My site allow users to login via Facebook Connect and also allows them to update a status field our site. I want to include a checkbox below the status update field that will allow them to post this update to their Facebook profile as well if they so choose. In order to do this I need the user to grant our application permissions to post to their Facebook profile which is supported by prompting the user for 'publish_stream' permission using the JS function FB.Connect.showPermissionDialog http://developers.facebook.com/docs/?u=facebook.jslib.FB.Connect.showPermissionDialog.
The problem I'm having is figuring out if I need to prompt the user to do this. Basically the user experience I'd like to have is that when the user checks this box for the first time I want them to be prompted to grant this permission. Once that has been granted I won't need to prompt them in the future if they check that box again. I can't seem to figure out what JS to include in the onclick action of that checkbox that will check to see if the user has granted this permission and if not then prompt them, otherwise do nothing. Also after checking the box and granting the permission I want to do nothing (no page reload) but if they reject the request to grant permission I'd like the checkbox to be unchecked. I think I may need to use the FB.ApiClient.users_hasAppPermission JS function http://developers.facebook.com/docs/?u=facebook.jslib.FB.ApiClient.users_hasAppPermission but am still confused on what this would look like. The psuedo code for this would be:
onclick="
if(user_already_granted_permission) { do_nothing; }
else {
prompt_user_to_grant_permission {
wait_for_response_from_permission_dialog {
if(permission_granted) { do_nothing; }
else { uncheck_checkbox; }
}
}
}
"
One other thing worth noting is that I've already verified the user is logged in through Facebook Connect when the page was rendered. I'm hoping someone else using Facebook Connect has already been able to figure this one out. Thanks in advance for your help!
I recently developed an online demo that uses Facebook Connect and gets the friend list of a given user - it's not the same as your case, but I used FB.Facebook.apiClient.requireLogin to get the user logged, like this:
var api_key = 'd04fba62ff27c6c84a6b767d404bcec3';
var channel_path = '/xd_receiver.htm';
/* initialize facebook API */
FB_RequireFeatures(['Api'], function() {
FB.Facebook.init(api_key, channel_path);
var api = FB.Facebook.apiClient;
api.requireLogin(function(exception){
// user is logged in and my application
// has permissions to get friend list
});
});
You can do something like this:
FB.Facebook.apiClient.users_hasAppPermission('publish_stream', function(has_perms) {
if(has_perms) {
// User has granted the publish_stream permission
} else {
// User has not granted the publish_stream permission
}
});
The second param for the users_hasAppPermission function is a callback which returns the result of the check.
Related
I intergrate like button in my website. After login with facebook, now if any one already liked fb page directly from facebook then some fields will be shown to user otherwise fields will be hidden. I already put function for above thing and it works for me but not for others. Don't know why?
Here is a function which contains fb like thing and triggered on button click
function getUserDetail(){
FB.api("me/likes/242500342443159", function(response) {
if ( response.data.length == 1 ) {
$('#myModal').modal('show');
getUserInfo();
document.getElementById("note").style.display="none";
console.log('You like it');
} else {
$('#myModal').modal('show');
getUserInfo();
document.getElementById("form").style.display="none";
console.log("You don't like it");
}
});
}
and i also took user_likes permission on login.
Please correct me if i am doing any mistake in above function.
IMPORTANT: You are not allowed to hide/gate content behind a like or incentivize liking a Page in any way. you must read the platform policy before creating any App: https://developers.facebook.com/policy/
That being said, you would need user_likes for that API call, which needs to get reviewed by Facebook before everyone can use it. Without review, only users with a role in the App are able to authorize that permission. It is called Login Review: https://developers.facebook.com/docs/facebook-login/review
If you got permission for your application, and got premission from the logged in user, but it still doesn't work I would sugest creating error handling and in case of debugging log the response object.
Check for error codes and response format: https://developers.facebook.com/docs/graph-api/reference/user/likes/
New to Meteor, I'm using the alanning:roles package to handle roles.
I've managed to be able to only publish a collection when a user is logged in, when the page is first refreshed.
Meteor.publish('col', function(){
if (Roles.userIsInRole(this.userId, 'admin')) {
console.log('authed');
return Sessions.find({});
} else {
console.log('not auth');
// user unauthorized
this.stop();
return;
}
});
Logging out kills access to the collection (I'm using mongol to see). Logging back in after logging out, or logging in from a logged out state when the page is first loaded, will not give me access.
The webapp I'm trying to build is something like an ticketing system. I'm trying to be secure, so no unnecessary publishing if the user is not authorized.
What I'm trying to do is, get ticket information submitted from users from a collection, and display it on the client screen (as long as the client is authorized first). Maybe a better way to handle this is to force a refresh (how do I do that?) after a user change so unauthorized users are "kicked" out? And render all relevant data from the private collection right after the user is authorized?
I actually managed to get what I want for now with helpers...
In my ./client/Subs.js file:
Meteor.subscribe('col');
Template.NewTicket.helpers({ // match the template name
// move this into method later, not secure because on client??
isAdmin() {
console.log('is admin.');
console.log(Meteor.userId());
Meteor.subscribe('col');
return Roles.userIsInRole(Meteor.userId(), 'admin');
},
});
and then somewhere in my template file ./client/partials/NewTicket.html:
<template name="NewTicket">
{{#if isAdmin}}
{{/if}}
</template>
to trigger the check? I'm 99% sure theres a better way.
I have this logic that I'm trying to implement and I'm failing to do so... Here is the deal. I have implemented the confirmation mail for new users and now with the code that I will paste bellow I'm basically blocking the user from login into the app before he confirms he's email address. Okay fairly clear. But now I want to send him to a dedicated "verifiaction" page where it will only be some kind of text like "You need to verify you email before you can login, click to resend the confirmation link, blablabla". Im also using iron router.
Im doing this for the check:
//(server-side) called whenever a login is attempted
Accounts.validateLoginAttempt(function(attempt){
if (attempt.user && attempt.user.emails && !attempt.user.emails[0].verified ) {
console.log('email not verified');
// Router.go('verification'); - some kind of my "logic" what I want to
}
return true;
});
There is a discussion with the same issue here and in the comments, a user suggests resending the verify email token and alerting the user, instead of redirecting to a page, which would be simpler. The code for that would look like:
Accounts.validateLoginAttempt(function(attempt){
if (attempt.user && attempt.user.emails && !attempt.user.emails[0].verified ) {
Accounts.sendVerificationEmail(user._id);
Alert('Your email has not been verified, we have re-sent the email. Please verify before logging in.');
//you could also use a modal or something fancy if you want.
}
return true;
});
If definitely want to create a page, there is an answer here about ways to do that, but how you do it it depends on whether you want it to be part of the layout or not.
This question is in relation to this question: FB.logout() called without an access token
I had a question i was hoping someone could help with.
I get everything in the link above, but how do you handle when someone uses a public computer and leaves themselves logged in to FB by accident? Then a new user tries to log in to an app, but it is not them. I want to have a button to log them out of FB altogether to "log in as a different user".
I cannot do that until they authorize the app, right? So they need to authorize the app under someone else's account and then log out? There has to be another way.
Any feedback would be great - tried searching for a while on this, but to no avail. I might be over thinking it, but there should be some way to "log in as a different user".
You can do something like:
FB.getLoginStatus(function(response) {
if (response.status === "connected") {
FB.api("me", function(response2) {
// notify the user he is logged in as response2.name, and if it's not him call FB.logout
}
}
else {
// prompt the user to login
}
}
Modify your logout to something like this :-
function logout(response){
console.log("From logout" + response);
if(!response.authResponse){
window.location = "/web/login/";
return;
}
FB.logout(function(response){
FB.Auth.setAuthResponse(null,'unknown');
logout();
});
}
i.e keep on sending logout request to Facebook till the actual logout happens.
Try to use Session and save the user's ID in that session.
You can control the expiration time of that session( by default its 20 minute if the user doesn't have any activity on the page)
then in each page Load even check whether the season is still active for that user or not.
page Load event:
if(Session["LoggedIn"]==null)
{
Response.Redirect("~/Login.aspx");
}
This code above will redirect user to login page of your website if the session has expired.
I am having trouble of understanding how the fb:prompt-permission work. I can have a link appear when the user click the fb:login-button either the user already logged in from facebook to our application or through our website. On the other hand, without clicking the login-button, the link or the permission dialog doesn't render if the user already logged in from facebook to our page.
Doesn't that mean prompt-permission only available when the user clicks the login button ... Is there a way to avoid that?
Use this:
<fb:login-button perms="publish_stream, email">Login and Install</fb:login-button>
Source: http://developers.facebook.com/docs/guides/web
Use the standard FB Connect loginbutton, add on onlogin() function call
<fb:login-button onlogin="OnRequestPermission();"></fb:login-button>
and use this function to manually invoke the permission request dialog :
function OnRequestPermission(){
var myPermissions = "publish_stream"; // permissions your app needs
FB.Connect.showPermissionDialog(myPermissions , function(perms) {
if (!perms)
{
// handles if the user rejects the request for permissions.
// This is a good place to log off from Facebook connect
}
else
{
// finish up here if the user has accepted permission request
}
});
}
Source: http://forum.developers.facebook.com/viewtopic.php?pid=190797