I am developing mobile app for iOS.
Here is general scheme I want to implement:
User login into app using FB and confirm permissions for access to its personal data.
App transfers token to the server.
Server request personal data and processes it using .
Server return the final result to application.
I have few questions:
Is it permitted to request and store FB data on the server?
If so, how possible can I pass FB login review, given that FB requires specification how I am using permissions in mobile app? (https://developers.facebook.com/docs/facebook-login/review/what-is-login-review)
Quote here: "Visibility: Data gained from the permission needs to be tied to a direct use."
Thank you in advance!
Related
Currently I want to authenticate my user using facebook on IOS platform. I want to use node.js as the custom authentication, so that i could make it more flexible. My theory right now is to use node.js and passport-facebook via token, but my questions right now
1) Do i need to use Facebook ios sdk together with node.js /passport? or simply just serve it via node.js/passport https://developers.facebook.com/docs/ios
2) If the user already installed facebook on his iphone, how do i access the token?
This is my first time on creating an iphone app + facebook login, any advice would be highly appreciated. It is a project that I'm working on right now
Thank you
You can authenticate the user on the phone with the iOS SDK. That way the user will get the native "login with Facebook" flow and your application will get hold of the Facebook token. Then you take this token, pass it to your node backend (together with the email address of the user), and you can use passport/NodeJS to verify that the token belongs to the email address. If so, the user is authenticated and you can store the token together with the email (and other user related custom data) in you node node application for use later on and to fetch an existing user in your node application when they log in again.
For the rest of the authentication you can use something like JWT (Json Web Token), https://www.npmjs.com/package/passport-jwt, to secure your backend and to know which user sent the request.
We implement a native iOS application on top of our application server. We want to give the user the option to login with facebook account BUT we want the account creation to take place in application server.
As i understand, i need to login to facebook via iOS and pass the token to spring-social-facebook.
I want to ask if this is possible (create token in iOS and pass it to application server) and how can i achieve it?
So I've searched for this topic a lot and may be over complicating things but would love some clarity on it. So here's the issue.
I have a web app that uses Facebook Graph (FB Login, friends invite, sharing through FB, etc). We've just built an iOS app for the website and now want to implement all the above FB actions on the iOS app as well. I looked up the Facebook documentation and have tried using that to getting just the Facebook login to work for a user that's already registered on our website (and has their Facebook account connected as well) but it doesn't seem to work.
Use case - A user registers on the web app and connects their FB account with us. They then download the iOS app and want to use FB login to login to the iOS app or share objects on their timeline. A vice versa case should also apply.
Question - What should be the workflow between the ios App, web Server and Facebook for the use case above? Basically, how is the token and the secret passed so all three know we're talking about the same user and same FB account?
Any links or advice would be highly appreciated! Thanks!
In the case when a facebook authed webapp user first starts the native app, you won't know who they are. So they need to be prompted with a "login with facebook" button. When they hit that button, the facebook-ios-sdk will figure out who the logged in user is and then check if that user has already granted your application access. If the web app and the native app both point to the same facebook app, then the facebook-ios-sdk will simply store the authed access token, and you'll have access to everything your web app does on the native app.
The key here is that your web app and native app must point to the same facebook app (ie. same app id in developers.facebook.com). If it didn't, then the native app user would be re-prompted to grant permissions when they click the "login with facebook" button. Additionally, it's important that the user is logged into the same facebook account on the web app (which is based on cookies in the browser) and on the phone itself. The facebook-ios-sdk uses a couple of different ways to look for the active facebook account on the phone. It tries the iOS 5+ system facebook account, inter-app calls to facebook's own native app, the browser cookie for the web view instance running in your app, or bounce you out to safari and use the browser cookie in safari. Which ever one comes back first saying they have an active facebook account needs to have found the same facebook account as the one on the web app. In most cases, they will match up because most users only have a single facebook account and are logged in everywhere with the same account, but they certainly can be different. In the off chance that the web app facebook user is not the same as the native app active facebook user as detected by facebook-ios-sdk, then the "login with facebook" button will simply prompt the native app active facebook user to log in and grant permissions.
Once the access token has been granted to the native app, you can send it back to the server, find the associated facebook user id, and now the web app user and the native app user can be linked to be the same person operating both apps. Additionally, any graph api calls you want to make on the server can be made on behalf of the user using the up-to-date access token you just got from the native app. Any sharing/posting/api calls made directly in the native app through the facebook-ios-sdk will be done as this user and will be handled by the sdk (ie. you won't need to worry about it... it should just work seamlessly and integrate all posts to their timeline just like the web app's graph apis can).
In the case where you have a facebook authed native app user going to the web app, you also won't know (on the first request) who this user is. You can present them with a facebook js sdk login and, again, once the same facebook user logs in, you can associate this current web app user as the one who was on the native app earlier.
Specifically addressing your question, you really have no way of knowing who a migrating user is on either the web app or the native app when they first come to the app. That's where the "login with facebook" comes in. Assuming the user is logged into the same account on the browser as well as on their phone (as determined by the facebook-ios-sdk), then the process of logging into your app is seamless. They won't be prompted to grant permissions a second time (unless your permissions set is different between the web app and the native app) and you'll be given the user's access token immediately. The role of the server is to reconcile the two users by using the granted access token. With the access token, the server can make a simple call to the graph api and get the user's facebook user id. Using that facebook user id, you'll be able to match up the "true" identities of the users on your apps (ie. you now know that the web app user and the native app user are one and the same). Once you know who the user is, you'll be able to provide a personalized experience to that user, based on his identity, regardless of whether he's using your web app or your native app.
Hope this helps. Happy to answer more questions that you may have.
I have developed a PHP website where users authenticate via Facebook and I get and store their auth_token.
On the other side, I have started developing an iOS app where users will be able to authenticate via Facebook too. The auth_token, as you know, will be different from the one that I got in the website auth process (same Facebook app as in the website)
My question is: can I use the auth_token that I got in the iOS app to make requests from the website? (same user, same app)
The reason is that sometimes I want some actions to be performed from the mobile device (ie. update status) while others to be performed from the web server (ie. checking which friends of the current user are already registered in my website)
thanks
Essentially, as long as you have a valid access_token for the specific user you can use it anywhere you want. Anywhere that you can execute an http request to Facebook and provide the correct parameters, you'll be able to make API calls on behalf of the user.
https://graph.facebook.com/USER_ID?access_token=XXX
This call should work regardless of where you execute it from.
Our web allows the user to publish tweets in his timeline automatically when he does some particular actions. However, a mobile app is connected with the web, an sometimes some actions the user does in the mobile app must be sent to the web app so it publish the correspondly tweet in the user timeline.
The problem is that the user can signin or login in the mobile app using Twitter and the user credentials must be sent to the webapp so it is able to publish in the user timeline.
Which is the best approach to share the user credentials between the mobile app and the web app?
I think the best way is to share your mobile app's access token with server, this is legal and works unless
the utilization of the access tokens is based on the same agreement the user gave you
That's an official answer from thread https://dev.twitter.com/discussions/4314. Another great citation from there:
Access tokens represent the relationship between a user account and application -- the IP address or host of the machine involved isn't relevant.