I'm developing an iOS app with a server-side component. Users can create and login to accounts with an email/password combination. I'm also building in an option to alternatively login via Facebook. If the user logs in via Facebook I will need to create an account for them using the email we get from Facebook - but what do I do about the password? The server obviously requires a password to create an account. Should I use something like their Facebook user ID as a password (doesn't seem secure), do I force them to create a password? What's the standard practice here?
You can set a button text or alert saying "Use Facebook data for Registration".
After clicking on the button, you can redirect the user to the registration screen.
Fill up all the data with his facebook data then leave the password and confirm passwords blank to let him choose his password.
Trying to use his personal Facebook data as password may be the cause for rejection of your app on Appstore.
Related
I want to know that is there any way to login my account in webview by picking username and password from textfields and load it in webview?
Basically I want to make an custom username and password fields. When user put fb name and password on it, it send request to facebook with username and password for login in webview for use facebook in webview. If username and password is correct then it save on NSUserDefaults for next time automatically login.
Please can anyone tell me how I can achieve functionality like this.
What you are asking is actually quit a common thing to do now days.
It is called social login, also known as social sign-in, that is a form of single sign-on using existing information from a social networking service such as Facebook, Twitter or Google+.
There is an official way to do this, you can check Facebook Documentation which guide you step-by-step on how to do this (pretty straight forward).
Basically you need to use Facebook Login Kit and they will handle the part where they present a webView and asking for credentials. You will get an access token which you can then store in the device (Keychain is much preferred from NSUserDefaults)
Note: The method you described in your question, where you ask the user for username and password store them and inject them to a web view is super not secure and is defiantly not the intent of Facebook API to use.
This is a very high level architectural question.
I want to use "Sign Up with Facebook" and "Log in with Facebook" in my iOS app.
Questions:
I find many tutorials for logging in with Facebook but I am not getting anything for Sign Up with Facebook, like a tutorial for "SignUp with Facebook".
How can I use Sign Up with Facebook in my app? As in, what will be the architecture? What do I need to send to my server? What I need to store about the user in my server's DB?
After checking Spotify's "SignUp with Facebook" my understanding is, when the user clicks on Sign up with Facebbok, he is still asked with Facebook login but the SignUp screen will get pre-filled with some basic information like phone, email, first and last name etc, which I can use on my app to sign up the user.
Next time when the user logs in using facebook I just validate if he has already signup or not
Am I thinking right? any corrections? feedback?
If you're using Facebook login for the sole purpose of it being an easy way to get your users to sign up/log in to your app, then your app will be rejected by Apple. You need to be using Facebook application features that go beyond just basic profile information and sharing.
I just went through this during the Apple App Store review process and think it's worth noting here. A little warning to those who think they will save time.
You will get the user's profile and info, plus a userId i think.
Then you can add the user's Facebook id as userID, Facebook email as username, and a very long pre-defined string as it's password.
This is totally secure as long as the very long pre-defined password is not public. Only your server (or your app) will have that and will put that as password when you log in.
The username will be the Facebook email, which is straight forward. And the userId in your database will be the Facebook id that you get from your login session.
All the data can be read from the FBSDKProfile, when login is successful.
Hope it helps :)
p.s. you can also use Digits by Twitter, it is an awesome SDK for signing in with phone verification.
We're building an app using ASP.Net Identity for authentication. We allow users to login using their Facebook or Google account. Or the user can create an account in our app.
We're implementing the password reset feature and came across an issue we're not quite sure how to handle. Say a user is using their social account to log in to our app. Should they even see the 'Forgot Password' link on our Login page, if they go there? It seems obvious this shouldn't even be an option for those users using their social account to log in, but we wanted to make sure we were not overlooking anything.
If a user goes to login page he is most likely not authenticated, so how will you know if to hide the 'Forgot Password' link?
In ASP.Net Identity a user can have a local login AND external account logins at same time, its built in. So if a user logged in with an external account press 'Forgot Password', the framework will create a local login for that user with a 'reseted' password (he will not reset the external login). That user will end up having to 2 ways to login in his account.
If that should be an option? In my opinion, it should.
How about change the password of the user if you have already collected the mobile number or the email id of the user so the reset password link can be sent to his/her email id and the password can now be reset.
Yes the user will be having two ways to login to the application.
I am using the Facebook iOS SDK to allow quick sign-up of users in my app. Here is the flow:
User taps "Login with Facebook" button
Taken to Facebook app or Safari for login
Redirected back to my app
Show Sign-up for with pre-filled fields from FBGraphUser object
User creates account using data from Facebook
After they created an account, is it possible to authenticate with Facebook, and let them login to my app without having to enter the username and password they just created? How would the flow of that work?
Seems like I should be able to do the following:
User taps on "Login with Facebook" button
Authenticate with Facebook SDK
Return to app, and make a call to server, checking to see if there is a username matching the Facebook email
Allow the user into the app with no password, since they have authenticated with Facebook and have an account in our system.
Is this the correct way to do it?
That is very close. However, it is not enough to just check that the email/username is valid. It is strongly recommended to validate the token directly with Facebook as well.
See Use Facebook authentication token in API for a very similar concept and the Facebook docs about verifying token: https://developers.facebook.com/docs/graph-api/securing-requests.
So I'm trying to integrate twitter with the app I'm working on. The flow I'm looking for is one in which the user is prompted to enter his twitter username and password just once, and then anytime the user wants to post to twitter he can do so by entering text into a textfield and clicking a "send" button - no other hurdles.
I know how to accomplish this if the user already has the twitter app installed with an associated account - you can retrieve the account form the ACAccountStore. But what do you do when the user does NOT have the twitter app installed/no twitter account in ACAccountStore? Is there a way to add a new ACAccount using the username and password I have the user enter in-app?
You can then use the twitter framework for setting the account with in the app or you can force the user directly from with in the app to goto setting and set up an account for twitter..