I'm using the iOS FBSDK in my app that allows Facebook as a means of logging in. My app will require that the user disclose their age and I would like to use Facebook's login flow to enforce this requirement. However, I'm having trouble setting anything as required (except for public profile, which is required by default). I would like to avoid having to tell the user that they can't use the app until they go into their account settings and turn it on. It's a disruptive user experience and the app truly needs certain permissions to function.
I set the login button's read permissions like this:
self.loginButton.readPermissions = #[#"public_profile", #"email", #"user_photos", #"user_birthday"];
and see this:
Is it all possible to do this? When I look at apps tied to my own Facebook account, I see some (Tinder, Glassdoor, and more) that have required permissions so I assume there must be a way to do it.
It is not possible to mark specific permissions as required when using the Facebook OAuth dialog.
The difference in behavior you are seeing is most likely due to when you installed the apps, and what version of Graph API those apps were using. Graph API 1.0 did not provide the ability for people to revoke specific read permissions, and (I am guessing) when you installed those apps, they were targeting 1.0. With apps that are targeting Graph API 2.0 and higher, people have the ability to revoke specific permissions (except for public_profile), and apps need to be prepared to handle missing permissions.
The settings dialog you see reflects the version of Graph API that was used to install that particular app. Any Facebook App IDs created after April 2014 automatically target the current version (2.x) of Graph API in effect at the time they were created, and pre-existing apps were migrated to 2.x earlier this year. So, going forward, people will always be able to decline permissions other than public_profile when installing an app, but for apps already installed, their settings reflect the version that was in effect when they installed the app.
Related
I've implemented the GoogleSignIn, Firebase and Facebook in my app and I'm uncertain what the upcoming iOS 14 Tracking Transparency changes will mean.
One of the points Apple considers as reason for asking permission to track is:
Placing a third-party SDK in your app that combines user data from your app with user data from other developers’ apps to target advertising or measure advertising efficiency, even if you don’t use the SDK for these purposes. For example, using an analytics SDK that repurposes the data it collects from your app to enable targeted advertising in other developers’ apps.
So, how do I find out if Google or Facebook is actually tracking anything within their SDK that's not in our control?
Basically I wanna know if I need to disable the social login if users don't give permission to track.
So, how do I find out if Google or Facebook is actually tracking anything within their SDK that's not in our control?
They kind of provided this type of information in their documentations:
Firebase
Facebook
GoogleSignIn
Basically I wanna know if I need to disable the social login if users don't give permission to track.
Not neccessary, I believe the developers for sure are aware of these changes and working to keep their products functional even when users don't grant permission for tracking.
For example in Facebook documentation there's a note regarding login types and which of them directly requires user's permission:
There are two scenarios for applications that use Facebook Login via the Facebook SDK: Authenticated Sign Up or Sign In, and User Data Access via Permissions. For authentication, a unique, app-specific identifier tied to a user’s Facebook Account enables the user to sign in to your app. For Data Access, a user must explicitly grant your app permission to access data.
However just below this they add the following:
Note: Since Facebook Login is part of the Facebook SDK, we may collect other information referenced here when you use Facebook Login, depending on your settings.
Thus I don't think there's a general answer for this question because it really depends on the data your app requests or operates with either directly or via third party.
My iOS app currently offers users the option to log in and sign up with their LinkedIn accounts. I am using this project for the LinkedIn log and OAuth: LinkedInOAuth
With the update to iOS 9, my app now occasionally crashes, when a user attempts to log in through LinkedIn using that project, with a runtime exception of WebThread(18): EXC_BAD_ACCESS(code=1, address=0x8)
To resolve this occasional crash, I turned to an updated version of the project I was using that conforms to ios 9 and linkedin's ios 9 SDK.
The issue is that while this new project has solved the WebThread crashing, it now requires users to download LinkedIn's app (if they don't have it) in order to log in to my app with LinkedIn.
The previous project never had such requirements and would present a webview that allowed anyone with a linkedin account to log in.
My question is am I wondering if it is possible to authenticate with LinkedIn in ios 9 without requiring the user to download the mobile app? My hopes are that it is possible to update the old project to conform to ios 9 while simply presenting a webvew. Thank you!
We only discussed this last week (at the time your question didn't have an answer, but happy to update you now—that is, if you haven't solved this in the meantime).
After scouring several sources I came across this:
Mobile vs server-side access tokens
Presently, there is no mechanism available to exchange them. If you
require tokens that can be used in both the mobile and server-side
environment, you will need to implement a traditional OAuth 2.0
solution within your iOS environment to acquire tokens that can be
leveraged in both situations.
from: https://developer.linkedin.com/docs/ios-sdk-auth
The premise being that via mobile solutions, they offer single sign-on thru their app. This works, but requires their app. Apple's approval process has swung both ways on this, and it appears that it is a flip of the coin as to whether they will allow this or not (the requirement of a third party app). #AroundThen didn't have any luck and his app was rejected due to the requirement, however, other users* have indicated Apple weren't adverse to it in their application processes.
Alternatively, their is the web logon process using OAuth2. This is pretty stock for their non-mobile solutions. Currently sharing the tokens between mobile and web solutions is not a default and if you want to share the same token their solution is that that is listed above.
In essence (and copied from my other answer here):
You can test for the presence of the linked-in app:
if it is not there: implement OAuth2 directly through your app
if it is there: use it or your OAuth2 implementation (which you'd probably err on the side of using their app for the link-ability between any features of the app you may need in yours).
Thereby avoiding the REQUIREMENT to have the app installed, but utilising it if it is.
This suggests that authentication away from the app is supported.
Reportedly, #AroundThen has had success with this process.
Good luck!
*1 I'm currently having trouble finding his post, but basically he provided login credentials that Apple attempted to use, but had locality issues and hence couldn't get in, but it was inferred they may have approved it if they had of.
I have a iOS application with more that 20k users. All current app versions are asking for publish permissions from user, but I never used it.
I'm already working on new version without this permissions, but I wonder what will happen with my app after April 30, 2015 without FB review? I don't have to go thru it if I'll remove publish permission from my app.
User can be still able to log in using facebook?
Mariusz
What will happen after April 30th, 2015 is that the login dialog won't show this permission anymore to people who are not in the roles tab of your Facebook Application Dashboard Settings (meaning the general public).
If you are 100% sure you are not using this permission, you should be good to go. It is great you're already creating a version with this stripped. Remember to remove it from your Facebook Application Dashboard Settings as well.
If for some reason, you are using this permission (Any Graph API or Facebook Dialog to publish), your Facebook Integration will be broken.
More information can be found here:
https://developers.facebook.com/docs/apps/review/login#pre-f8-apps
Hello Everyone I am using the prime 31 facebook plugin for the Unity 3D engine and I am running into an issue of testing out the ability for our users to post a message containing their score onto their facebook wall.
I believe the issue is related to needing to add a publish_permission to my app yet I can't test this feature because I believe I have to have that permission approved to utilize it in my pap.
I also noticed that the approval process calls for explaining your usage of said permission and submitting your app with what I imagine would be a form of implementation .
So I guess my confusion has to do with the general process of having my publish permissions approved and whether or not i can make use of the publish permissions in my not-approved app for testing at the very least .
You should always be able to test your permissions with the admin/test/developer users of the specific app.
Have a look at https://developers.facebook.com/docs/apps/review/login#do-you-need-review which is stating that
...your app's developers will be able to see, and grant, any permission without requiring review by Facebook.
Note: People who are listed in your app's Roles tab will have access to extended permissions without going through review (e.g. publish_actions or manage_pages). For example, if you use the Facebook Plugin for Wordpress to publish your blog posts to your Facebook Page or Profile, you do not need to submit for review so long as all your publishers are listed in your app's Roles tab.
Also, if you're the developer of an app and are the only person using it, then your app doesn't need to go through review. Since you're the developer, all app capabilities should be available. You will still need to take your app out of developer mode, but you should be able to do that without going through review.
I've been using the Facebook iOS SDK for some app I've been working on -
My app only requires publishing of a photo, and I have no use of any read permissions or basic info.
When logging in using a browser (Simulator) or Fast-App switching (Device) it works fine with just openActiveSessionWithPublishPermissions:#[#"publish_stream"]...
But if I would try the same with an iOS6 device with the Native login, it would show the error describe in the title. Even though I have no need for any read access. This problem only occurs in the native login, and not in the Browser-based or Fast-App switching based logins for some reason.
Any ideas?
I reckon it has something to do with this:
Asking for Read & Write Permissions Separately
You are now required to request read and publish permission separately (and in that order). Most likely, you will request the read permissions for personalization when the app starts and the user first logs in. Later, if appropriate, your app can request publish permissions when it intends to post data to Facebook.
You cannot request read and publish permissions simultaneously using iOS6's Facebook support, and if you attempt to, the SDK will take the user through a less-optimal app-switching or web-based authentication flow.
It seems that they added this in SDK 3.1.