I've successfully added a Sign in with Facebook feature to my Rails 5 app with Devise and Omniauth.
Instead of my static button, I'd like to implement Facebook's embed "Continue as {name}" login button. In their documentation they'll produce the following code for you to implement:
<div class="fb-login-button" data-size="large" data-button-type="continue_with" data-auto-logout-link="false" data-use-continue-as="true"></div>
Just implementing it like that obviously doesn't work. I'd really like to be able to handle it in a way where I can specify it to direct to my user_facebook_omniauth_authorize_path. How do I do that?
I've implemented Facebook SDK on the website.
Thank you in advance. Your help is much appreciated! :-)
Omniauth uses the server-side login flow, whereas this button is part of the client-side login flow.
Only by being embedded on the client side can it determine whether there is a logged-in Facebook user in the first place - on the server side, that info isn’t available.
The server- and the client-side auth flow have quite significant differences, so I doubt you would be able to implement this, without rewriting how login is handled almost completely.
Related
I want to open, from an iOS app, a web page that requires authentication in order to get to that page.
I googled a little bit and I believe I need to use WebKit and Javascript injection, but I am not sure and I have never done something like this, so every bit of information is welcomed or pointing me in the right direction.
I will give an example that I hope will make things more clear(I don't actually want to open facebook, it's just part of the example):
Is it possible to do the following scenario? And if yes, how?
Open a web page from an iOS app, for example: "https://www.facebook.com/profile" without having to go through the login page? I do have the user credentials(username and password), as the user is already logged in with those credentials in the iOS app, but the requirement is to not go through the login page, but to go straight to the profile page.
In general the answer is: no. Even if the user is already logged in and has a valid authentication token that token may only be valid from within your app and not from within the browser. And the login form may be protected by something like a captche preventing you from automatically logging someone in.
There certainly are situation where it is possible: For example if the tokens are not scoped to your app you can try passing them along. Or there is an actual API that you can call with the token that logs the user into the website on the website, etc. But those depend on the specific target website or wether you can control that target website and can add this functionality.
I am using omniauth-facebook and omniauth-twitter gems to enable log in via Facebook, Twitter.
Everything works fine, I am able to authenticate user using OAuth. The BIG problem here is that when user is signed out from my application, it doesn't log out
from the social site that they authenticated from, which is dangerous.
I would like to add a functionality that will destroy the session in both places i.e, my application and the corresponding social site.
How do I do that?
Is it possible using the omniauth gems that I am currently using? Or is there an alternative gem/API available to achieve this?
It seems to me that the problem is we don't know the user's intent. If the user logs out from your app and they don't have other tabs open with Facebook and then they walk away from the computer thinking they're all done but leave the browser open, then yes, that would be bad. On the other hand, if they have another tab which is on Facebook, if they log out of your app and then switch to the other tab expecting to carry on using Facebook, they'll be annoyed. You could argue that annoying people is better than leaving them logged in to Facebook unwittingly - I'd generally agree!
I don't know of a nice/official way to do this if you're handling the login flow server-side. Some suggest building a normal Facebook url - see https://stackoverflow.com/a/8765863 - and I guess you could redirect to that and make it redirect back if that approach still works (it's an old answer), but it feels brittle as the user implies.
If you're using the javascript api, there's the FB.logout function:
https://developers.facebook.com/docs/reference/javascript/FB.logout/
and/or the auto-display of a logout button instead of the login button using the auto_logout_link parameter:
https://developers.facebook.com/docs/plugins/login-button/
One option which covers both user intent scenarios is to have your normal logout button which obviously kills your app's session and when they click it, redirect to a page which has a "Logout from Facebook?" button - perhaps using the javascript login button with the auto_logout_link parameter. Then they can logout from Facebook if they're done with the computer, or choose not to click it if they have Facebook open in another tab and want to continue using it.
As I'm sure you know, omniauth-facebook supports both server-side and client-side login flows.
I'm not sure if an equivalent is possible with omniauth-twitter - I don't have experience with it.
This option is confusing me, as I mentioned on Github!
Is it supposed to actually deal with a popup window or does it mean something else? Just a bit strange as you get so much out of the box with Omniauth, yet this interaction is clunky.
I've seen this "solution" which isn't very elegant.
Turn omniauth facebook login into a popup
Am I missing something or do I need to ditch the server interaction and auth via the FB Javascript API?
TIA
In short: "The display=popup option simply tells Facebook to provide a page optimized for display in a popup. You need to open the pop window yourself, using Javascript."
The smoothest UX seems to be using the FB JS API.
See:
https://github.com/mkdynamic/omniauth-facebook/issues/47#issuecomment-5524582
I'm developing a simple Facebook app that will live in a Page's tab. I'm trying to figure out what the best method is for authenticating users. It seems that normal page redirection isn't right, which is how OmniAuth + Devise do it out of the box. How can I make this work with the JavaScript SDK's auth dialog?
As DMCS said, FB.getLoginStatus and FB.login will do it on the JS side of things. As for hooking it up with devise/omniauth, assuming you're using the latest omniauth where provider-specific logic has been split out into their own gems, the facebook-omniauth Github page explains it as so:
The client-side flow supports parsing the authorization code from the signed request which Facebook puts into a cookie. This means you can to use the Facebook Javascript SDK as you would normally, and you just hit the callback endpoint (/auth/facebook/callback by default) once the user has authenticated in the FB.login success callback.
Now thats nice and easy. After the FB.login, a simple window.location.href = '/auth/facebook/callback' will do the trick!
Yes, you can make it work quickly with the Javascript SDK. Follow the example here: https://developers.facebook.com/docs/reference/javascript/FB.getLoginStatus/ and https://developers.facebook.com/docs/reference/javascript/FB.login/
I am currently using Devise+Omniauth on my Rails 3 app to authenticate users. My client saw this and doesn't like how omniauth redirects you away from the site. He wants something like on digg.com, which I believe uses facebook connect to authenticate (and opens in a popup instead of redirecting).
What are some arguements for my client to keep him using the Omniauth method? Why is it better than Facebook connect.
And failing that, are there any good resources for logging users in with a facebook connect popup window? Or really anything involving facebook and a popup.
Thanks!
OmniAuth supports login via the Facebook Javascript SDK, which works through a popup. You just need to include the right files. I don't remember all the details, but this should help:
https://github.com/intridea/omniauth/issues/120