I want to know that is there any way to login my account in webview by picking username and password from textfields and load it in webview?
Basically I want to make an custom username and password fields. When user put fb name and password on it, it send request to facebook with username and password for login in webview for use facebook in webview. If username and password is correct then it save on NSUserDefaults for next time automatically login.
Please can anyone tell me how I can achieve functionality like this.
What you are asking is actually quit a common thing to do now days.
It is called social login, also known as social sign-in, that is a form of single sign-on using existing information from a social networking service such as Facebook, Twitter or Google+.
There is an official way to do this, you can check Facebook Documentation which guide you step-by-step on how to do this (pretty straight forward).
Basically you need to use Facebook Login Kit and they will handle the part where they present a webView and asking for credentials. You will get an access token which you can then store in the device (Keychain is much preferred from NSUserDefaults)
Note: The method you described in your question, where you ask the user for username and password store them and inject them to a web view is super not secure and is defiantly not the intent of Facebook API to use.
Related
I am in the process of adding social media oauth login and registration to an existing site. I've followed the overall process described here:
https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview
Currently, if a user wishes to change their account profile (including email address, password, etc.) then they need to supply their existing password. This is to prevent cookie stealing style attacks, or damage caused by people leaving accounts logged in on public machines.
However, if a user has registered using Facebook then a randomised password is set behind the scenes and the user is not aware that a password exists in our system.
This could make the simple process of updating the user profile a confusing and off-putting task. How do we present the password to the user, and how do we explain that it's different to the Facebook password?
I would like to present a Facebook pop-up or interstitial to the user before they change their account details, to force them to re-authenticate using their Facebook password, but I can't immediately see a way of supplying multiple callback URLs, or passing form data.
Is there a feature or workaround that would let me achieve this?
Please let me know if including any code would help, but you can assume that I'm using a standard Rails app running Devise and the Facebook oauth strategy, with code snippets described in the link above.
I'm developing an iOS app with a server-side component. Users can create and login to accounts with an email/password combination. I'm also building in an option to alternatively login via Facebook. If the user logs in via Facebook I will need to create an account for them using the email we get from Facebook - but what do I do about the password? The server obviously requires a password to create an account. Should I use something like their Facebook user ID as a password (doesn't seem secure), do I force them to create a password? What's the standard practice here?
You can set a button text or alert saying "Use Facebook data for Registration".
After clicking on the button, you can redirect the user to the registration screen.
Fill up all the data with his facebook data then leave the password and confirm passwords blank to let him choose his password.
Trying to use his personal Facebook data as password may be the cause for rejection of your app on Appstore.
This is a very high level architectural question.
I want to use "Sign Up with Facebook" and "Log in with Facebook" in my iOS app.
Questions:
I find many tutorials for logging in with Facebook but I am not getting anything for Sign Up with Facebook, like a tutorial for "SignUp with Facebook".
How can I use Sign Up with Facebook in my app? As in, what will be the architecture? What do I need to send to my server? What I need to store about the user in my server's DB?
After checking Spotify's "SignUp with Facebook" my understanding is, when the user clicks on Sign up with Facebbok, he is still asked with Facebook login but the SignUp screen will get pre-filled with some basic information like phone, email, first and last name etc, which I can use on my app to sign up the user.
Next time when the user logs in using facebook I just validate if he has already signup or not
Am I thinking right? any corrections? feedback?
If you're using Facebook login for the sole purpose of it being an easy way to get your users to sign up/log in to your app, then your app will be rejected by Apple. You need to be using Facebook application features that go beyond just basic profile information and sharing.
I just went through this during the Apple App Store review process and think it's worth noting here. A little warning to those who think they will save time.
You will get the user's profile and info, plus a userId i think.
Then you can add the user's Facebook id as userID, Facebook email as username, and a very long pre-defined string as it's password.
This is totally secure as long as the very long pre-defined password is not public. Only your server (or your app) will have that and will put that as password when you log in.
The username will be the Facebook email, which is straight forward. And the userId in your database will be the Facebook id that you get from your login session.
All the data can be read from the FBSDKProfile, when login is successful.
Hope it helps :)
p.s. you can also use Digits by Twitter, it is an awesome SDK for signing in with phone verification.
How do I parse a webpage with login and password requirements to view the individual user's information, like facebook for example. I want my app to access to the individual facebook page, after entering login and password in the app.
By now I was able to parse usual webpages with TFHpple, but I have no idea how to pass the login and password requirements to get the page content.
Thank you very much in advance!
Usually the process for logging in is:
User POSTs data to a login form with username and password.
The server responds with a session cookie
Future requests include the session cookie and the server knows that the user is authenticated.
If you wan to do this login process on your user's behalf through our app, you'll need to save the cookies and send them on subsequent requests.
Why don't you use the Facebook iOS SDK:
https://developers.facebook.com/docs/ios/
I think it's a little bit strange from the architecture perspective that you want to parse the personal Facebook newsfeed, when there's the possibility to get the data via the Facebook API (given that you have the appropriate User Permission)...
I am adding Twitter and Facebook login to a MVC 3 test application using TweetSharp and Facebook C# SDK.
Currently when a user signs in using Twitter I create a user account for that user in a user table and store the id, token, and token secret in a separate table with a foreign key to the user table. Since the id, token and token secret do not expire I can quickly locate the right user account when the user logs in next time using Twitter.
What if the very same user logs in using Facebook next time? Since Twitter does not provide email in their API and I therefore have no common piece of information to tie a user account to either Twitter or Facebook I assume I have to create a new user account for a Facebook login? Does anyone have any experience with this? Are there any ways to solve this?
I identify each user internally with a unique key. I check cookies for the user key when any user hits the site. If there's no cookie I create a new key. add it to the user database and set a new cookie. Once a user completes registration the first time by logging in with any of Facebook, Twitter or .Net membership , that key is forever married to that user.
So when an existing Twitter user logs in for the first time with Facebook, we know who they are because their user key exists. It is basically the same solution as macou suggested. Macou's has the plus of working on a new machine or if cookies are cleared, the cookie solution has the plus of not requiring additional user input.
Not really a solution, more of a work around. I was faced with the same problem and ended up forcing the user to complete thier account profile by asking for their email address before allowing them to proceed any further. This meant that if the email address coming back with the Facebook auth matched the email address created with the twitter signin then I didn't need to create another account.
The bigger difficulty was coming the other way, if the account was created by the facebook auth first. It meant an untidy marry up of accounts.
To be honest the information we got from allowing users to sign in with twitter was not worth the effort and in the end finished up only allowing Facebook auths. I'm not sure how important twitter is to your solution.
Not the perfect answer I know, but I thought I would share my experience.
You can't use just a cookie because I can login as facebook then my wife login as twitter using the same browser, you shouldn't link the two accounts in this case.
I think you need to do more than that:
Use a cookie then
Use name/first name/login name/... to see if they match.
Example:
Cookie id: 18459439731114330636, find user with id = 18459439731114330636. Found, go to 2, not found, go to 3.
Is username/first name/last name/... matches the current user? if yes, link accounts. if not, go to 3.
Create a new user.