I am experimenting with an iOS app that utilize a REST API (ASP.NET MVC Web API) and I want users to be able to logon/register using either:
Username and password (default)
Facebook authentication
I have setup the iOS Facebook SDK and users can logon/register using it.
When a user register with Facebook, what access token should be used to bind it with the REST API account? AKFAccessToken or FBSDKAccessToken?
Haven´t found any tutorials where an iOS app and ASP.NET MVC Web API is combined. If anyone knows where I can find one that would help a lot.
If I am going at this problem completely wrong please correct me, I am still trying to wrap my head around it.
I will mention in details the best practice I know.
The server have the facebook App ID (special ID for the app given from facebook when you register your new app).
You send the FBSDKAccessToken for the server
the server will encrypt the FBSDKAccessToken with the app id as a key and return to you the result named 'AccessKey'.
You save the accesskey and use it as a relation with the server from now on.
This way, no one can know the userFBID since u encrypted it and you didnt share your facebook app ID since it should be a secret.
Hope this helps!
Related
I know, this might be a very naive question, but I'm having hard time imagining a complete picture of how Facebook SignUp and Facebook Login should be used in my application. I understand Facebook documentation, but it gives me scattered pieces which I can't figure out how to put together. I would appreciate any links for how-tos regarding this issue.
The problem I'm trying to solve, is simply to use Facebook SDK to register users in my application. But, what does this mean? Generally, if we take e-mail registration, this means getting e-mail address and a password, which will be used for later logins. For every login, my server will generate a session id, which will be used in API calls.
Now, I can obtain user's e-mail using Facebook SDK. But now what? What about the password? How should I generate a session id now on my server? Do I have to perform Facebook login call every time I start the app? Or should I send access token to my server and store it in users table and use it for generating session id? I don't need to perform Facebook Graph API calls in my app. All I need - is "single-click" signup/login functionality. What's the right way to do it?
I am trying to create an ios App that talks to a backend API written in nodejs. The backend also has an accompanying webapp also written in nodejs. The idea is that you can login (using facebook-js) on either the app or the webapp and post things to to.
My question is this, let's say that the user decided to login using the ios App, then call some backend API method to post an article, how do I make this work without essentially forcing the user to login twice?
Not sure if I'm making sense, any help would be greatly appreciated!
As Facebook uses OAuth for the client authentication, it's relatively easy to store the Access Token resulting from the login process somewhere on your server, and use them later.
Have a look at Design for Facebook authentication in an iOS app that also accesses a secured web service
Also, see https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/v2.1 which outlines the login process and the storage of Access Tokens.
I'm currently working on an app (iOS 6) where the user will be signing in using their facebook account.
In regards to this I have a few questions:
a) Since the app asks the user for permission to access cetain data (like: basic profile info, friend list, access to post to wall etc), I assume that the app based on it's app id will be somehow authenticated to access this information as long as the user doesn't restrict access through their facebook account.
b) will it be possible for example via a service application to authenticate with the same app id as the mobile app, and hence be able to collect data from the facebook users who authenticated with the app?
The purpose of my question is, that I would like do some analysis on the users using the iphone app, but I don't want the app to first download the information from facebook, and then pass it on to my service for analysis.
If the above is possible, could anyone please guide me in the direction of what it is that I need to do? Perhaps links to tutorials that describes this setup, og simply tell me the right facebook terminology that I'm looking for to achive this.
Thanks in advance!
It's a bit late and you may have already picked a service. I have been using Parse.com
(tutorial site). They're very good. They have SDKs and sample code for many platforms a RESTful service for others.
They have recently been acquired by FaceBook, and already have strong links to Facebook's SDK.
I have a website that requires any user to be logged in using the Facebook auth system.
On the other hand I am making an iOS App that needs to consume functionalities of the website. I implemented the SSO system on the iOS system but I don't get how I'm supposed to call my webservices in a way that tells the backend that "it's ok, I'm authenticated on the iOS app".
Is there anything to do with the signed_request parameters on the iOS side? If yes, I didn't find anyway yet to get that parameter.
Do you have any clue to help me deal with my issue?
Thanks
https://developers.facebook.com/docs/authentication/signed_request/
The signed_request parameter is utilized to share information between Facebook and app in a number of different scenarios:
A signed_request is passed to Apps on Facebook.com when they are loaded into the Facebook environment
A signed_request is passed to any app that has registered an Deauthorized Callback in the Developer App whenever a given user removes the app using the App Dashboard
A signed_request is passed to apps that use the Registration Plugin whenever a user successfully registers with their app
Does iOS use any of these?
** EDIT **
Ok thanks, can you edit your answer and add the fact that I can't
access the signed_request parameter? – MartinMoizard
From Martin: iOS cannot access the signed request parameter probably because iOS is not a webserver that is able to accept HTTP Post paramteres.
I am struggling with this same problem, and it seems that OAuth is actually an authorization protocol, not an authentication protocol. See:
http://www.thread-safe.com/2012/01/problem-with-oauth-for-authentication.html
Seems like the signed request would solve this problem nicely. Not sure why we cannot get them on iOS. Best I can figure out is I need to pass my access_token from the iOS client to my server, and then it can ask graph.facebook.com what user it represents.
I am using RPXnow.com authentication solution for a rails app and am now at the point of wanting to develop Facebook integration features using Facebook Connect and the client api. What I am unclear on from RPXnow docs is the level of integration their solution provides. When a user connects via rpx using their FB creds, are they now using Facebook Connect? Can I make calls to the client api from my app? Do I need to use the RPX api to access the FB client APIs?
Anyone with experience using both who can shed light here, much appreciated.
dnewman,
Great question. Facebook Connect is simply a javascript layer built on top of the Facebook Platform APIs. RPX uses the platform APIs to authenticate the user, and after they have signed in, you may safely use the native Facebook Connect javascript to implement FB specific features on your site like posting activity back to the News Feed. You just need to set your connect URL on the facebook developer site and drop in the Facebook Connect javascript and then start implementing. After authenticating via RPX, the user will already have approved and "connected" to your website, and you'll have access to the breadth of Connect directly.
Also, if you have an RPX Plus/Pro account you can make simple RPX API calls to set a user's status and post activity on Facebook (and Twitter/MySpace).
Brian Ellin
RPX Product Manager
Once you've hooked up RPXNow (JanRain) single sign-on, you can follow the Facebook documentation. The Server-side Personalization example is in PHP but the idea is the same in any language.
// Fetch the user's friends
$friends = json_decode(file_get_contents(
'https://graph.facebook.com/me/friends?access_token=' .
$cookie['oauth_access_token']), true);
$friend_ids = array_keys($friends);
The key point to note is that the $cookie['oauth_access_token'] referenced in this example needs to be the string returned by the RPXNow sign-on API response in the JSON field
['accessCredentials']['accessToken']
Hint: from your RPXNow dashboard, check out the Test Sign-In Widget page under Resources to see where that token is in the response.
Initially I thought this would be hampered by having your Base Domain set to rpxnow.com in your Facebook Application settings, but this is not the case. It works fine.