in a user anonymously,
the UID will remain the same until you call signInAnonymously again or
until you call signout. https://stackoverflow.com/a/47856853/11136299
I am building a login system that depends on Facebook login plugin (https://developers.facebook.com/docs/facebook-login/web). Everything is going well with this easy to use plugin. The bad news is that: today, I noted that the Facebook changes its user IDs, and these changes can deceive your login system.
Explaining the process and the problem:
1- The user goes to your website and click Facebook login button to access to your website.
2- The plugin grabs the user's information from Facebook API, including the user Facebook ID.
3- Your script uses the grabbed info to check your database, looking for the Facebook ID in the users table.
4- If the Facebook ID exists, the system allows the user to login. If it does not exist, the system creates a new account for the user and login him/her to your website.
So, the same Facebook user might be registered more than one time as long as the Facebook changes the user's ID.
As I noted today: Sometimes, the Facebook gives its user an ID with 9 digits, and other times give the user an ID with 19 digits. If you used any of those IDs; it would redirect you to the same user's profile. For example: if the user's IDs are 999999999 and 1010101010101010101
https://facebook.com/999999999 and https://facebook.com/1010101010101010101 both URLs will lead you to same profile.
P.S. The script checks with the user's email, however the user has the choice not to supply his/her email address to your website.
I use API v2.. I didn't use the old version (v1.). So, I think this is not the issue of chronicle or app scoped IDs.
If you have any ideas that help in getting a fixed Facebook user ID, please let me know.
Thank you in advance
I am developing an app that matches users in Kik based on interests. Kik users can chat with a bot that I wrote, and then the bot links them to a page in the web app based on their interests.
Kik provides us with this javascript (which I have documented here in coffeescript) to check if a user has authorized the app to access their user data, via the Kik api:
if kik.enabled
kik.getUser (user) ->
if user
This works, but it necessarily combines both features into one. That is, checking if a user is authorized and prompting a user to authorize both trigger when kik.getUser runs.
This is problematic because my web app should have different features depending on whether or not the user has authorized, one of which is providing the user with a 'check-in' button that prompts them to authorize if they have not.
Does Kik provide separate methods of checking whether or not a user has authorized?
Furthermore is there any way of identifying the actual authorization event with JS (i.e. the user actually pressing the 'yes' button, which closes the window that asks for authorization)?
Can an already authorized user be 'unauthorized', and if so, is there a way to recognize when this happens?
A potential work around is to store an "authorized" boolean in my database of users (or, rather, only generate a user in the database if they have authorized), and only run kik.getUser for users that have flagged as authorized. This could, however, not work if a user can become 'unauthorized'.
The API you're looking for is kik.hasPermission()
http://dev.kik.com/docs/#identity-user
I'm using the Javascript SDK.
I have a logged in user, and want to get back a list of page ids of all the pages that the user is likes.
Is there a way of doing this? The docs are pretty bad - and circular.
https://developers.facebook.com/docs/graph-api/reference/user/likes/
Do note that Facebook is very restrictive on the user_likes permission that is required to access this endpoint. Facebook policies forbid "like gating" - requiring a user to like a page to access content or otherwise be rewarded.
I'm in need of more of an explanation than an answer, per se - I'm building a page tab, which will pull certain images from a particular album belonging to the page. This does not require an access token, so there is no need to ask for permissions from visitors.
I can add like/share options which also work fine without an access token or authorisation.
How do I get basic user info (id, name etc) without requesting authorisation? It's a page tab, on Facebook, so therefore the visitor must be logged in already.
Just seems counter intuitive if I have to request permissions to perform what is essentially pretty standard actions.
I'm using the javascript SDK.
It's a page tab, on Facebook, so therefore the visitor must be logged in already.
The user may be logged in to Facebook – but he is not necessarily connected to your app (yet). And you need him to be, to get his user id.
Make a call to FB.login without asking for any permissions in the scope parameter – that’ll prompt the user to connect to your app, giving it only “basic” permissions to read his personal data. That’ll give you his user id in the response.authResponse (and also will lead to his user id being included in the signed_request next time he visits your page tab).
After that, you can get his basic user info be calling /me via the Graph API.